Skip to content

Commit

Permalink
Merge remote-tracking branch 'GHSA-xw2r-f8xv-c8xp/fix-advisory-1' int…
Browse files Browse the repository at this point in the history
…o release/8.1.1
  • Loading branch information
mflasquin committed Jul 20, 2023
2 parents 817847e + aff4bc6 commit afc14f8
Showing 1 changed file with 1 addition and 0 deletions.
1 change: 1 addition & 0 deletions classes/Validate.php
Original file line number Diff line number Diff line change
Expand Up @@ -521,6 +521,7 @@ public static function isCleanHtml($html, $allow_iframe = false)
$events .= '|ondragleave|ondragover|ondragstart|ondrop|onerrorupdate|onfilterchange|onfinish|onfocusin|onfocusout|onhashchange|onhelp|oninput|onlosecapture|onmessage|onmouseup|onmovestart';
$events .= '|onoffline|ononline|onpaste|onpropertychange|onreadystatechange|onresizeend|onresizestart|onrowenter|onrowexit|onrowsdelete|onrowsinserted|onscroll|onsearch|onselectionchange';
$events .= '|onselectstart|onstart|onstop|onanimationcancel|onanimationend|onanimationiteration|onanimationstart';
$events .= '|onpointerover|onpointerenter|onpointerdown|onpointermove|onpointerup|onpointerout|onpointerleave|onpointercancel|ongotpointercapture|onlostpointercapture';

if (preg_match('/<[\s]*script/ims', $html) || preg_match('/(' . $events . ')[\s]*=/ims', $html) || preg_match('/.*script\:/ims', $html)) {
return false;
Expand Down

0 comments on commit afc14f8

Please sign in to comment.