Commit 8babb8e7 authored by Andrew Dolgov's avatar Andrew Dolgov

sanitize: disallow width and height attributes for images

parent 2eaf2a1f
......@@ -1587,6 +1587,9 @@
if ($entry->nodeName == 'img') {
$entry->setAttribute('referrerpolicy', 'no-referrer');
$entry->removeAttribute('width');
$entry->removeAttribute('height');
if ($entry->hasAttribute('src')) {
$is_https_url = parse_url($entry->getAttribute('src'), PHP_URL_SCHEME) === 'https';
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment