Home Explore Help
Sign In
LBP
/
FressRSS
mirror of https://github.com/FreshRSS/FreshRSS.git
4
0
Fork 0
Files Issues 0 Wiki
Browse Source

Strip more unsafe attributes e.g. `referrerpolicy` (#7770)

Inverle 8 months ago
parent
3ce64d271b
commit
c952256564
1 changed files with 2 additions and 1 deletions
Unified View Show Diff Stats
  1. 2 1
      lib/lib_rss.php

+ 2 - 1
lib/lib_rss.php
View File 

@@ -348,7 +348,8 @@ function customSimplePie(array $attributes = [], array $curl_options = []): \Sim
 
 		'link', 'onblur', 'onchange', 'onclick', 'ondblclick', 'onfocus',
 
 		'link', 'onblur', 'onchange', 'onclick', 'ondblclick', 'onfocus',
 
 		'onkeydown', 'onkeypress', 'onkeyup', 'onload', 'onmousedown', 'onmousemove',
 
 		'onkeydown', 'onkeypress', 'onkeyup', 'onload', 'onmousedown', 'onmousemove',
 
 		'onmouseout', 'onmouseover', 'onmouseup', 'onselect', 'onunload',
 
 		'onmouseout', 'onmouseover', 'onmouseup', 'onselect', 'onunload',
 
-		'seamless', 'sizes', 'srcdoc', 'srcset', 'text', 'vlink',
 
+		'seamless', 'sizes', 'srcdoc', 'srcset', 'text', 'vlink', 'referrerpolicy', 'ping',
 
+		'target', 'rel', 'name', 'download', 'attributionsrc',
 
 	]));
 
 	]));
 
 	$simplePie->add_attributes([
 
 	$simplePie->add_attributes([
 
 		'audio' => ['controls' => 'controls', 'preload' => 'none'],
 
 		'audio' => ['controls' => 'controls', 'preload' => 'none'],