diff options
author | Derek Jones <derek.jones@ellislab.com> | 2008-08-27 22:24:17 +0200 |
---|---|---|
committer | Derek Jones <derek.jones@ellislab.com> | 2008-08-27 22:24:17 +0200 |
commit | 0c734b52b648fd1c26546306ad578a90ef6f0f72 (patch) | |
tree | abbc22f80f25741ec6ccef8febc4b6d2bd34719a /system | |
parent | 9dee6ec7bf77e15a1227785292e507f1a6126a8f (diff) |
added isindex to the list of naughty never allowed tags in xss_clean()
Diffstat (limited to 'system')
-rw-r--r-- | system/libraries/Input.php | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/system/libraries/Input.php b/system/libraries/Input.php index dc5b5e5a9..2682ce316 100644 --- a/system/libraries/Input.php +++ b/system/libraries/Input.php @@ -728,7 +728,7 @@ class CI_Input { * Becomes: <blink>
*
*/
- $naughty = 'alert|applet|audio|basefont|base|behavior|bgsound|blink|body|embed|expression|form|frameset|frame|head|html|ilayer|iframe|input|layer|link|meta|object|plaintext|style|script|textarea|title|video|xml|xss';
+ $naughty = 'alert|applet|audio|basefont|base|behavior|bgsound|blink|body|embed|expression|form|frameset|frame|head|html|ilayer|iframe|input|isindex|layer|link|meta|object|plaintext|style|script|textarea|title|video|xml|xss';
$str = preg_replace_callback('#<(/*\s*)('.$naughty.')([^><]*)([><]*)#is', array($this, '_sanitize_naughty_html'), $str);
/*
|