From 4bae1c9834382d3c7aa900a7cbf77771b3864c56 Mon Sep 17 00:00:00 2001
From: Aidan Woods <aidantwoods@gmail.com>
Date: Wed, 3 May 2017 00:39:01 +0100
Subject: [PATCH] whitelist regex for good attribute (no no chars that could
 form a delimiter allowed

---
 Parsedown.php | 21 +++++++--------------
 1 file changed, 7 insertions(+), 14 deletions(-)

diff --git a/Parsedown.php b/Parsedown.php
index c319a19..0bd81e2 100644
--- a/Parsedown.php
+++ b/Parsedown.php
@@ -1505,7 +1505,7 @@ class Parsedown
 
     protected function sanitiseElement(array $Element)
     {
-        static $badAttributeChars = "\"'= \t\n\r\0\x0B";
+        static $goodAttribute = '/^[a-zA-Z0-9][a-zA-Z0-9-_]*+$/';
         static $safeUrlNameToAtt  = array(
             'a'   => 'href',
             'img' => 'src',
@@ -1520,23 +1520,16 @@ class Parsedown
         {
             foreach ($Element['attributes'] as $att => $val)
             {
-                # clear out nulls
-                if ($val === null)
-                {
-                    unset($Element['attributes'][$att]);
-                }
                 # filter out badly parsed attribute
-                elseif (strpbrk($att, $badAttributeChars) !== false)
+                if ( ! preg_match($goodAttribute, $att))
+                {
+                    unset($Element['attributes'][$att]);
+                }
+                # dump onevent attribute
+                elseif (preg_match('/^on/i', $att))
                 {
                     unset($Element['attributes'][$att]);
                 }
-            }
-
-            $onEventAttributeKeys = preg_grep('/^on/i', array_keys($Element['attributes']));
-
-            foreach ($onEventAttributeKeys as $att)
-            {
-                unset($Element['attributes'][$att]);
             }
         }