sanitize: disallow width and height attributes for images

8babb8e7 · Andrew Dolgov · 2eaf2a1f · 8babb8e7
Commit 8babb8e7 authored Feb 11, 2018 by Andrew Dolgov
Hide whitespace changes
Inline Side-by-side

Showing with 3 additions and 0 deletions

include/functions.php include/functions.php +3 -0

No files found.
--- a/include/functions.php
+++ b/include/functions.php
@@ -1587,6 +1587,9 @@
 			if ($entry->nodeName == 'img') {
 				$entry->setAttribute('referrerpolicy', 'no-referrer');

+				$entry->removeAttribute('width');
+				$entry->removeAttribute('height');
+
 				if ($entry->hasAttribute('src')) {
 					$is_https_url = parse_url($entry->getAttribute('src'), PHP_URL_SCHEME) === 'https';