mirror of
https://github.com/WordPress/WordPress.git
synced 2024-12-23 09:37:42 +01:00
Strip "onclick" when previewing themes, props DD32, fixes #7303
git-svn-id: http://svn.automattic.com/wordpress/trunk@9707 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
parent
091d203fba
commit
9050fd4a5a
@ -892,6 +892,8 @@ function preview_theme_ob_filter( $content ) {
|
||||
* @return string
|
||||
*/
|
||||
function preview_theme_ob_filter_callback( $matches ) {
|
||||
if ( strpos($matches[4], 'onclick') !== false )
|
||||
$matches[4] = preg_replace('#onclick=([\'"]).*?(?<!\\\)\\1#i', '', $matches[4]); //Strip out any onclicks from rest of <a>. (?<!\\\) means to ignore the '" if its escaped by \ to prevent breaking mid-attribute.
|
||||
if (
|
||||
( false !== strpos($matches[3], '/wp-admin/') )
|
||||
||
|
||||
|
Loading…
Reference in New Issue
Block a user