From 9965ea72961fb7d0957027995f272de2445c9117 Mon Sep 17 00:00:00 2001
From: Alejandro Romero Herrera <alromh87@gmail.com>
Date: Mon, 31 Aug 2020 13:02:00 +0300
Subject: [PATCH] Avoid DOS in noJSLink

---
 bl-kernel/helpers/sanitize.class.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/bl-kernel/helpers/sanitize.class.php b/bl-kernel/helpers/sanitize.class.php
index 72d0e813..8b57be83 100644
--- a/bl-kernel/helpers/sanitize.class.php
+++ b/bl-kernel/helpers/sanitize.class.php
@@ -33,8 +33,8 @@ class Sanitize {
 	// Remove javascript from links
 	public static function noJSLink($text)
 	{
-		$text = trim($text);
-		while(strpos($text, 'javascript')===0){
+		$text = preg_replace("/\s+/", "", $text);
+		while(strpos($text, 'javascript:')===0){
 			$text = preg_replace("/javascript\s*:\s*/", "", $text);
 		}
 		return $text;