Better regular expression to catch javascript triggers

moodle · Jun 9, 2003 · f1c9d90 · f1c9d90
1 parent 14f593e
commit f1c9d90
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/lib/weblib.php b/lib/weblib.php
@@ -512,7 +512,7 @@ function clean_text($text, $format) {
         case FORMAT_WIKI:
             $text = strip_tags($text, $ALLOWED_TAGS);
             $text = str_ireplace("javascript:", " ", $text);           // Remove javascript: label
-            $text = eregi_replace("([^a-z])on([a-z]+)=", " ", $text);  // Remove javascript triggers
+            $text = eregi_replace("([^a-z])on([a-z]+)([[:space:]]*)=", " ", $text);  // Remove javascript triggers
             return $text;
 
         case FORMAT_PLAIN: