From: Michael M Slusarz <slusarz@curecanti.org>
Date: Mon, 28 Sep 2009 05:10:54 +0000 (-0600)
Subject: We should only be matching url:script inside of HTML tags
X-Git-Url: https://git.internetallee.de/?a=commitdiff_plain;h=fbcb1010297ccde83dd1b33194eeaf8fddd364a9;p=horde.git

We should only be matching url:script inside of HTML tags

Ticket #8592
---

diff --git a/framework/Text_Filter/lib/Horde/Text/Filter/Xss.php b/framework/Text_Filter/lib/Horde/Text/Filter/Xss.php
index 5c390db95..a6155a3e0 100644
--- a/framework/Text_Filter/lib/Horde/Text/Filter/Xss.php
+++ b/framework/Text_Filter/lib/Horde/Text/Filter/Xss.php
@@ -78,7 +78,10 @@ class Horde_Text_Filter_Xss extends Horde_Text_Filter
         /* Get all attribute="javascript:foo()" tags. This is essentially the
          * regex /(=|url\()("?)[^>]*script:/ but expanded to catch camouflage
          * with spaces and entities. */
-        $preg = '/((=|&#0*61;?|&#x0*3D;?)|' .
+        // The first portion should ensure that CSS data contained within a
+        // 'CDATA' section is not matched.
+        $preg = '/<\s*[^!][^>]*' .
+                '((=|&#0*61;?|&#x0*3D;?)|' .
                 '((u|&#0*85;?|&#x0*55;?|&#0*117;?|&#x0*75;?|\\\\0*75)\s*' .
                 '(r|&#0*82;?|&#x0*52;?|&#0*114;?|&#x0*72;?|\\\\0*72)\s*' .
                 '(l|&#0*76;?|&#x0*4c;?|&#0*108;?|&#x0*6c;?|\\\\0*6c)\s*' .