CI_Security: Add <select> and <keygen> tags to the list of 'naughty' …

…HTML elements
bcit-ci · Jan 24, 2014 · c715b22 · c715b22
1 parent ee7633c
commit c715b22
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/system/core/Security.php b/system/core/Security.php
@@ -469,7 +469,7 @@ public function xss_clean($str, $is_image = FALSE)
 		 * So this: <blink>
 		 * Becomes: &lt;blink&gt;
 		 */
-		$naughty = 'alert|applet|audio|basefont|base|behavior|bgsound|blink|body|embed|expression|form|frameset|frame|head|html|ilayer|iframe|input|button|isindex|layer|link|meta|object|plaintext|style|script|textarea|title|video|xml|xss';
+		$naughty = 'alert|applet|audio|basefont|base|behavior|bgsound|blink|body|embed|expression|form|frameset|frame|head|html|ilayer|iframe|input|button|select|isindex|layer|link|meta|keygen|object|plaintext|style|script|textarea|title|video|xml|xss';
 		$str = preg_replace_callback('#<(/*\s*)('.$naughty.')([^><]*)([><]*)#is', array($this, '_sanitize_naughty_html'), $str);
 
 		/*