2 files changed, 2 insertions, 1 deletions

diff --git a/system/libraries/Input.php b/system/libraries/Input.php
index dc5b5e5a9..2682ce316 100644
--- a/system/libraries/Input.php
+++ b/system/libraries/Input.php
@@ -728,7 +728,7 @@ class CI_Input {
 		 * Becomes: <blink>

 		 *

 		 */

-		$naughty = 'alert|applet|audio|basefont|base|behavior|bgsound|blink|body|embed|expression|form|frameset|frame|head|html|ilayer|iframe|input|layer|link|meta|object|plaintext|style|script|textarea|title|video|xml|xss';

+		$naughty = 'alert|applet|audio|basefont|base|behavior|bgsound|blink|body|embed|expression|form|frameset|frame|head|html|ilayer|iframe|input|isindex|layer|link|meta|object|plaintext|style|script|textarea|title|video|xml|xss';

 		$str = preg_replace_callback('#<(/*\s*)('.$naughty.')([^><]*)([><]*)#is', array($this, '_sanitize_naughty_html'), $str);

 

 		/*

diff --git a/user_guide/changelog.html b/user_guide/changelog.html
index b24b0810a..8675d71bd 100644
--- a/user_guide/changelog.html
+++ b/user_guide/changelog.html
@@ -87,6 +87,7 @@ SVN Revision: XXXX</p>
 		<ul>

 			<li>Improved performance and accuracy of xss_clean(), including reduction of false positives on image/file tests.</li>

 			<li>Added a few openxml document mime types, and an additional mobile agent to mimes.php and user_agents.php respectively.</li>

+			<li>Added sanitization in xss_clean() for a deprecated HTML tag that could be abused in user input in Internet Explorer.</li>

 		</ul>

 	</li>

 </ul>