Fix HTML cleanup (fixes #1484183)
| | |
|---|
| | | } |
|---|
| | | |
|---|
| | | // replace event handlers on any object |
|---|
| | | $body = preg_replace('/\s(on[^=]+)=/im', ' __removed=', $body); |
|---|
| | | $body = preg_replace('/\shref=["\']?(javascript:)/im', 'null:', $body); |
|---|
| | | while ($body != $prev_body) |
|---|
| | | { |
|---|
| | | $prev_body = $body; |
|---|
| | | $body = preg_replace('/(<[^!][^>]*?\s)(on\w+?)(=[^>]*?>)/im', '$1__removed=$3', $body); |
|---|
| | | $body = preg_replace('/(<[^!][^>]*?\shref=["\']?)(javascript:)([^>]*?>)/im', '$1null:$3', $body); |
|---|
| | | } |
|---|
| | | |
|---|
| | | // resolve <base href> |
|---|
| | | $base_reg = '/(<base.*href=["\']?)([hftps]{3,5}:\/{2}[^"\'\s]+)([^<]*>)/i'; |
|---|
