*Updated the XSS Filtering to take into account the IE expression() ability
diff --git a/system/libraries/Input.php b/system/libraries/Input.php
index 1ff72877b..dc4e605 100644
--- a/system/libraries/Input.php
+++ b/system/libraries/Input.php
@@ -528,9 +528,12 @@
*/
$bad = array(
'document.cookie' => '[removed]',
+ '.parentNode' => '[removed]',
+ '.innerHTML' => '[removed]',
'document.write' => '[removed]',
'window.location' => '[removed]',
"javascript\s*:" => '[removed]',
+ "expression\s*\(" => '[removed]', // CSS and IE
"Redirect\s+302" => '[removed]',
'<!--' => '<!--',
'-->' => '-->'
@@ -626,7 +629,7 @@
* Becomes: eval('some code')
*
*/
- $str = preg_replace('#(alert|cmd|passthru|eval|exec|system|fopen|fsockopen|file|file_get_contents|readfile|unlink)(\s*)\((.*?)\)#si', "\\1\\2(\\3)", $str);
+ $str = preg_replace('#(alert|cmd|passthru|eval|exec|expression|system|fopen|fsockopen|file|file_get_contents|readfile|unlink)(\s*)\((.*?)\)#si', "\\1\\2(\\3)", $str);
/*
* Final clean up
@@ -637,9 +640,12 @@
*/
$bad = array(
'document.cookie' => '[removed]',
+ '.parentNode' => '[removed]',
+ '.innerHTML' => '[removed]',
'document.write' => '[removed]',
'window.location' => '[removed]',
"javascript\s*:" => '[removed]',
+ "expression\s*\(" => '[removed]', // CSS and IE
"Redirect\s+302" => '[removed]',
'<!--' => '<!--',
'-->' => '-->'