sanitize: disallow width and height attributes for images

This commit is contained in:
Andrew Dolgov 2018-02-11 16:47:19 +03:00
parent 2eaf2a1f36
commit 8babb8e75a
1 changed files with 3 additions and 0 deletions

View File

@ -1587,6 +1587,9 @@
if ($entry->nodeName == 'img') { if ($entry->nodeName == 'img') {
$entry->setAttribute('referrerpolicy', 'no-referrer'); $entry->setAttribute('referrerpolicy', 'no-referrer');
$entry->removeAttribute('width');
$entry->removeAttribute('height');
if ($entry->hasAttribute('src')) { if ($entry->hasAttribute('src')) {
$is_https_url = parse_url($entry->getAttribute('src'), PHP_URL_SCHEME) === 'https'; $is_https_url = parse_url($entry->getAttribute('src'), PHP_URL_SCHEME) === 'https';