Strip "onclick" when previewing themes, props DD32, fixes #7303

git-svn-id: https://develop.svn.wordpress.org/trunk@9707 602fd350-edb4-49c9-b593-d223f7449a82
2008-11-15 02:20:26 +00:00 · 2008-11-15 02:20:26 +00:00 · 3c71d6a1c1
parent 11a7b3d9c1
commit 3c71d6a1c1
1 changed files with 2 additions and 0 deletions
--- a/wp-includes/theme.php
+++ b/wp-includes/theme.php
@ -892,6 +892,8 @@ function preview_theme_ob_filter( $content ) {
 * @return string
 */
 function preview_theme_ob_filter_callback( $matches ) {
+	if ( strpos($matches[4], 'onclick') !== false )
+		$matches[4] = preg_replace('#onclick=([\'"]).*?(?<!\\\)\\1#i', '', $matches[4]); //Strip out any onclicks from rest of <a>. (?<!\\\) means to ignore the '" if its escaped by \  to prevent breaking mid-attribute.
 	if (
 		( false !== strpos($matches[3], '/wp-admin/') )
 	||