From 211cbcea42b8bee3d241d6c62bbd9cf8b37fbc67 Mon Sep 17 00:00:00 2001
From: Bernhard Posselt <dev@bernhard-posselt.com>
Date: Thu, 13 Feb 2014 23:52:55 +0100
Subject: forbid set class attribute to avoid using built in styles in an
 unforseen way

---
 dependencyinjection/dicontainer.php | 1 +
 1 file changed, 1 insertion(+)

diff --git a/dependencyinjection/dicontainer.php b/dependencyinjection/dicontainer.php
index d8e286bd6..abcd93bb5 100644
--- a/dependencyinjection/dicontainer.php
+++ b/dependencyinjection/dicontainer.php
@@ -124,6 +124,7 @@ class DIContainer extends BaseContainer {
 			}
 
 			$config = \HTMLPurifier_Config::createDefault();
+			$config->set('HTML.ForbiddenAttributes', 'class');
 			$config->set('Cache.SerializerPath', $directory);
 			$config->set('HTML.SafeIframe', true);
 			$config->set('URI.SafeIframeRegexp',
-- 
cgit v1.2.3