improvements to xss_clean()

commit: 9959fedc755786c34cb5a671443701e8f2885617 [log] [tgz]
author: Derek Jones <derek.jones@ellislab.com> Wed Feb 04 20:37:40 2009 +0000
committer: Derek Jones <derek.jones@ellislab.com> Wed Feb 04 20:37:40 2009 +0000
tree: 94381278a3c27394bb0b8a508fb3c0d9327e72ab
parent: 2976adee7ca940cf1cfeb40d2f5e1beb608548a6 [diff] [blame]
diff --git a/system/libraries/Input.php b/system/libraries/Input.php
index 347aac3..e879e2d 100644
--- a/system/libraries/Input.php
+++ b/system/libraries/Input.php

@@ -47,9 +47,10 @@
 									);
 	/* never allowed, regex replacement */
 	var $never_allowed_regex = array(
-										"javascript\s*:"	=> '[removed]',
-										"expression\s*\("	=> '[removed]', // CSS and IE
-										"Redirect\s+302"	=> '[removed]'
+										"javascript\s*:"			=> '[removed]',
+										"expression\s*(\(|&\#40;)"	=> '[removed]', // CSS and IE
+										"vbscript\s*:"				=> '[removed]', // IE, surprise!
+										"Redirect\s+302"			=> '[removed]'
 									);
 
 	/**
@@ -946,7 +947,7 @@
 	*/
 	function _convert_attribute($match)
 	{
-		return str_replace(array('>', '<'), array('&gt;', '&lt;'), $match[0]);
+		return str_replace(array('>', '<', '\\'), array('&gt;', '&lt;', '\\\\'), $match[0]);
 	}
 
 	// --------------------------------------------------------------------
@@ -1043,7 +1044,7 @@
 		{
 			foreach ($matches[0] as $match)
 			{
-				$out .= "{$match}";
+				$out .= preg_replace("#/\*.*?\*/#s", '', $match);
 			}
 		}
commit	9959fedc755786c34cb5a671443701e8f2885617	[log] [tgz]
author	Derek Jones <derek.jones@ellislab.com>	Wed Feb 04 20:37:40 2009 +0000
committer	Derek Jones <derek.jones@ellislab.com>	Wed Feb 04 20:37:40 2009 +0000
tree	94381278a3c27394bb0b8a508fb3c0d9327e72ab
parent	2976adee7ca940cf1cfeb40d2f5e1beb608548a6 [diff] [blame]