Merge pull request #807 from gturri/bugfix

Prevent using <embed> and <object> tags

qa-include/qa-base.php

@@ -1024,7 +1024,7 @@ function qa_sanitize_html($html, $linksnewwindow = false, $storage = false)
 
 	$safe = htmLawed($html, array(
 		'safe' => 1,
-		'elements' => '*+embed+object-form',
+		'elements' => '*-form',
 		'schemes' => 'href: aim, feed, file, ftp, gopher, http, https, irc, mailto, news, nntp, sftp, ssh, telnet; *:file, http, https; style: !; classid:clsid',
 		'keep_bad' => 0,
 		'anti_link_spam' => array('/.*/', ''),