From aaaca69185bce2be6a82956c69541938dc871268 Mon Sep 17 00:00:00 2001
From: joebordes <joe@tsolucio.com>
Date: Tue, 21 Mar 2023 00:00:44 +0100
Subject: [PATCH] sec(VTLIB) purify clean javascript in href

---
 include/utils/VtlibUtils.php | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/include/utils/VtlibUtils.php b/include/utils/VtlibUtils.php
index c0105839de..347125d08c 100644
--- a/include/utils/VtlibUtils.php
+++ b/include/utils/VtlibUtils.php
@@ -480,6 +480,16 @@ function vtlib_purify($input, $ignore = false) {
 				}
 			} else { // Simple type
 				$value = $__htmlpurifier_instance->purify($input);
+				if (strpos($value, '<a') !== false && strpos($value, 'javascript') !== false) {
+					$dom = new DOMDocument;
+					$dom->loadHTML($value, LIBXML_HTML_NODEFDTD | LIBXML_HTML_NOIMPLIED);
+					foreach ($dom->getElementsByTagName('a') as $node) {
+						if ($node->hasAttribute('href') && !filter_var($node->getAttribute('href'), FILTER_VALIDATE_URL) !== false) {
+							$node->removeAttribute('href');
+							$value = trim($dom->saveHTML(), "\n");
+						}
+					}
+				}
 			}
 		}
 	}