diff options
author | Andrey Andreev <narf@devilix.net> | 2016-10-28 16:46:31 +0200 |
---|---|---|
committer | Andrey Andreev <narf@devilix.net> | 2016-10-28 16:46:31 +0200 |
commit | 57fa143448577b670d8dd0e02b6e4cf31c4a7cff (patch) | |
tree | 32599fec5bf13cc84b61a065e12c02de4a4227f8 | |
parent | e02ebabb19242e1cfc6b37217bc799ff7591e941 (diff) |
[ci skip] xss_clean() hardening
- percent-sign tag (IE)
- data: URI scheme inclinding whitespace (Chrome)
-rw-r--r-- | system/core/Security.php | 21 | ||||
-rw-r--r-- | user_guide_src/source/changelog.rst | 2 |
2 files changed, 12 insertions, 11 deletions
diff --git a/system/core/Security.php b/system/core/Security.php index b9160a252..d0308c5f9 100644 --- a/system/core/Security.php +++ b/system/core/Security.php @@ -133,15 +133,16 @@ class CI_Security { * @var array */ protected $_never_allowed_str = array( - 'document.cookie' => '[removed]', - 'document.write' => '[removed]', - '.parentNode' => '[removed]', - '.innerHTML' => '[removed]', - '-moz-binding' => '[removed]', - '<!--' => '<!--', - '-->' => '-->', - '<![CDATA[' => '<![CDATA[', - '<comment>' => '<comment>' + 'document.cookie' => '[removed]', + 'document.write' => '[removed]', + '.parentNode' => '[removed]', + '.innerHTML' => '[removed]', + '-moz-binding' => '[removed]', + '<!--' => '<!--', + '-->' => '-->', + '<![CDATA[' => '<![CDATA[', + '<comment>' => '<comment>', + '<%' => '<%' ); /** @@ -924,7 +925,7 @@ class CI_Security { return str_replace( $match[1], preg_replace( - '#href=.*?(?:(?:alert|prompt|confirm)(?:\(|&\#40;)|javascript:|livescript:|mocha:|charset=|window\.|document\.|\.cookie|<script|<xss|data\s*:)#si', + '#href=.*?(?:(?:alert|prompt|confirm)(?:\(|&\#40;)|javascript:|livescript:|mocha:|charset=|window\.|document\.|\.cookie|<script|<xss|d\s*a\s*t\s*a\s*:)#si', '', $this->_filter_attributes($match[1]) ), diff --git a/user_guide_src/source/changelog.rst b/user_guide_src/source/changelog.rst index 4be0b31d3..2482c493c 100644 --- a/user_guide_src/source/changelog.rst +++ b/user_guide_src/source/changelog.rst @@ -9,7 +9,7 @@ Release Date: Not Released - **Security** - - Fixed a new URL-encoding attack vector in :doc:`Security Library <libraries/security>` method ``xss_clean()`` affecting Firefox. + - Fixed a number of new vulnerabilities in :doc:`Security Library <libraries/security>` method ``xss_clean()``. - General Changes |