kazhnuz/koblog
1
0
Fork 0
Code Issues 31 Pull requests Projects 3 Releases Packages Wiki Activity Actions

Avoid DOS in noJSLink

Browse source
This commit is contained in:
Alejandro Romero Herrera 2020-08-31 13:02:00 +03:00
parent e2226c01e7
commit 9965ea7296
1 changed files with 2 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
bl-kernel/helpers/sanitize.class.php
View file

@ -33,8 +33,8 @@ class Sanitize {
// Remove javascript from links // Remove javascript from links
public static function noJSLink($text) public static function noJSLink($text)
{ {
$text = trim($text); $text = preg_replace("/\s+/", "", $text);
while(strpos($text, 'javascript')===0){ while(strpos($text, 'javascript:')===0){
$text = preg_replace("/javascript\s*:\s*/", "", $text); $text = preg_replace("/javascript\s*:\s*/", "", $text);
} }
return $text; return $text;