Opened 6 years ago
Closed 6 years ago
#1484200 closed Feature Patches (fixed)
For Thomas
| Reported by: | alexey_dv | Owned by: | thomasb |
|---|---|---|---|
| Priority: | 5 | Milestone: | |
| Component: | PHP backend | Version: | git-master |
| Severity: | normal | Keywords: | html events |
| Cc: |
Description
Thomas, hello,
You have changed a part of a code:
- $body = preg_replace('/(<[^!][^>]*?\s)(on\w+?)(=[^>]*?>)/im', '$1__removed=$3', $body);
+ $body = preg_replace('/(<[^!][^>]*?\s)(on[^=]+)(=[^>]*?>)/im', '$1__removed=$3', $body);
Test example:
<img src="..." alt="Picture on test page"/> The text which will be destroyed... <a href="Thanks"> It is safe, but incorrectly </a>
Result after parsing:
<img src="..." alt="Logo __removed=="Thanks"> It is safe, but incorrectly </a>
It is possible to use:
+ $body = preg_replace('/(<[^!][^>]*?\s)(on[^=>]+)(=[^>]*?>)/im', '$1__removed$3', $body);
or:
+ $body = preg_replace('/(<[^!][^>]*?\s)(on[^\W\S]+)(=[^>]*?>)/im', '$1__removed$3', $body);
Change History (1)
comment:1 Changed 6 years ago by thomasb
- Resolution set to fixed
- Status changed from new to closed
Note: See
TracTickets for help on using
tickets.
I prefer to use (on[^=>]+) because <img onload.="alert(document.cookie)" /> works fine in any browser and is not removed with (on[^\W\S]+)
Sorry for destroying all your patches again.