CI_Security::_decode_entity() to replace dangerous HTML5 entities

Related to issue #2771
author: Andrey Andreev <narf@devilix.net> 2014-01-22 12:26:00 +0100
committer: Andrey Andreev <narf@devilix.net> 2014-01-22 12:26:00 +0100
commit: c67c3fbb8e16b1ffb79c72bb91db04fcb005b2b1 (patch)
tree: 164976f99b4ec312c8442ac0f33747b3593115b8 /user_guide_src
parent: 4356806dc0298363217694d727db9cad84a073e0 (diff)
1 files changed, 2 insertions, 1 deletions
diff --git a/user_guide_src/source/changelog.rst b/user_guide_src/source/changelog.rst
index ae2900761..513050159 100644
--- a/user_guide_src/source/changelog.rst
+++ b/user_guide_src/source/changelog.rst
@@ -685,7 +685,8 @@ Bug fixes for 3.0
 -  Fixed a bug where :doc:`User Agent Library <libraries/user_agent>` methods ``accept_charset()`` and ``accept_lang()`` didn't properly parse HTTP headers that contain spaces.
 -  Fixed a bug where *default_controller* was called instad of triggering a 404 error if the current route is in a controller directory.
 -  Fixed a bug (#2737) - :doc:`XML-RPC Library <libraries/xmlrpc>` used objects as array keys, which triggered E_NOTICE messages.
--  Fixed a bug (#2729) - ``CI_Securty::_validate_entities()`` used overly-intrusive ``preg_replace()`` patterns that produced false-positives.
+-  Fixed a bug (#2729) - ``CI_Security::_validate_entities()`` used overly-intrusive ``preg_replace()`` patterns that produced false-positives.
+-  Fixed a bug (#2771) - ``CI_Security::xss_clean()`` didn't take into account HTML5 entities.
 
 Version 2.1.4
 =============
author	Andrey Andreev <narf@devilix.net>	2014-01-22 12:26:00 +0100
committer	Andrey Andreev <narf@devilix.net>	2014-01-22 12:26:00 +0100
commit	c67c3fbb8e16b1ffb79c72bb91db04fcb005b2b1 (patch)
tree	164976f99b4ec312c8442ac0f33747b3593115b8 /user_guide_src
parent	4356806dc0298363217694d727db9cad84a073e0 (diff)