diff options
| author | Bernhard Posselt <dev@bernhard-posselt.com> | 2014-02-13 23:52:55 +0100 |
|---|---|---|
| committer | Bernhard Posselt <dev@bernhard-posselt.com> | 2014-02-13 23:53:13 +0100 |
| commit | 211cbcea42b8bee3d241d6c62bbd9cf8b37fbc67 (patch) | |
| tree | 7d4a1c3453117f58e5100fc52ee1b9d9994107c4 /dependencyinjection | |
| parent | 0cef0ff01af5cc03046e45358dda935499c7cef5 (diff) | |
forbid set class attribute to avoid using built in styles in an unforseen way
Diffstat (limited to 'dependencyinjection')
| -rw-r--r-- | dependencyinjection/dicontainer.php | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/dependencyinjection/dicontainer.php b/dependencyinjection/dicontainer.php index d8e286bd6..abcd93bb5 100644 --- a/dependencyinjection/dicontainer.php +++ b/dependencyinjection/dicontainer.php @@ -124,6 +124,7 @@ class DIContainer extends BaseContainer { } $config = \HTMLPurifier_Config::createDefault(); + $config->set('HTML.ForbiddenAttributes', 'class'); $config->set('Cache.SerializerPath', $directory); $config->set('HTML.SafeIframe', true); $config->set('URI.SafeIframeRegexp', |