From 57fa143448577b670d8dd0e02b6e4cf31c4a7cff Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Fri, 28 Oct 2016 17:46:31 +0300 Subject: [ci skip] xss_clean() hardening - percent-sign tag (IE) - data: URI scheme inclinding whitespace (Chrome) --- system/core/Security.php | 21 +++++++++++---------- user_guide_src/source/changelog.rst | 2 +- 2 files changed, 12 insertions(+), 11 deletions(-) diff --git a/system/core/Security.php b/system/core/Security.php index b9160a252..d0308c5f9 100644 --- a/system/core/Security.php +++ b/system/core/Security.php @@ -133,15 +133,16 @@ class CI_Security { * @var array */ protected $_never_allowed_str = array( - 'document.cookie' => '[removed]', - 'document.write' => '[removed]', - '.parentNode' => '[removed]', - '.innerHTML' => '[removed]', - '-moz-binding' => '[removed]', - '' => '-->', - ' '<![CDATA[', - '' => '<comment>' + 'document.cookie' => '[removed]', + 'document.write' => '[removed]', + '.parentNode' => '[removed]', + '.innerHTML' => '[removed]', + '-moz-binding' => '[removed]', + '' => '-->', + ' '<![CDATA[', + '' => '<comment>', + '<%' => '<%' ); /** @@ -924,7 +925,7 @@ class CI_Security { return str_replace( $match[1], preg_replace( - '#href=.*?(?:(?:alert|prompt|confirm)(?:\(|&\#40;)|javascript:|livescript:|mocha:|charset=|window\.|document\.|\.cookie|_filter_attributes($match[1]) ), diff --git a/user_guide_src/source/changelog.rst b/user_guide_src/source/changelog.rst index 4be0b31d3..2482c493c 100644 --- a/user_guide_src/source/changelog.rst +++ b/user_guide_src/source/changelog.rst @@ -9,7 +9,7 @@ Release Date: Not Released - **Security** - - Fixed a new URL-encoding attack vector in :doc:`Security Library ` method ``xss_clean()`` affecting Firefox. + - Fixed a number of new vulnerabilities in :doc:`Security Library ` method ``xss_clean()``. - General Changes -- cgit v1.2.3-24-g4f1b