From 9050fd4a5aeb28d1e5f476747f3d56f3da9190ea Mon Sep 17 00:00:00 2001
From: azaozz <azaozz@1a063a9b-81f0-0310-95a4-ce76da25c4cd>
Date: Sat, 15 Nov 2008 02:20:26 +0000
Subject: [PATCH] Strip "onclick" when previewing themes, props DD32, fixes
 #7303

git-svn-id: http://svn.automattic.com/wordpress/trunk@9707 1a063a9b-81f0-0310-95a4-ce76da25c4cd
---
 wp-includes/theme.php | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/wp-includes/theme.php b/wp-includes/theme.php
index fc1fe4adc..5a26182ed 100644
--- a/wp-includes/theme.php
+++ b/wp-includes/theme.php
@@ -892,6 +892,8 @@ function preview_theme_ob_filter( $content ) {
  * @return string
  */
 function preview_theme_ob_filter_callback( $matches ) {
+	if ( strpos($matches[4], 'onclick') !== false )
+		$matches[4] = preg_replace('#onclick=([\'"]).*?(?<!\\\)\\1#i', '', $matches[4]); //Strip out any onclicks from rest of <a>. (?<!\\\) means to ignore the '" if its escaped by \  to prevent breaking mid-attribute.
 	if (
 		( false !== strpos($matches[3], '/wp-admin/') )
 	||