diff options
author | Derek Jones <derek.jones@ellislab.com> | 2008-06-04 20:20:18 +0200 |
---|---|---|
committer | Derek Jones <derek.jones@ellislab.com> | 2008-06-04 20:20:18 +0200 |
commit | c04f0fc794c503ca957257f29fc6fc2bed7bd6fa (patch) | |
tree | c82158c9f8c1f6c1a88c022301cb4463631034a0 /system | |
parent | 7e98a2780131b01d7ecea5e3e4d363ae9601149d (diff) |
emendation to on* event handler removal
Diffstat (limited to 'system')
-rw-r--r-- | system/libraries/Input.php | 5 |
1 files changed, 2 insertions, 3 deletions
diff --git a/system/libraries/Input.php b/system/libraries/Input.php index b111108eb..c2c28fb15 100644 --- a/system/libraries/Input.php +++ b/system/libraries/Input.php @@ -757,7 +757,7 @@ class CI_Input { * but it's unlikely to be a problem.
*
*/
- $event_handlers = array('xmlns');
+ $event_handlers = array('on\w*','xmlns');
if ($is_image === TRUE)
{
@@ -768,8 +768,7 @@ class CI_Input { unset($event_handlers[array_search('xmlns', $event_handlers)]);
}
- $str = preg_replace("#<([^><]+)((?=on\w*)|".implode('|', $event_handlers).")(\s*=\s*[^><]*)([><]*)#i", "<\\1\\4", $str);
-
+ $str = preg_replace("#<([^><]+)(".implode('|', $event_handlers).")(\s*=\s*[^><]*)([><]*)#i", "<\\1\\4", $str);
/*
* Sanitize naughty HTML elements
*
|