added isindex to the list of naughty never allowed tags in xss_clean()
diff --git a/system/libraries/Input.php b/system/libraries/Input.php
index dc5b5e5..2682ce3 100644
--- a/system/libraries/Input.php
+++ b/system/libraries/Input.php
@@ -728,7 +728,7 @@
* Becomes: <blink>
*
*/
- $naughty = 'alert|applet|audio|basefont|base|behavior|bgsound|blink|body|embed|expression|form|frameset|frame|head|html|ilayer|iframe|input|layer|link|meta|object|plaintext|style|script|textarea|title|video|xml|xss';
+ $naughty = 'alert|applet|audio|basefont|base|behavior|bgsound|blink|body|embed|expression|form|frameset|frame|head|html|ilayer|iframe|input|isindex|layer|link|meta|object|plaintext|style|script|textarea|title|video|xml|xss';
$str = preg_replace_callback('#<(/*\s*)('.$naughty.')([^><]*)([><]*)#is', array($this, '_sanitize_naughty_html'), $str);
/*
diff --git a/user_guide/changelog.html b/user_guide/changelog.html
index b24b081..8675d71 100644
--- a/user_guide/changelog.html
+++ b/user_guide/changelog.html
@@ -87,6 +87,7 @@
<ul>
<li>Improved performance and accuracy of xss_clean(), including reduction of false positives on image/file tests.</li>
<li>Added a few openxml document mime types, and an additional mobile agent to mimes.php and user_agents.php respectively.</li>
+ <li>Added sanitization in xss_clean() for a deprecated HTML tag that could be abused in user input in Internet Explorer.</li>
</ul>
</li>
</ul>