Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

Added a check to disable VBSscript as well

  • Loading branch information...
commit 0cd84e67ead1657b57acdc178320aac52fe5ab6a 1 parent f1c9d90
moodler authored
Showing with 2 additions and 1 deletion.
  1. +2 −1  lib/weblib.php
View
3  lib/weblib.php
@@ -512,7 +512,8 @@ function clean_text($text, $format) {
case FORMAT_WIKI:
$text = strip_tags($text, $ALLOWED_TAGS);
$text = str_ireplace("javascript:", " ", $text); // Remove javascript: label
- $text = eregi_replace("([^a-z])on([a-z]+)([[:space:]]*)=", " ", $text); // Remove javascript triggers
+ $text = eregi_replace("([^a-z])language([[:space:]]*)=", " ", $text); // Remove javascript/VBScript
+ $text = eregi_replace("([^a-z])on([a-z]+)([[:space:]]*)=", " ", $text); // Remove script events
return $text;
case FORMAT_PLAIN:
Please sign in to comment.
Something went wrong with that request. Please try again.