Skip to content
Permalink
Browse files Browse the repository at this point in the history
Merge pull request from GHSA-fh7r-996q-gvcp
add missing events in isCleanHtml
  • Loading branch information
mflasquin committed Apr 25, 2023
2 parents d1d27dc + d9ee2d1 commit 46408ae
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion classes/Validate.php
Expand Up @@ -511,7 +511,7 @@ public static function isCleanHtml($html, $allow_iframe = false)
$events .= '|onbounce|oncellchange|oncontextmenu|oncontrolselect|oncopy|oncut|ondataavailable|ondatasetchanged|ondatasetcomplete|ondeactivate|ondrag|ondragend|ondragenter|onmousewheel';
$events .= '|ondragleave|ondragover|ondragstart|ondrop|onerrorupdate|onfilterchange|onfinish|onfocusin|onfocusout|onhashchange|onhelp|oninput|onlosecapture|onmessage|onmouseup|onmovestart';
$events .= '|onoffline|ononline|onpaste|onpropertychange|onreadystatechange|onresizeend|onresizestart|onrowenter|onrowexit|onrowsdelete|onrowsinserted|onscroll|onsearch|onselectionchange';
$events .= '|onselectstart|onstart|onstop';
$events .= '|onselectstart|onstart|onstop|onanimationcancel|onanimationend|onanimationiteration|onanimationstart';

if (preg_match('/<[\s]*script/ims', $html) || preg_match('/(' . $events . ')[\s]*=/ims', $html) || preg_match('/.*script\:/ims', $html)) {
return false;
Expand Down

0 comments on commit 46408ae

Please sign in to comment.