Commit d12d6ea7 authored by Jonny Bradley's avatar Jonny Bradley

[FIX] Improve filter pattern

parent dfdc97b7
Pipeline #171988882 passed with stages
in 9 minutes and 27 seconds
......@@ -150,7 +150,7 @@ class TikiFilter_PreventXss implements Laminas\Filter\FilterInterface
// keep replacing as long as the previous round replaced something
while ($this->RemoveXSSchars($val)
|| $this->RemoveXSSregexp($ra_as_tag_only, $val, '(\<|\[\\\\xC0\]\[\\\\xBC\])\??')
|| $this->RemoveXSSregexp($ra_as_attribute, $val, '\s')
|| $this->RemoveXSSregexp($ra_as_attribute, $val, '[\s\/"\']')
|| $this->RemoveXSSregexp($ra_as_content, $val, '[\.\\\\+\*\?\[\^\]\$\(\)\{\}\=\!\<\|\:;\-\/`#"\']', '(?!\s*[a-z0-9])', true)
|| $this->RemoveXSSregexp($ra_javascript, $val, '', ':', true)
/// || RemoveXSSregexp($ra_style, $val, '[^a-z0-9]', '=') // Commented as it has been considered as a bit too aggressive
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment