MDL-22042 fixed kses cleaning of html code
authorPetr Skoda <skodak@moodle.org>
Thu, 3 Jun 2010 08:43:59 +0000 (08:43 +0000)
committerPetr Skoda <skodak@moodle.org>
Thu, 3 Jun 2010 08:43:59 +0000 (08:43 +0000)
lib/weblib.php

index 57a1e6f..5afb11a 100644 (file)
@@ -1574,6 +1574,7 @@ function cleanAttributes2($htmlArray){
                 }
             }
             $arreach['value'] = preg_replace("/j\s*a\s*v\s*a\s*s\s*c\s*r\s*i\s*p\s*t/i", "Xjavascript", $arreach['value']);
+            $arreach['value'] = preg_replace("/v\s*b\s*s\s*c\s*r\s*i\s*p\s*t/i", "Xvbscript", $arreach['value']);
             $arreach['value'] = preg_replace("/e\s*x\s*p\s*r\s*e\s*s\s*s\s*i\s*o\s*n/i", "Xexpression", $arreach['value']);
             $arreach['value'] = preg_replace("/b\s*i\s*n\s*d\s*i\s*n\s*g/i", "Xbinding", $arreach['value']);
         } else if ($arreach['name'] == 'href') {