Remove attributes that contain javascript from MHTML

third_party/WebKit/Source/core/dom/Element.cpp

Index: third_party/WebKit/Source/core/dom/Element.cpp
diff --git a/third_party/WebKit/Source/core/dom/Element.cpp b/third_party/WebKit/Source/core/dom/Element.cpp
index 047e339cba3e817a5c7eb056291cb3d2776f7584..50683b81cb2b57dbf2573edb154039c7f6b37a84 100644
--- a/third_party/WebKit/Source/core/dom/Element.cpp
+++ b/third_party/WebKit/Source/core/dom/Element.cpp
@@ -1430,7 +1430,7 @@ bool Element::shouldInvalidateDistributionWhenAttributeChanged(
   return featureSet.hasSelectorForAttribute(name.localName());
 }
 
-// Returns true is the given attribute is an event handler.
+// Returns true if the given attribute is an event handler.
 // We consider an event handler any attribute that begins with "on".
 // It is a simple solution that has the advantage of not requiring any
 // code or configuration change if a new event handler is defined.
@@ -1449,14 +1449,18 @@ bool Element::isJavaScriptURLAttribute(const Attribute& attribute) const {
   return isURLAttribute(attribute) && attributeValueIsJavaScriptURL(attribute);
 }
 
+bool Element::isScriptingAttribute(const Attribute& attribute) const {
+  return isEventHandlerAttribute(attribute) ||
+         isJavaScriptURLAttribute(attribute) ||
+         isHTMLContentAttribute(attribute) ||
+         isSVGAnimationAttributeSettingJavaScriptURL(attribute);
+}
+
 void Element::stripScriptingAttributes(
     Vector<Attribute>& attributeVector) const {
   size_t destination = 0;
   for (size_t source = 0; source < attributeVector.size(); ++source) {
-    if (isEventHandlerAttribute(attributeVector[source]) ||
-        isJavaScriptURLAttribute(attributeVector[source]) ||
-        isHTMLContentAttribute(attributeVector[source]) ||
-        isSVGAnimationAttributeSettingJavaScriptURL(attributeVector[source]))
+    if (isScriptingAttribute(attributeVector[source]))
       continue;
 
     if (source != destination)