diff options
| author |  Alexandre Alapetite <alexandre@alapetite.fr>
| 2025-05-23 22:12:05 +0200 |
|---|---|---|
| committer |  GitHub <noreply@github.com>
| 2025-05-23 22:12:05 +0200 |
| commit | 5f45df3168d7733c401c13d12f97ff8030211f0a (patch) | |
| tree | 181bf6a42b700fd1ef0c82171165058596df77e5 /lib | |
| parent | 648eddaf130d53a4908f573ccb08c4a1dd0518e9 (diff) | |
Strip more styles attributes (#7606)
Strip `bgcolor`, `text`, `background`, `link`, `alink`, `vlink`
fix https://github.com/FreshRSS/FreshRSS/issues/7604
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/lib_rss.php | 10 |
1 files changed, 6 insertions, 4 deletions
diff --git a/lib/lib_rss.php b/lib/lib_rss.php index 682b1365d..bcd8e51b0 100644 --- a/lib/lib_rss.php +++ b/lib/lib_rss.php @@ -344,10 +344,12 @@ function customSimplePie(array $attributes = [], array $curl_options = []): \Sim ]); $simplePie->rename_attributes(['id', 'class']); $simplePie->strip_attributes(array_merge($simplePie->strip_attributes, [ - 'autoplay', 'class', 'form', 'formaction', - 'onload', 'onunload', 'onclick', 'ondblclick', 'onmousedown', 'onmouseup', - 'onmouseover', 'onmousemove', 'onmouseout', 'onfocus', 'onblur', - 'onkeypress', 'onkeydown', 'onkeyup', 'onselect', 'onchange', 'seamless', 'sizes', 'srcdoc', 'srcset'])); + 'alink', 'autoplay', 'background', 'bgcolor', 'class', 'form', 'formaction', + 'link', 'onblur', 'onchange', 'onclick', 'ondblclick', 'onfocus', + 'onkeydown', 'onkeypress', 'onkeyup', 'onload', 'onmousedown', 'onmousemove', + 'onmouseout', 'onmouseover', 'onmouseup', 'onselect', 'onunload', + 'seamless', 'sizes', 'srcdoc', 'srcset', 'text', 'vlink', + ])); $simplePie->add_attributes([ 'audio' => ['controls' => 'controls', 'preload' => 'none'], 'iframe' => [ |