From 291c0533958641d3d64a368308a7c9765081ab09 Mon Sep 17 00:00:00 2001
From: RanAS <RanAwaySuccessfully@users.noreply.github.com>
Date: Fri, 11 Jan 2019 16:08:26 -0200
Subject: [PATCH] more HTML filter fixes

---
 lib/function.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/function.php b/lib/function.php
index c1dd636..e5fdcf0 100644
--- a/lib/function.php
+++ b/lib/function.php
@@ -1289,7 +1289,7 @@ function xss_clean($data) {
 	#$data = preg_replace('#(<[^>]+?[\x00-\x20"\'])(?:on|xmlns)[^>]*+>#iu', '$1>', $data);
 	do {
 		$old_data	= $data;
-		$data		= preg_replace('#(<[A-Za-z][^>]*?[\x00-\x20"\'])(on|xmlns)([^>]*+)>#iu', '$1DISABLED_$2$3>', $data);
+		$data		= preg_replace('#(<[A-Za-z][^>]*?[\x00-\x20\x2F"\'])(on|xmlns)[A-Za-z]*=([^>]*+)>#iu', '$1DISABLED_$2$3>', $data);
 	} while ($old_data !== $data);
 
 	// Remove javascript: and vbscript: protocols