From 3c71d6a1c1352f035283fdd1cad205284fd7e69f Mon Sep 17 00:00:00 2001
From: Andrew Ozz <azaozz@git.wordpress.org>
Date: Sat, 15 Nov 2008 02:20:26 +0000
Subject: [PATCH] Strip "onclick" when previewing themes, props DD32, fixes
 #7303

git-svn-id: https://develop.svn.wordpress.org/trunk@9707 602fd350-edb4-49c9-b593-d223f7449a82
---
 wp-includes/theme.php | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/wp-includes/theme.php b/wp-includes/theme.php
index fc1fe4adcb..5a26182eda 100644
--- a/wp-includes/theme.php
+++ b/wp-includes/theme.php
@@ -892,6 +892,8 @@ function preview_theme_ob_filter( $content ) {
  * @return string
  */
 function preview_theme_ob_filter_callback( $matches ) {
+	if ( strpos($matches[4], 'onclick') !== false )
+		$matches[4] = preg_replace('#onclick=([\'"]).*?(?<!\\\)\\1#i', '', $matches[4]); //Strip out any onclicks from rest of <a>. (?<!\\\) means to ignore the '" if its escaped by \  to prevent breaking mid-attribute.
 	if (
 		( false !== strpos($matches[3], '/wp-admin/') )
 	||