Improve on previous commit
diff --git a/system/core/Security.php b/system/core/Security.php
index 829aac7..ca0991a 100644
--- a/system/core/Security.php
+++ b/system/core/Security.php
@@ -795,7 +795,7 @@
.')*' // end optional attributes group
.')' // end catching evil attribute prefix
// evil attribute starts here
- .'([\s\042\047>/=]+' // non-attribute characters (we'll replace that with a single space)
+ .'([\s\042\047/=]+' // non-attribute characters (we'll replace that with a single space), again excluding '>'
.'('.implode('|', $evil_attributes).')'
.'\s*=\s*' // attribute-value separator
.'(\042[^042]+\042|\047[^047]+\047|[^\s\042\047=><`]+)' // attribute value; single, double or non-quotes
diff --git a/tests/codeigniter/core/Security_test.php b/tests/codeigniter/core/Security_test.php
index ed08384..d091280 100644
--- a/tests/codeigniter/core/Security_test.php
+++ b/tests/codeigniter/core/Security_test.php
@@ -164,6 +164,11 @@
'<img src="on=\'">"<svg> onerror=alert(1) onmouseover=alert(1)>',
$this->security->remove_evil_attributes('<img src="on=\'">"<svg> onerror=alert(1) onmouseover=alert(1)>', FALSE)
);
+
+ $this->assertEquals(
+ '<img src="x"> on=\'x\' onerror=``,alert(1)>',
+ $this->security->remove_evil_attributes('<img src="x"> on=\'x\' onerror=``,alert(1)>', FALSE)
+ );
}
// --------------------------------------------------------------------