diff options
author | Andrey Andreev <narf@devilix.net> | 2015-09-11 14:21:10 +0200 |
---|---|---|
committer | Andrey Andreev <narf@devilix.net> | 2015-09-11 14:21:10 +0200 |
commit | 2f71c625b8d9ed7efc34b2139695702d6a08f6be (patch) | |
tree | 983967ee5a0b7d4f8d1cbfd7bf6ed5ace71a39af | |
parent | 58c7bcb85c1a354e1eaebae8ef658516f427378d (diff) |
Improve on previous commit
-rw-r--r-- | system/core/Security.php | 2 | ||||
-rw-r--r-- | tests/codeigniter/core/Security_test.php | 5 |
2 files changed, 6 insertions, 1 deletions
diff --git a/system/core/Security.php b/system/core/Security.php index 829aac7d2..ca0991ac4 100644 --- a/system/core/Security.php +++ b/system/core/Security.php @@ -795,7 +795,7 @@ class CI_Security { .')*' // end optional attributes group .')' // end catching evil attribute prefix // evil attribute starts here - .'([\s\042\047>/=]+' // non-attribute characters (we'll replace that with a single space) + .'([\s\042\047/=]+' // non-attribute characters (we'll replace that with a single space), again excluding '>' .'('.implode('|', $evil_attributes).')' .'\s*=\s*' // attribute-value separator .'(\042[^042]+\042|\047[^047]+\047|[^\s\042\047=><`]+)' // attribute value; single, double or non-quotes diff --git a/tests/codeigniter/core/Security_test.php b/tests/codeigniter/core/Security_test.php index ed0838474..d09128053 100644 --- a/tests/codeigniter/core/Security_test.php +++ b/tests/codeigniter/core/Security_test.php @@ -164,6 +164,11 @@ class Security_test extends CI_TestCase { '<img src="on=\'">"<svg> onerror=alert(1) onmouseover=alert(1)>', $this->security->remove_evil_attributes('<img src="on=\'">"<svg> onerror=alert(1) onmouseover=alert(1)>', FALSE) ); + + $this->assertEquals( + '<img src="x"> on=\'x\' onerror=``,alert(1)>', + $this->security->remove_evil_attributes('<img src="x"> on=\'x\' onerror=``,alert(1)>', FALSE) + ); } // -------------------------------------------------------------------- |