From 131ba758514c5e905663bd82fc7c1c8271c7edc5 Mon Sep 17 00:00:00 2001
From: Aidan Woods <aidantwoods@gmail.com>
Date: Mon, 1 May 2017 15:44:04 +0100
Subject: [PATCH] filter onevent attributes

---
 Parsedown.php | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/Parsedown.php b/Parsedown.php
index 8571cd7..2fadec0 100644
--- a/Parsedown.php
+++ b/Parsedown.php
@@ -1513,6 +1513,22 @@ class Parsedown
             $Element = $this->filterUnsafeUrlInAttribute($Element, $safeUrlNameToAtt[$Element['name']]);
         }
 
+        if ( ! empty($Element['attributes']))
+        {
+            # clear out nulls
+            $Element['attributes'] = array_filter(
+                $Element['attributes'],
+                function ($v) {return $v !== null;}
+            );
+
+            $onEventAttributes = preg_grep('/^\s*+on/i', array_flip($Element['attributes']));
+
+            foreach ($onEventAttributes as $att)
+            {
+                unset($Element['attributes'][$att]);
+            }
+        }
+
         return $Element;
     }