• 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
xss_clean stripping '/' from self-closing tags

#1
[eluser]JJenZz[/eluser]
This might not be a bug...

I have set global_xss_filtering to true in my config.php and have noticed that it removes the forward slash at the end of self closing tags.

Has anyone any idea what I modify to stop then from being stripped?

#2
[eluser]Derek Allard[/eluser]
could you give an example of how to re-create? Just submit "<something />"?

#3
[eluser]JJenZz[/eluser]
Yes, I am trying to add &lt;img src="whatever" height="100" width="100" alt="something" /&gt; and the forward slash is being removed.

EDIT: I just noticed it is happening in these forum posts too.... If you add an image tag without converting the &lt; and &gt; to html entities and then try to edit your post, you will see the forward slash no longer exists in the edit.

#4
[eluser]Derek Allard[/eluser]
Oh, its for images. Yes, I know what this is. Its from the input library around 686. I'll need to look into this in more detail. Is this "mission critical" for you? I may be able to help you with a workaround if so.

#5
[eluser]JJenZz[/eluser]
It's not mission critical... I've only got a silly little blog that I'm playing with and it was making my XHTML invalid. In the meantime I've just changed the values in the DB hah!

Please keep me posted though Smile

I'll have a poke around line 686 later today and see if I can resolve it temporarily.

#6
[eluser]Derek Jones[/eluser]
Fixed in the SVN, you can grab the new file from the repository, JJenZz. Thanks for reporting!


Digg   Delicious   Reddit   Facebook   Twitter   StumbleUpon  


  Theme © 2014 iAndrew  
Powered By MyBB, © 2002-2021 MyBB Group.