Fixes #4486 - Invalid attributes not being fully filtered.

e107_handlers/e_parse_class.php

@@ -4955,6 +4955,7 @@ class e_parse
 				continue;
 			}
 
+			$removeAttributes = array();
 			foreach($node->attributes as $attr)
 			{
 				$name = $attr->nodeName;
@@ -4962,8 +4963,6 @@ class e_parse
 
 				$allow = isset($this->allowedAttributes[$tag]) ? $this->allowedAttributes[$tag] : $this->allowedAttributes['default'];
 
-				$removeAttributes = array();
-
 				if(!in_array($name, $allow))
 				{
 

e107_tests/tests/unit/e_parseTest.php

@@ -2635,7 +2635,13 @@ Your browser does not support the audio tag.
 				14 => array(
                     'html'      => '<script>alert(1)</script>', // test removal of 'script' tags
                     'expected'  => ''
-                )
+                ),
+
+                15  => array(
+                    'html'  => '<iframe width="640" height="360" frameborder="0" allowfullscreen src="http://nowhere.com" this-attribute-should-be-removed="value1" this-attribute-should-also-be-removed="value2"></iframe>',
+                    'expected'  => '<iframe width="640" height="360" frameborder="0" allowfullscreen="" src="http://nowhere.com"></iframe>'
+
+				),
 
 
 			);