mirror/php-e107
1
0
Fork 0
mirror of https://github.com/e107inc/e107.git synced 2025-08-04 13:47:31 +02:00
Code Issues Releases Wiki Activity

Fixes #4128 whitelist 'rel' attribute on a tags.

Browse Source
This commit is contained in:
Cameron
2020-04-22 10:39:22 -07:00
parent 6d29c4c55e
commit 6734f26978
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
e107_handlers/e_parse_class.php
View File

@@ -3823,7 +3823,7 @@ class e_parser
protected $allowedAttributes = array( protected $allowedAttributes = array(
'default' => array('id', 'style', 'class'), 'default' => array('id', 'style', 'class'),
'img' => array('id', 'src', 'style', 'class', 'alt', 'title', 'width', 'height'), 'img' => array('id', 'src', 'style', 'class', 'alt', 'title', 'width', 'height'),
'a' => array('id', 'href', 'style', 'class', 'title', 'target'), 'a' => array('id', 'href', 'style', 'class', 'title', 'target', 'rel'),
'script' => array('type', 'src', 'language', 'async'), 'script' => array('type', 'src', 'language', 'async'),
'iframe' => array('id', 'src', 'frameborder', 'class', 'width', 'height', 'style'), 'iframe' => array('id', 'src', 'frameborder', 'class', 'width', 'height', 'style'),
'input' => array('type','name','value','class','style'), 'input' => array('type','name','value','class','style'),