strk/friendica
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

Improve BBCode javascript stripping regex

Browse source
This commit is contained in:
Hypolite Petovan 2016-11-19 18:01:45 -05:00
parent c2eb2f460b
commit 003e6a7371
1 changed files with 4 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
include/bbcode.php
View file

@ -1161,8 +1161,10 @@ function bbcode($Text,$preserve_nl = false, $tryoembed = true, $simplehtml = fal
$Text = preg_replace('/\&quot\;/','"',$Text); $Text = preg_replace('/\&quot\;/','"',$Text);
// fix any escaped ampersands that may have been converted into links // fix any escaped ampersands that may have been converted into links
$Text = preg_replace("/\<([^>]*?)(src|href)=(.*?)\&amp\;(.*?)\>/ism",'<$1$2=$3&$4>',$Text); $Text = preg_replace('/\<([^>]*?)(src|href)=(.*?)\&amp\;(.*?)\>/ism', '<$1$2=$3&$4>', $Text);
$Text = preg_replace("/\<([^>]*?)(src|href)=\"(?!http|ftp|mailto|gopher|cid)(.*?)\>/ism",'<$1$2="">',$Text);
// removes potentially harmful javascript in src/href
$Text = preg_replace('/\<([^>]*?)(src|href)="javascript(.*?)\>/ism', '', $Text);
if($saved_image) if($saved_image)
$Text = bb_replace_images($Text, $saved_image); $Text = bb_replace_images($Text, $saved_image);