From 8babb8e75a0fd0195fc28c915bc5e21a7814f77b Mon Sep 17 00:00:00 2001 From: Andrew Dolgov Date: Sun, 11 Feb 2018 16:47:19 +0300 Subject: [PATCH] sanitize: disallow width and height attributes for images --- include/functions.php | 3 +++ 1 file changed, 3 insertions(+) diff --git a/include/functions.php b/include/functions.php index ebf4021ae..efa4ec8e7 100755 --- a/include/functions.php +++ b/include/functions.php @@ -1587,6 +1587,9 @@ if ($entry->nodeName == 'img') { $entry->setAttribute('referrerpolicy', 'no-referrer'); + $entry->removeAttribute('width'); + $entry->removeAttribute('height'); + if ($entry->hasAttribute('src')) { $is_https_url = parse_url($entry->getAttribute('src'), PHP_URL_SCHEME) === 'https';