From 003e6a73717ab9dbc02ff9785139545513c974da Mon Sep 17 00:00:00 2001
From: Hypolite Petovan <ben.lort@gmail.com>
Date: Sat, 19 Nov 2016 18:01:45 -0500
Subject: [PATCH] Improve BBCode javascript stripping regex

---
 include/bbcode.php | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/include/bbcode.php b/include/bbcode.php
index ebafc353a4..6a1630d1fc 100644
--- a/include/bbcode.php
+++ b/include/bbcode.php
@@ -1161,8 +1161,10 @@ function bbcode($Text,$preserve_nl = false, $tryoembed = true, $simplehtml = fal
 	$Text = preg_replace('/\&quot\;/','"',$Text);
 
 	// fix any escaped ampersands that may have been converted into links
-	$Text = preg_replace("/\<([^>]*?)(src|href)=(.*?)\&amp\;(.*?)\>/ism",'<$1$2=$3&$4>',$Text);
-	$Text = preg_replace("/\<([^>]*?)(src|href)=\"(?!http|ftp|mailto|gopher|cid)(.*?)\>/ism",'<$1$2="">',$Text);
+	$Text = preg_replace('/\<([^>]*?)(src|href)=(.*?)\&amp\;(.*?)\>/ism', '<$1$2=$3&$4>', $Text);
+
+	// removes potentially harmful javascript in src/href
+	$Text = preg_replace('/\<([^>]*?)(src|href)="javascript(.*?)\>/ism', '', $Text);
 
 	if($saved_image)
 		$Text = bb_replace_images($Text, $saved_image);