Strip more unsafe attributes e.g. `referrerpolicy` (#7770)

author: Inverle <inverle@proton.me> 2025-07-31 17:04:47 +0200
committer: GitHub <noreply@github.com> 2025-07-31 17:04:47 +0200
commit: c952256564c7a0aa4087bd103c3dc10b5de82a29 (patch)
tree: 7ed4b5ffbe52b82d6588cd4b61ff5be8601a8b69
parent: 3ce64d271b2b470bd6c9f7294946347dcdfed9b9 (diff)
1 files changed, 2 insertions, 1 deletions
diff --git a/lib/lib_rss.php b/lib/lib_rss.php
index 9fe884cc2..25405017a 100644
--- a/lib/lib_rss.php
+++ b/lib/lib_rss.php
@@ -348,7 +348,8 @@ function customSimplePie(array $attributes = [], array $curl_options = []): \Sim
 		'link', 'onblur', 'onchange', 'onclick', 'ondblclick', 'onfocus',
 		'onkeydown', 'onkeypress', 'onkeyup', 'onload', 'onmousedown', 'onmousemove',
 		'onmouseout', 'onmouseover', 'onmouseup', 'onselect', 'onunload',
-		'seamless', 'sizes', 'srcdoc', 'srcset', 'text', 'vlink',
+		'seamless', 'sizes', 'srcdoc', 'srcset', 'text', 'vlink', 'referrerpolicy', 'ping',
+		'target', 'rel', 'name', 'download', 'attributionsrc',
 	]));
 	$simplePie->add_attributes([
 		'audio' => ['controls' => 'controls', 'preload' => 'none'],
author	Inverle <inverle@proton.me>	2025-07-31 17:04:47 +0200
committer	GitHub <noreply@github.com>	2025-07-31 17:04:47 +0200
commit	c952256564c7a0aa4087bd103c3dc10b5de82a29 (patch)
tree	7ed4b5ffbe52b82d6588cd4b61ff5be8601a8b69
parent	3ce64d271b2b470bd6c9f7294946347dcdfed9b9 (diff)