From 6d0156d70714fcd89c1b9c9eb573adade13bfb27 Mon Sep 17 00:00:00 2001
From: Aidan Woods <aidantwoods@gmail.com>
Date: Tue, 2 May 2017 00:30:04 +0100
Subject: [PATCH] dump attributes that contain characters that are impossible
 for validity, or very unlikely

---
 Parsedown.php | 23 ++++++++++++++++-------
 1 file changed, 16 insertions(+), 7 deletions(-)

diff --git a/Parsedown.php b/Parsedown.php
index 2fadec0..488af4b 100644
--- a/Parsedown.php
+++ b/Parsedown.php
@@ -1503,7 +1503,8 @@ class Parsedown
 
     protected function sanitiseElement(array $Element)
     {
-        $safeUrlNameToAtt = array(
+        static $badAttributeChars = "\"'= \t\n\r\0\x0B";
+        static $safeUrlNameToAtt  = array(
             'a'   => 'href',
             'img' => 'src',
         );
@@ -1515,13 +1516,21 @@ class Parsedown
 
         if ( ! empty($Element['attributes']))
         {
-            # clear out nulls
-            $Element['attributes'] = array_filter(
-                $Element['attributes'],
-                function ($v) {return $v !== null;}
-            );
+            foreach ($Element['attributes'] as $att => $val)
+            {
+                # clear out nulls
+                if ($val === null)
+                {
+                    unset($Element['attributes'][$att]);
+                }
+                # filter out badly parsed attribute
+                elseif (strpbrk($att, $badAttributeChars) !== false)
+                {
+                    unset($Element['attributes'][$att]);
+                }
+            }
 
-            $onEventAttributes = preg_grep('/^\s*+on/i', array_flip($Element['attributes']));
+            $onEventAttributes = preg_grep('/^on/i', array_flip($Element['attributes']));
 
             foreach ($onEventAttributes as $att)
             {