Drupal
/
drupal
mirror of https://git.drupalcode.org/project/drupal.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

- Changed the XSS check a little to be slightly more forgiving wrt style 

attributes.
4.3.x
Dries Buytaert 2003-07-09 21:48:13 +00:00
parent 1c9a5e9fb8
commit ae4fe72d17
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
includes/common.inc
View File

@ -484,8 +484,8 @@ function xss_check_input_data($data) {
*/
// check attributes:
$match = preg_match("/\W(style|dynsrc|datasrc|data|lowsrc|on[a-z]+)\s*=[^>]+?>/i", $data);
$match += preg_match("/\W(src|href)\s*=[\s'\"]*javascript[^>]+?>/i", $data);
$match = preg_match("/\W(dynsrc|datasrc|data|lowsrc|on[a-z]+)\s*=[^>]+?>/i", $data);
$match += preg_match("/\Wjavascript\s*:/i", $data);
// check tags:
$match += preg_match("/<\s*(applet|script|object|style|embed|form|blink|meta|html|frame|iframe|layer|ilayer|head|frameset|xml)/i", $data);