MC-15970: Page Builder Dynamic Block

danmooney2 · danmooney2 · commit fed39965a51f · 2019-06-25T13:48:02.000-05:00
diff --git a/app/code/Magento/PageBuilder/Model/Stage/HtmlFilter.php b/app/code/Magento/PageBuilder/Model/Stage/HtmlFilter.php
@@ -52,11 +52,13 @@ public function filterHtml(string $content): string
         // Remove all <script /> tags, on* attributes from output
         /** @var \DOMElement $item */
         foreach (iterator_to_array($dom->getElementsByTagName('*')) as $item) {
-            if ($item->tagName === 'script') {
+            if (in_array($item->tagName, ['script', 'meta', 'iframe', 'embed', 'object'])) {
                 $item->parentNode->removeChild($item);
             } else {
                 foreach (iterator_to_array($item->attributes) as $attribute) {
-                    if (stripos($attribute->name, 'on') === 0) {
+                    if (stripos($attribute->name, 'on') === 0 ||
+                        stripos(ltrim($attribute->value), 'javascript') === 0
+                    ) {
                         $item->removeAttribute($attribute->name);
                     }
                 }
