From 9b8286cf0320c8d8864ce4a5fc892c06787a9762 Mon Sep 17 00:00:00 2001
From: Andrey Andreev <narf@devilix.net>
Date: Tue, 5 Aug 2014 11:46:57 +0300
Subject: Fix #3123

---
 system/core/Security.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/system/core/Security.php b/system/core/Security.php
index 68e345c54..741ff229b 100755
--- a/system/core/Security.php
+++ b/system/core/Security.php
@@ -370,7 +370,7 @@ class CI_Security {
 		 * We only convert entities that are within tags since
 		 * these are the ones that will pose security problems.
 		 */
-		$str = preg_replace_callback("/[a-z]+=([\'\"]).*?\\1/si", array($this, '_convert_attribute'), $str);
+		$str = preg_replace_callback("/[^a-z0-9>]+[a-z0-9]+=([\'\"]).*?\\1/si", array($this, '_convert_attribute'), $str);
 		$str = preg_replace_callback('/<\w+.*/si', array($this, '_decode_entity'), $str);
 
 		// Remove Invisible Characters Again!
-- 
cgit v1.2.3-24-g4f1b