Welcome Guest, Not a member yet? Register   Sign In
xss_clean stripping '/' from self-closing tags

This might not be a bug...

I have set global_xss_filtering to true in my config.php and have noticed that it removes the forward slash at the end of self closing tags.

Has anyone any idea what I modify to stop then from being stripped?

[eluser]Derek Allard[/eluser]
could you give an example of how to re-create? Just submit "<something />"?

Yes, I am trying to add &lt;img src="whatever" height="100" width="100" alt="something" /&gt; and the forward slash is being removed.

EDIT: I just noticed it is happening in these forum posts too.... If you add an image tag without converting the &lt; and &gt; to html entities and then try to edit your post, you will see the forward slash no longer exists in the edit.

[eluser]Derek Allard[/eluser]
Oh, its for images. Yes, I know what this is. Its from the input library around 686. I'll need to look into this in more detail. Is this "mission critical" for you? I may be able to help you with a workaround if so.

It's not mission critical... I've only got a silly little blog that I'm playing with and it was making my XHTML invalid. In the meantime I've just changed the values in the DB hah!

Please keep me posted though Smile

I'll have a poke around line 686 later today and see if I can resolve it temporarily.

[eluser]Derek Jones[/eluser]
Fixed in the SVN, you can grab the new file from the repository, JJenZz. Thanks for reporting!

Theme © iAndrew 2016 - Forum software by © MyBB