summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorDerek Jones <derek.jones@ellislab.com>2008-08-27 22:24:17 +0200
committerDerek Jones <derek.jones@ellislab.com>2008-08-27 22:24:17 +0200
commit0c734b52b648fd1c26546306ad578a90ef6f0f72 (patch)
treeabbc22f80f25741ec6ccef8febc4b6d2bd34719a
parent9dee6ec7bf77e15a1227785292e507f1a6126a8f (diff)
added isindex to the list of naughty never allowed tags in xss_clean()
-rw-r--r--system/libraries/Input.php2
-rw-r--r--user_guide/changelog.html1
2 files changed, 2 insertions, 1 deletions
diff --git a/system/libraries/Input.php b/system/libraries/Input.php
index dc5b5e5a9..2682ce316 100644
--- a/system/libraries/Input.php
+++ b/system/libraries/Input.php
@@ -728,7 +728,7 @@ class CI_Input {
* Becomes: &lt;blink&gt;
*
*/
- $naughty = 'alert|applet|audio|basefont|base|behavior|bgsound|blink|body|embed|expression|form|frameset|frame|head|html|ilayer|iframe|input|layer|link|meta|object|plaintext|style|script|textarea|title|video|xml|xss';
+ $naughty = 'alert|applet|audio|basefont|base|behavior|bgsound|blink|body|embed|expression|form|frameset|frame|head|html|ilayer|iframe|input|isindex|layer|link|meta|object|plaintext|style|script|textarea|title|video|xml|xss';
$str = preg_replace_callback('#<(/*\s*)('.$naughty.')([^><]*)([><]*)#is', array($this, '_sanitize_naughty_html'), $str);
/*
diff --git a/user_guide/changelog.html b/user_guide/changelog.html
index b24b0810a..8675d71bd 100644
--- a/user_guide/changelog.html
+++ b/user_guide/changelog.html
@@ -87,6 +87,7 @@ SVN Revision: XXXX</p>
<ul>
<li>Improved performance and accuracy of xss_clean(), including reduction of false positives on image/file tests.</li>
<li>Added a few openxml document mime types, and an additional mobile agent to mimes.php and user_agents.php respectively.</li>
+ <li>Added sanitization in xss_clean() for a deprecated HTML tag that could be abused in user input in Internet Explorer.</li>
</ul>
</li>
</ul>