diff options
| author | Andrey Andreev <narf@devilix.net> | 2015-09-11 14:21:10 +0200 |
|---|---|---|
| committer | Andrey Andreev <narf@devilix.net> | 2015-09-11 14:21:10 +0200 |
| commit | 2f71c625b8d9ed7efc34b2139695702d6a08f6be (patch) | |
| tree | 983967ee5a0b7d4f8d1cbfd7bf6ed5ace71a39af | |
| parent | 58c7bcb85c1a354e1eaebae8ef658516f427378d (diff) | |
Improve on previous commit
| -rw-r--r-- | system/core/Security.php | 2 | ||||
| -rw-r--r-- | tests/codeigniter/core/Security_test.php | 5 |
2 files changed, 6 insertions, 1 deletions
diff --git a/system/core/Security.php b/system/core/Security.php index 829aac7d2..ca0991ac4 100644 --- a/system/core/Security.php +++ b/system/core/Security.php @@ -795,7 +795,7 @@ class CI_Security { .')*' // end optional attributes group .')' // end catching evil attribute prefix // evil attribute starts here - .'([\s\042\047>/=]+' // non-attribute characters (we'll replace that with a single space) + .'([\s\042\047/=]+' // non-attribute characters (we'll replace that with a single space), again excluding '>' .'('.implode('|', $evil_attributes).')' .'\s*=\s*' // attribute-value separator .'(\042[^042]+\042|\047[^047]+\047|[^\s\042\047=><`]+)' // attribute value; single, double or non-quotes diff --git a/tests/codeigniter/core/Security_test.php b/tests/codeigniter/core/Security_test.php index ed0838474..d09128053 100644 --- a/tests/codeigniter/core/Security_test.php +++ b/tests/codeigniter/core/Security_test.php @@ -164,6 +164,11 @@ class Security_test extends CI_TestCase { '<img src="on=\'">"<svg> onerror=alert(1) onmouseover=alert(1)>', $this->security->remove_evil_attributes('<img src="on=\'">"<svg> onerror=alert(1) onmouseover=alert(1)>', FALSE) ); + + $this->assertEquals( + '<img src="x"> on=\'x\' onerror=``,alert(1)>', + $this->security->remove_evil_attributes('<img src="x"> on=\'x\' onerror=``,alert(1)>', FALSE) + ); } // -------------------------------------------------------------------- |