Commit 98a5fb14 authored by Gábor Hojtsy's avatar Gábor Hojtsy
Browse files

#186963 by JirkaRybka: remove HTML from link titles (attribute values) if it...

#186963 by JirkaRybka: remove HTML from link titles (attribute values) if it seems we have tags included
parent eccf762a
...@@ -1396,6 +1396,13 @@ function l($text, $path, $options = array()) { ...@@ -1396,6 +1396,13 @@ function l($text, $path, $options = array()) {
$options['attributes']['class'] = 'active'; $options['attributes']['class'] = 'active';
} }
} }
// Remove all HTML and PHP tags from a tooltip. For best performance, we act only
// if a quick strpos() pre-check gave a suspicion (because strip_tags() is expensive).
if (isset($options['attributes']['title']) && strpos($options['attributes']['title'], '<') !== FALSE) {
$options['attributes']['title'] = strip_tags($options['attributes']['title']);
}
return '<a href="'. check_url(url($path, $options)) .'"'. drupal_attributes($options['attributes']) .'>'. ($options['html'] ? $text : check_plain($text)) .'</a>'; return '<a href="'. check_url(url($path, $options)) .'"'. drupal_attributes($options['attributes']) .'>'. ($options['html'] ? $text : check_plain($text)) .'</a>';
} }
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment