Changeset a3e5b42 in github


Ignore:
Timestamp:
Apr 2, 2008 8:08:12 AM (5 years ago)
Author:
thomascube <thomas@…>
Branches:
master, HEAD, courier-fix, dev-browser-capabilities, pdo, release-0.6, release-0.7, release-0.8
Children:
5ec1132
Parents:
1affe9e
Message:

Remove evil css styles like expression() in HTML messages

File:
1 edited

Legend:

Unmodified
Added
Removed

  • program/include/main.inc

    r0c6f4b8 ra3e5b42  
    13781378/** 
    13791379 * Replace all css definitions with #container [def] 
     1380 * and remove css-inlined scripting 
    13801381 * 
    13811382 * @param string CSS source code 
     
    13871388  $a_css_values = array(); 
    13881389  $last_pos = 0; 
     1390   
     1391  // ignore the whole block if evil styles are detected 
     1392  if (stristr($source, 'expression') || stristr($source, 'behavior')) 
     1393    return ''; 
    13891394 
    13901395  // cut out all contents between { and } 
     
    13971402  } 
    13981403 
    1399   // remove html commends and add #container to each tag selector. 
     1404  // remove html comments and add #container to each tag selector. 
    14001405  // also replace body definition because we also stripped off the <body> tag 
    14011406  $styles = preg_replace( 
Note: See TracChangeset for help on using the changeset viewer.