$patterns[$pattern] = '<$1' . $this->_params['replace'] . '_tag';
}
- /* Strip out data URLs living in an A HREF element (Bug #8715). */
- $malicious = '/<((?:a|�*65;?|�*41;?|�*97;?|�*61;?)\b[^>]+?)' .
- '(?:h|�*72;?|�*48;?|�*104;?|�*68;?)\s*' .
- '(?:r|�*82;?|�*52;?|�*114;?|�*72;?)\s*' .
- '(?:e|�*69;?|�*45;?|�*101;?|�*65;?)\s*' .
- '(?:f|�*70;?|�*46;?|�*102;?|�*66;?)\s*=' .
- '("|\')?\s*data:(?(2)[^"\')>]*|[^\s)>]*)(?(2)\\2)/is';
- $patterns[$malicious] = '<$1';
-
/* Comment out style/link tags. */
if ($this->_params['strip_styles']) {
if ($this->_params['strip_style_attributes']) {
*/
public function postProcess($text)
{
+ /* Strip out data URLs living in an A HREF element (Bug #8715).
+ * Done here because we need to match more than 1 possible data
+ * entry per tag. */
+ $data_from = '/<((?:a|�*65;?|�*41;?|�*97;?|�*61;?)\b[^>]+?)' .
+ '(?:h|�*72;?|�*48;?|�*104;?|�*68;?)\s*' .
+ '(?:r|�*82;?|�*52;?|�*114;?|�*72;?)\s*' .
+ '(?:e|�*69;?|�*45;?|�*101;?|�*65;?)\s*' .
+ '(?:f|�*70;?|�*46;?|�*102;?|�*66;?)\s*=' .
+ '("|\')?\s*data:(?(2)[^"\')>]*|[^\s)>]*)(?(2)\\2)/is';
+ $data_to = '<$1';
+ do {
+ $text = preg_replace($data_from, $data_to, $text, -1, $count);
+ } while ($count);
+
ini_restore('pcre.backtrack_limit');
// Restore CDATA data
projects / horde.git / commitdiff