diff --git a/Parsedown.php b/Parsedown.php index 8571cd704..2fadec075 100644 --- a/Parsedown.php +++ b/Parsedown.php @@ -1513,6 +1513,22 @@ protected function sanitiseElement(array $Element) $Element = $this->filterUnsafeUrlInAttribute($Element, $safeUrlNameToAtt[$Element['name']]); } + if ( ! empty($Element['attributes'])) + { + # clear out nulls + $Element['attributes'] = array_filter( + $Element['attributes'], + function ($v) {return $v !== null;} + ); + + $onEventAttributes = preg_grep('/^\s*+on/i', array_flip($Element['attributes'])); + + foreach ($onEventAttributes as $att) + { + unset($Element['attributes'][$att]); + } + } + return $Element; }