kazhnuz/koblog
1
0
Fork 0
Code Issues 30 Pull requests Projects 3 Releases Packages Wiki Activity Actions

Recursively erase javascript URI scheme in noJSLink to avoid XSS

Browse source
This commit is contained in:
Alejandro Romero Herrera 2020-08-31 12:27:49 +03:00
parent d5be0c0cdb
commit e2226c01e7
1 changed files with 6 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
bl-kernel/helpers/sanitize.class.php
View file

@ -30,10 +30,14 @@ class Sanitize {
return htmlspecialchars_decode($text, $flags);
}
// Remove javacript from links
// Remove javascript from links
public static function noJSLink($text)
{
return preg_replace("/javascript\s*:\s*/", "", $text);
$text = trim($text);
while(strpos($text, 'javascript')===0){
$text = preg_replace("/javascript\s*:\s*/", "", $text);
}
return $text;
}
public static function pathFile($path, $file=false)