Permalink
Browse files

MDL-2684: kses strips out CSS from style tags unless the first proper…

…ty is on 'allowed' list, this is silly
  • Loading branch information...
1 parent e706276 commit d5f4161c2c2e4f2dedc154aaa65a431f06053992 @sammarshallou sammarshallou committed Dec 2, 2009
Showing with 6 additions and 1 deletion.
  1. +6 −1 lib/kses.php
View
@@ -243,7 +243,12 @@ function kses_hair($attr, $allowed_protocols)
if (preg_match('/^"([^"]*)"(\s+|$)/', $attr, $match))
# "value"
{
- $thisval = kses_bad_protocol($match[1], $allowed_protocols);
+ // MDL-2684 - kses stripping CSS styles that it thinks look like protocols
+ if ($attrname == 'style') {
+ $thisval = $match[1];
+ } else {
+ $thisval = kses_bad_protocol($match[1], $allowed_protocols);
+ }
$attrarr[] = array
('name' => $attrname,

0 comments on commit d5f4161

Please sign in to comment.