Skip to content
Permalink
Browse files Browse the repository at this point in the history
Merge pull request from GHSA-fh7r-996q-gvcp
add missing events in isCleanHtml
  • Loading branch information
mflasquin committed Apr 25, 2023
2 parents 0f2a9b7 + 10c25a8 commit dc68219
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion classes/Validate.php
Expand Up @@ -486,7 +486,7 @@ public static function isCleanHtml($html, $allow_iframe = false)
$events .= '|onbounce|oncellchange|oncontextmenu|oncontrolselect|oncopy|oncut|ondataavailable|ondatasetchanged|ondatasetcomplete|ondeactivate|ondrag|ondragend|ondragenter|onmousewheel';
$events .= '|ondragleave|ondragover|ondragstart|ondrop|onerrorupdate|onfilterchange|onfinish|onfocusin|onfocusout|onhashchange|onhelp|oninput|onlosecapture|onmessage|onmouseup|onmovestart';
$events .= '|onoffline|ononline|onpaste|onpropertychange|onreadystatechange|onresizeend|onresizestart|onrowenter|onrowexit|onrowsdelete|onrowsinserted|onscroll|onsearch|onselectionchange';
$events .= '|onselectstart|onstart|onstop';
$events .= '|onselectstart|onstart|onstop|onanimationcancel|onanimationend|onanimationiteration|onanimationstart';

if (preg_match('/<[\s]*script/ims', $html) || preg_match('/(' . $events . ')[\s]*=/ims', $html) || preg_match('/.*script\:/ims', $html)) {
return false;
Expand Down

0 comments on commit dc68219

Please sign in to comment.