Merge pull request #807 from gturri/bugfix

svivian · web-flow · commit 04e83ebf60a8 · 2020-05-06T13:15:38.000+01:00
Prevent using &lt;embed&gt; and &lt;object&gt; tags
diff --git a/qa-include/qa-base.php b/qa-include/qa-base.php
@@ -1024,7 +1024,7 @@ function qa_sanitize_html($html, $linksnewwindow = false, $storage = false)
 
 	$safe = htmLawed($html, array(
 		'safe' => 1,
-		'elements' => '*+embed+object-form',
+		'elements' => '*-form',
 		'schemes' => 'href: aim, feed, file, ftp, gopher, http, https, irc, mailto, news, nntp, sftp, ssh, telnet; *:file, http, https; style: !; classid:clsid',
 		'keep_bad' => 0,
 		'anti_link_spam' => array('/.*/', ''),
