From 8f7d9e12a00b47b6727113ef3519468193aba017 Mon Sep 17 00:00:00 2001
From: Alexandre Alapetite <alexandre@alapetite.fr>
Date: Sun, 3 Nov 2013 11:40:17 +0100
Subject: Filtrage des événements JavaScript
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Corrige https://github.com/marienfressinaud/FreshRSS/issues/230
---
 app/models/Feed.php | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/app/models/Feed.php b/app/models/Feed.php
index de5db3791..14eeb942a 100644
--- a/app/models/Feed.php
+++ b/app/models/Feed.php
@@ -198,6 +198,10 @@ class Feed extends Model {
 					'input', 'marquee', 'meta', 'noscript',
 					'param', 'script', 'style'
 				));
+				$feed->strip_attributes(array_merge($feed->strip_attributes, array(
+					'onload', 'onunload', 'onclick', 'ondblclick', 'onmousedown', 'onmouseup',
+					'onmouseover', 'onmousemove', 'onmouseout', 'onfocus', 'onblur',
+					'onkeypress', 'onkeydown', 'onkeyup', 'onselect', 'onchange')));
 				$feed->init ();
 
 				if ($feed->error ()) {
-- 
cgit v1.2.3