$patterns[$pattern] = '<$1' . $this->_params['replace'] . '_tag';
}
+ /* Strip out data URLs living in an A HREF element (Bug #8715). */
+ $malicious = '/<((?:a|�*65;?|�*41;?|�*97;?|�*61;?)\b[^>]+?)' .
+ '(?:h|�*72;?|�*48;?|�*104;?|�*68;?)\s*' .
+ '(?:r|�*82;?|�*52;?|�*114;?|�*72;?)\s*' .
+ '(?:e|�*69;?|�*45;?|�*101;?|�*65;?)\s*' .
+ '(?:f|�*70;?|�*46;?|�*102;?|�*66;?)\s*=' .
+ '("|\')?\s*data:(?(2)[^"\')>]*|[^\s)>]*)(?(2)\\2)/is';
+ $patterns[$malicious] = '<$1';
+
/* Comment out style/link tags. */
if ($this->_params['strip_styles']) {
if ($this->_params['strip_style_attributes']) {
<api>beta</api>
</stability>
<license uri="http://www.gnu.org/copyleft/lesser.html">LGPL</license>
- <notes>* Add support for Google Closure Compiler in javascript minfiy filter.
+ <notes>* Add XSS filtering for data URLs in A HREF parameters (Bug #8715).
+ * Add support for Google Closure Compiler in javascript minfiy filter.
* Fix dimming signatures when mixed with quoted text (Bug #4299).
* Added javscript minify filter.
* Add support for using the tidy extension when filtering HTML data.
projects / horde.git / commitdiff