class CI_Input - function xss_clean($str)

[eluser]koala1[/eluser]
Code Igniter 1.5.4

Code:

$str="javascript";

Code:

$words = array('javascript', 'expression', 'vbscript', 'script', 'applet', 'alert', 'document', 'write', 'cookie', 'window');
        foreach ($words as $word)
        {
            $temp = '';
            $strlen_word = strlen($word);
            for ($i = 0; $i < $strlen_word; $i++)
            {
                $temp .= substr($word, $i, 1)."\s*";
            }
            
            // We only want to do this when it is followed by a non-word character
            // That way valid stuff like "dealer to" does not become "dealerto"
            $str = preg_replace('#('.substr($temp, 0, -3).')(\W)#ise', "preg_replace('/\s+/s', '', '\\1').'\\2'", $str);
        }

Code:

echo "str -> ".$str."<br />"; // output => javascript <= with spaces

Code Igniter 1.4.1

Code:

$str="javascript";

Code:

$words = array('javascript', 'vbscript', 'script', 'applet', 'alert', 'document', 'write', 'cookie', 'window');
        foreach ($words as $word)
        {
            $temp = '';
            $count = strlen($word);
            for ($i = 0; $i < $count; $i++)
            {
                $temp .= substr($word, $i, 1)."\s*";
            }
            
            $temp = substr($temp, 0, -3);
            $str = preg_replace('#'.$temp.'#s', $word, $str);
            $str = preg_replace('#'.ucfirst($temp).'#s', ucfirst($word), $str);
        }

Code:

echo "str -> ".$str."<br />"; // output => javascript <= without spaces