summaryrefslogtreecommitdiffstats
path: root/system/libraries/Input.php
diff options
context:
space:
mode:
Diffstat (limited to 'system/libraries/Input.php')
-rw-r--r--system/libraries/Input.php6
1 files changed, 3 insertions, 3 deletions
diff --git a/system/libraries/Input.php b/system/libraries/Input.php
index ac6b864e9..7465021c6 100644
--- a/system/libraries/Input.php
+++ b/system/libraries/Input.php
@@ -680,12 +680,12 @@ class CI_Input {
if (preg_match("/<a/i", $str))
{
- $str = preg_replace_callback("#<a\s*([^>]*?)(>|$)#si", array($this, '_js_link_removal'), $str);
+ $str = preg_replace_callback("#<a\s+([^>]*?)(>|$)#si", array($this, '_js_link_removal'), $str);
}
if (preg_match("/<img/i", $str))
{
- $str = preg_replace_callback("#<img\s*([^>]*?)(>|$)#si", array($this, '_js_img_removal'), $str);
+ $str = preg_replace_callback("#<img\s+([^>]*?)(>|$)#si", array($this, '_js_img_removal'), $str);
}
if (preg_match("/script/i", $str) OR preg_match("/xss/i", $str))
@@ -705,7 +705,7 @@ class CI_Input {
* but it's unlikely to be a problem.
*
*/
- $event_handlers = array('[^a-z]on\w*','xmlns');
+ $event_handlers = array('[^a-z_\-]on\w*','xmlns');
if ($is_image === TRUE)
{