From 391eb03004deee85b9b0e978982950723b9742b5 Mon Sep 17 00:00:00 2001
From: paulburdick <devnull@localhost>
Date: Wed, 27 Jun 2007 22:58:24 +0000
Subject: Improved XSS clean to not allowing this:

xss_clean("<x<xss>ss <scr<xss>ipt a='>'>alert/**/('!');//*/</script</script >>");
---
 system/libraries/Input.php | 16 ++++++++++++----
 1 file changed, 12 insertions(+), 4 deletions(-)

(limited to 'system')

diff --git a/system/libraries/Input.php b/system/libraries/Input.php
index 51d4ed288..f9d23ae79 100644
--- a/system/libraries/Input.php
+++ b/system/libraries/Input.php
@@ -588,10 +588,18 @@ class CI_Input {
 	
 		/*
 		 * Remove disallowed Javascript in links or img tags
-		 */		
-		$str = preg_replace_callback("#<a.*?</a>#si", array($this, '_js_link_removal'), $str);
-		$str = preg_replace_callback("#<img.*?>#si", array($this, '_js_img_removal'), $str);
-	 	$str = preg_replace("#<(script|xss).*?\>#si", "", $str);
+		 */
+		do
+		{
+			$original = $str;
+		
+			$str = preg_replace_callback("#<a.*?</a>#si", array($this, '_js_link_removal'), $str);
+			$str = preg_replace_callback("#<img.*?>#si", array($this, '_js_img_removal'), $str);
+			$str = preg_replace("#</*(script|xss).*?\>#si", "", $str);
+		}
+		while($original != $str);
+		
+		unset($original);
 
 		/*
 		 * Remove JavaScript Event Handlers
-- 
cgit v1.2.3-24-g4f1b