Loading core/lib/Drupal/Component/Utility/Xss.php +8 −1 Original line number Diff line number Diff line Loading @@ -213,7 +213,14 @@ protected static function attributes($attributes) { // Attribute name, href for instance. if (preg_match('/^([-a-zA-Z][-a-zA-Z0-9]*)/', $attributes, $match)) { $attribute_name = strtolower($match[1]); $skip = ($attribute_name == 'style' || substr($attribute_name, 0, 2) == 'on'); $skip = ( $attribute_name == 'style' || substr($attribute_name, 0, 2) == 'on' || substr($attribute_name, 0, 1) == '-' || // Ignore long attributes to avoid unnecessary processing // overhead. strlen($attribute_name) > 96 ); // Values for attributes of type URI should be filtered for // potentially malicious protocols (for example, an href-attribute Loading Loading
core/lib/Drupal/Component/Utility/Xss.php +8 −1 Original line number Diff line number Diff line Loading @@ -213,7 +213,14 @@ protected static function attributes($attributes) { // Attribute name, href for instance. if (preg_match('/^([-a-zA-Z][-a-zA-Z0-9]*)/', $attributes, $match)) { $attribute_name = strtolower($match[1]); $skip = ($attribute_name == 'style' || substr($attribute_name, 0, 2) == 'on'); $skip = ( $attribute_name == 'style' || substr($attribute_name, 0, 2) == 'on' || substr($attribute_name, 0, 1) == '-' || // Ignore long attributes to avoid unnecessary processing // overhead. strlen($attribute_name) > 96 ); // Values for attributes of type URI should be filtered for // potentially malicious protocols (for example, an href-attribute Loading
