Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

Making Sanitize::stripScripts() to remove multi-line script and style…

… blocks. Fixes #657
  • Loading branch information...
commit b079922b8fd7778ae64d0136088689d7d2f933ee 1 parent 4e720d6
@markstory markstory authored
Showing with 28 additions and 2 deletions.
  1. +1 −1  cake/libs/sanitize.php
  2. +27 −1 cake/tests/cases/libs/sanitize.test.php
View
2  cake/libs/sanitize.php
@@ -131,7 +131,7 @@ function stripImages($str) {
* @static
*/
function stripScripts($str) {
- return preg_replace('/(<link[^>]+rel="[^"]*stylesheet"[^>]*>|<img[^>]*>|style="[^"]*")|<script[^>]*>.*?<\/script>|<style[^>]*>.*?<\/style>|<!--.*?-->/i', '', $str);
+ return preg_replace('/(<link[^>]+rel="[^"]*stylesheet"[^>]*>|<img[^>]*>|style="[^"]*")|<script[^>]*>.*?<\/script>|<style[^>]*>.*?<\/style>|<!--.*?-->/is', '', $str);
}
/**
* Strips extra whitespace, images, scripts and stylesheets from output
View
28 cake/tests/cases/libs/sanitize.test.php
@@ -321,8 +321,34 @@ function testStripScripts() {
$expected = '';
$result = Sanitize::stripScripts($string);
$this->assertEqual($result, $expected);
+
+ $string = <<<HTML
+text
+<style type="text/css">
+<!--
+#content { display:none; }
+-->
+</style>
+text
+HTML;
+ $expected = "text\n\ntext";
+ $result = Sanitize::stripScripts($string);
+ $this->assertEqual($result, $expected);
+
+ $string = <<<HTML
+text
+<script type="text/javascript">
+<!--
+alert('wooo');
+-->
+</script>
+text
+HTML;
+ $expected = "text\n\ntext";
+ $result = Sanitize::stripScripts($string);
+ $this->assertEqual($result, $expected);
}
- /**
+/**
* testStripAll method
*
* @access public
Please sign in to comment.
Something went wrong with that request. Please try again.