Skip to content
Permalink
Browse files

Making Sanitize::stripScripts() to remove multi-line script and style…

… blocks. Fixes #657
  • Loading branch information...
markstory committed May 4, 2010
1 parent 4e720d6 commit b079922b8fd7778ae64d0136088689d7d2f933ee
Showing with 28 additions and 2 deletions.
  1. +1 −1 cake/libs/sanitize.php
  2. +27 −1 cake/tests/cases/libs/sanitize.test.php
@@ -131,7 +131,7 @@ function stripImages($str) {
* @static
*/
function stripScripts($str) {
return preg_replace('/(<link[^>]+rel="[^"]*stylesheet"[^>]*>|<img[^>]*>|style="[^"]*")|<script[^>]*>.*?<\/script>|<style[^>]*>.*?<\/style>|<!--.*?-->/i', '', $str);
return preg_replace('/(<link[^>]+rel="[^"]*stylesheet"[^>]*>|<img[^>]*>|style="[^"]*")|<script[^>]*>.*?<\/script>|<style[^>]*>.*?<\/style>|<!--.*?-->/is', '', $str);
}
/**
* Strips extra whitespace, images, scripts and stylesheets from output
@@ -321,8 +321,34 @@ function testStripScripts() {
$expected = '';
$result = Sanitize::stripScripts($string);
$this->assertEqual($result, $expected);
$string = <<<HTML
text
<style type="text/css">
<!--
#content { display:none; }
-->
</style>
text
HTML;
$expected = "text\n\ntext";
$result = Sanitize::stripScripts($string);
$this->assertEqual($result, $expected);
$string = <<<HTML
text
<script type="text/javascript">
<!--
alert('wooo');
-->
</script>
text
HTML;
$expected = "text\n\ntext";
$result = Sanitize::stripScripts($string);
$this->assertEqual($result, $expected);
}
/**
/**
* testStripAll method
*
* @access public

0 comments on commit b079922

Please sign in to comment.
You can’t perform that action at this time.