Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter Forums Archived Discussions Archived Development & Programming About 2.1.0 CI_Security class
About 2.1.0 CI_Security class
  • El Forum
    Guest
  •  
#1
03-31-2012, 05:07 AM

[eluser]paperen[/eluser]
CI version 2.1.0

Code:
$str = '<p style="margin-top:0.4em;margin-bottom:0.5em;line-height:19px;font-family:sans-serif;font-size:13px;white-space:normal;background-color:#FFFFFF;">Broken p</p>';
// <p  p</p>
echo $this->security->xss_clean( $str );
exit;


I think there's something wrong with this regex in _remove_evil_attributes function

Code:
$str = preg_replace("/<(/?[^><]+?)([^A-Za-z-])(".implode('|', $attribs).")([s><])([><]*)/i", '<$1$2$4$5', $str, -1, $count);

But i can't fix it :-D


Messages In This Thread
About 2.1.0 CI_Security class - by El Forum - 03-31-2012, 05:07 AM
About 2.1.0 CI_Security class - by El Forum - 03-31-2012, 09:45 AM
About 2.1.0 CI_Security class - by El Forum - 03-31-2012, 12:23 PM
About 2.1.0 CI_Security class - by El Forum - 03-31-2012, 06:14 PM
About 2.1.0 CI_Security class - by El Forum - 03-31-2012, 06:39 PM
About 2.1.0 CI_Security class - by El Forum - 04-01-2012, 04:50 AM
About 2.1.0 CI_Security class - by El Forum - 08-02-2012, 01:44 AM



Theme © iAndrew 2016 - Forum software by © MyBB