diff options
| -rw-r--r-- | includes/common.inc | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/includes/common.inc b/includes/common.inc index 0524982c4..1850e96e1 100644 --- a/includes/common.inc +++ b/includes/common.inc @@ -1396,6 +1396,13 @@ function l($text, $path, $options = array()) { $options['attributes']['class'] = 'active'; } } + + // Remove all HTML and PHP tags from a tooltip. For best performance, we act only + // if a quick strpos() pre-check gave a suspicion (because strip_tags() is expensive). + if (isset($options['attributes']['title']) && strpos($options['attributes']['title'], '<') !== FALSE) { + $options['attributes']['title'] = strip_tags($options['attributes']['title']); + } + return '<a href="'. check_url(url($path, $options)) .'"'. drupal_attributes($options['attributes']) .'>'. ($options['html'] ? $text : check_plain($text)) .'</a>'; } |