summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorDries Buytaert2003-07-09 21:48:54 +0000
committerDries Buytaert2003-07-09 21:48:54 +0000
commitd235d95872aeee61f50e69a9b319e6247cd57603 (patch)
tree4b82c88a258a17bb9b1f77d239f9a2ffbd3f44ba
parentf294f5e506ff9f2465226bb836063421a4d65e1d (diff)
- Changed the XSS check a little to be slightly more forgiving wrt style
attributes.
-rw-r--r--includes/common.inc4
1 files changed, 2 insertions, 2 deletions
diff --git a/includes/common.inc b/includes/common.inc
index 87ab764..448cf5f 100644
--- a/includes/common.inc
+++ b/includes/common.inc
@@ -484,8 +484,8 @@ function xss_check_input_data($data) {
*/
// check attributes:
- $match = preg_match("/\W(style|dynsrc|datasrc|data|lowsrc|on[a-z]+)\s*=[^>]+?>/i", $data);
- $match += preg_match("/\W(src|href)\s*=[\s'\"]*javascript[^>]+?>/i", $data);
+ $match = preg_match("/\W(dynsrc|datasrc|data|lowsrc|on[a-z]+)\s*=[^>]+?>/i", $data);
+ $match += preg_match("/\Wjavascript\s*:/i", $data);
// check tags:
$match += preg_match("/<\s*(applet|script|object|style|embed|form|blink|meta|html|frame|iframe|layer|ilayer|head|frameset|xml)/i", $data);