From 0c734b52b648fd1c26546306ad578a90ef6f0f72 Mon Sep 17 00:00:00 2001
From: Derek Jones <derek.jones@ellislab.com>
Date: Wed, 27 Aug 2008 20:24:17 +0000
Subject: added isindex to the list of naughty never allowed tags in
 xss_clean()

---
 system/libraries/Input.php | 2 +-
 user_guide/changelog.html  | 1 +
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/system/libraries/Input.php b/system/libraries/Input.php
index dc5b5e5a9..2682ce316 100644
--- a/system/libraries/Input.php
+++ b/system/libraries/Input.php
@@ -728,7 +728,7 @@ class CI_Input {
 		 * Becomes: &lt;blink&gt;
 		 *
 		 */
-		$naughty = 'alert|applet|audio|basefont|base|behavior|bgsound|blink|body|embed|expression|form|frameset|frame|head|html|ilayer|iframe|input|layer|link|meta|object|plaintext|style|script|textarea|title|video|xml|xss';
+		$naughty = 'alert|applet|audio|basefont|base|behavior|bgsound|blink|body|embed|expression|form|frameset|frame|head|html|ilayer|iframe|input|isindex|layer|link|meta|object|plaintext|style|script|textarea|title|video|xml|xss';
 		$str = preg_replace_callback('#<(/*\s*)('.$naughty.')([^><]*)([><]*)#is', array($this, '_sanitize_naughty_html'), $str);
 
 		/*
diff --git a/user_guide/changelog.html b/user_guide/changelog.html
index b24b0810a..8675d71bd 100644
--- a/user_guide/changelog.html
+++ b/user_guide/changelog.html
@@ -87,6 +87,7 @@ SVN Revision: XXXX</p>
 		<ul>
 			<li>Improved performance and accuracy of xss_clean(), including reduction of false positives on image/file tests.</li>
 			<li>Added a few openxml document mime types, and an additional mobile agent to mimes.php and user_agents.php respectively.</li>
+			<li>Added sanitization in xss_clean() for a deprecated HTML tag that could be abused in user input in Internet Explorer.</li>
 		</ul>
 	</li>
 </ul>
-- 
cgit v1.2.3-24-g4f1b