Committer: wisest-owl
LJSUP-4312.Remove all attribs from all tags
U trunk/cgi-bin/LJ/S2/ReplyPage.pm U trunk/cgi-bin/LJ/S2.pm U trunk/cgi-bin/cleanhtml.pl
Modified: trunk/cgi-bin/LJ/S2/ReplyPage.pm =================================================================== --- trunk/cgi-bin/LJ/S2/ReplyPage.pm 2009-05-15 09:32:00 UTC (rev 15181) +++ trunk/cgi-bin/LJ/S2/ReplyPage.pm 2009-05-15 09:43:09 UTC (rev 15182) @@ -236,6 +236,7 @@ 'strongcleancss' => 1, 'noearlyclose' => 1, 'tablecheck' => 1, + 'remove_all_attribs' => 1, }); my $r = Apache->request; Modified: trunk/cgi-bin/LJ/S2.pm =================================================================== --- trunk/cgi-bin/LJ/S2.pm 2009-05-15 09:32:00 UTC (rev 15181) +++ trunk/cgi-bin/LJ/S2.pm 2009-05-15 09:43:09 UTC (rev 15182) @@ -3285,6 +3285,7 @@ 'strongcleancss' => 1, 'noearlyclose' => 1, 'tablecheck' => 1, + 'remove_all_attribs' => 1, }); $S2::pout->( Modified: trunk/cgi-bin/cleanhtml.pl =================================================================== --- trunk/cgi-bin/cleanhtml.pl 2009-05-15 09:32:00 UTC (rev 15181) +++ trunk/cgi-bin/cleanhtml.pl 2009-05-15 09:43:09 UTC (rev 15182) @@ -58,6 +58,7 @@ # 'transform_embed_wmode' => <value>, # define a wmode value for videos (usually 'transparent' is the value you want) # 'blocked_links' => [ qr/evil\.com/, qw/spammer\.com/ ], # list of sites which URL's will be blocked # 'blocked_link_substitute' => 'http://domain.com/error.html' # blocked links will be replaced by this URL +# 'remove_all_attribs' => 1, # remove all attributes from html tags # }); sub helper_preload @@ -144,6 +145,7 @@ ($LJ::BLOCKED_LINK_SUBSTITUTE) ? $LJ::BLOCKED_LINK_SUBSTITUTE : '#'; my $suspend_msg = $opts->{'suspend_msg'} || 0; my $unsuspend_supportid = $opts->{'unsuspend_supportid'} || 0; + my $remove_all_attribs = $opts->{'remove_all_attribs'} || 0; my @canonical_urls; # extracted links my %action = (); @@ -553,6 +555,11 @@ ATTR: foreach my $attr (keys %$hash) { + if ($remove_all_attribs) { + delete $hash->{$attr}; + next; + } + if ($attr =~ /^(?:on|dynsrc)/) { delete $hash->{$attr}; next;