twin/jul
1
0
Fork 0
mirror of https://github.com/Xkeeper0/jul.git synced 2025-08-02 13:11:59 -07:00
Code Issues Packages Projects Releases Wiki Activity

have a \s

Browse Source 
"< text" is not valid HTML so it's not vulnerable to XSS
This commit is contained in:
RanAwaySuccessfully
2018-06-26 22:08:14 -03:00
committed by GitHub
parent 5d368577cb
commit 72e77a943e
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
lib/function.php
View File

@@ -1263,7 +1263,7 @@ function xss_clean($data) {
#$data = preg_replace('#(<[^>]+?[\x00-\x20"\'])(?:on|xmlns)[^>]*+>#iu', '$1>', $data); #$data = preg_replace('#(<[^>]+?[\x00-\x20"\'])(?:on|xmlns)[^>]*+>#iu', '$1>', $data);
do { do {
$old_data = $data; $old_data = $data;
$data = preg_replace('#(<[^>]+?[\x00-\x20"\'])(on|xmlns)([^>]*+)>#iu', '$1DISABLED_$2$3>', $data); $data = preg_replace('#(<[^>\s]+?[\x00-\x20"\'])(on|xmlns)([^>]*+)>#iu', '$1DISABLED_$2$3>', $data);
} while ($old_data !== $data); } while ($old_data !== $data);
// Remove javascript: and vbscript: protocols // Remove javascript: and vbscript: protocols