summaryrefslogtreecommitdiffstats
path: root/system/core
diff options
context:
space:
mode:
authorAndrey Andreev <narf@devilix.net>2014-01-07 11:45:27 +0100
committerAndrey Andreev <narf@devilix.net>2014-01-07 11:45:27 +0100
commit1bbc5644b0c306ff72dc1228b169db56902fc031 (patch)
tree2741549bddcfec682d6e05f402f825c1d3fa1c61 /system/core
parentdc53d7b68adc6fdc8d0917ee2d29f5670ff82b45 (diff)
Fix #2268 (manually implementing PR #2269)
Diffstat (limited to 'system/core')
-rw-r--r--system/core/Security.php6
1 files changed, 3 insertions, 3 deletions
diff --git a/system/core/Security.php b/system/core/Security.php
index 9423f825c..0944fef92 100644
--- a/system/core/Security.php
+++ b/system/core/Security.php
@@ -117,7 +117,6 @@ class CI_Security {
'document.write' => '[removed]',
'.parentNode' => '[removed]',
'.innerHTML' => '[removed]',
- 'window.location' => '[removed]',
'-moz-binding' => '[removed]',
'<!--' => '&lt;!--',
'-->' => '--&gt;',
@@ -132,6 +131,7 @@ class CI_Security {
*/
protected $_never_allowed_regex = array(
'javascript\s*:',
+ '(document|(document\.)?window)\.(location|on\w*)',
'expression\s*(\(|&\#40;)', // CSS and IE
'vbscript\s*:', // IE, surprise!
'Redirect\s+302',
@@ -648,8 +648,8 @@ class CI_Security {
*/
protected function _remove_evil_attributes($str, $is_image)
{
- // All javascript event handlers (e.g. onload, onclick, onmouseover), style, and xmlns
- $evil_attributes = array('on\w*', 'style', 'xmlns', 'formaction');
+ // Formaction, style, and xmlns
+ $evil_attributes = array('style', 'xmlns', 'formaction');
if ($is_image === TRUE)
{