Wavyzz/dolibarr
2
0
Fork 1
mirror of https://github.com/Dolibarr/dolibarr.git synced 2025-12-11 12:01:23 +01:00
Code Issues Packages Projects Releases Wiki Activity

Avoid to obfuscate attributes with html tags inside

Browse Source
This commit is contained in:
Laurent Destailleur
2021-03-29 14:50:44 +02:00
parent 4cacca413e
commit e03fbda96a
1 changed files with 8 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
htdocs/core/lib/functions.lib.php
View File

@@ -775,13 +775,15 @@ function checkVal($out = '', $check = 'alphanohtml', $filter = null, $options =
}
break;
case 'restricthtml': // Recommended for most html textarea
$out = dol_string_onlythesehtmltags($out, 0, 1, 1);
// We should also exclude non expected attributes
if (!empty($conf->global->MAIN_RESTRICTHTML_REMOVE_ALSO_BAD_ATTRIBUTES)) {
$out = dol_string_onlythesehtmlattributes($out);
}
do {
$oldstringtoclean = $out;
$out = dol_string_onlythesehtmltags($out, 0, 1, 1);
// We should also exclude non expected attributes
if (!empty($conf->global->MAIN_RESTRICTHTML_REMOVE_ALSO_BAD_ATTRIBUTES)) {
$out = dol_string_onlythesehtmlattributes($out);
}
} while ($oldstringtoclean != $out);
break;
case 'custom':
if (empty($filter)) {