diff options
| author | Gábor Hojtsy <gabor@hojtsy.hu> | 2007-11-04 14:18:56 +0000 |
|---|---|---|
| committer | Gábor Hojtsy <gabor@hojtsy.hu> | 2007-11-04 14:18:56 +0000 |
| commit | 98a5fb14193b598be05a20e1f14cf171534bfae7 (patch) | |
| tree | db563145c01ea767184e87599c9132e77e902bca /includes | |
| parent | eccf762a8de330a2b9bd5cf26fc69b51b362e9dc (diff) | |
| download | brdo-98a5fb14193b598be05a20e1f14cf171534bfae7.tar.gz brdo-98a5fb14193b598be05a20e1f14cf171534bfae7.tar.bz2 | |
#186963 by JirkaRybka: remove HTML from link titles (attribute values) if it seems we have tags included
Diffstat (limited to 'includes')
| -rw-r--r-- | includes/common.inc | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/includes/common.inc b/includes/common.inc index 0524982c4..1850e96e1 100644 --- a/includes/common.inc +++ b/includes/common.inc @@ -1396,6 +1396,13 @@ function l($text, $path, $options = array()) { $options['attributes']['class'] = 'active'; } } + + // Remove all HTML and PHP tags from a tooltip. For best performance, we act only + // if a quick strpos() pre-check gave a suspicion (because strip_tags() is expensive). + if (isset($options['attributes']['title']) && strpos($options['attributes']['title'], '<') !== FALSE) { + $options['attributes']['title'] = strip_tags($options['attributes']['title']); + } + return '<a href="'. check_url(url($path, $options)) .'"'. drupal_attributes($options['attributes']) .'>'. ($options['html'] ? $text : check_plain($text)) .'</a>'; } |