Another xss_clean() improvement
Fixes this: https://github.com/EllisLab/CodeIgniter/issues/2667#issuecomment-37958136
diff --git a/system/core/Security.php b/system/core/Security.php
index 1dfea18..a4d8c95 100644
--- a/system/core/Security.php
+++ b/system/core/Security.php
@@ -454,12 +454,12 @@
if (preg_match('/<a/i', $str))
{
- $str = preg_replace_callback('#<a[\s\d"\'`;/=,\(\\\\]+([^>]*?)(?:>|$)#si', array($this, '_js_link_removal'), $str);
+ $str = preg_replace_callback('#<a[^a-z0-9]+([^>]*?)(?:>|$)#si', array($this, '_js_link_removal'), $str);
}
if (preg_match('/<img/i', $str))
{
- $str = preg_replace_callback('#<img[\s\d"\'`;/=,\(\\\\]+([^>]*?)(?:\s?/?>|$)#si', array($this, '_js_img_removal'), $str);
+ $str = preg_replace_callback('#<img[^a-z0-9]+([^>]*?)(?:\s?/?>|$)#si', array($this, '_js_img_removal'), $str);
}
if (preg_match('/script|xss/i', $str))