From 56bd15ef4f14dec4cf67be84abc18ea562e7a83c Mon Sep 17 00:00:00 2001
From: Dries Buytaert <dries@buytaert.net>
Date: Thu, 26 Sep 2002 16:12:09 +0000
Subject: [PATCH] - Applied Marco's first regex patch.

---
 modules/node.module      | 7 +++++--
 modules/node/node.module | 7 +++++--
 2 files changed, 10 insertions(+), 4 deletions(-)

diff --git a/modules/node.module b/modules/node.module
index e9bdb3d1757f..9aaf8a0e3282 100644
--- a/modules/node.module
+++ b/modules/node.module
@@ -300,8 +300,6 @@ function node_conf_filters() {
 }
 
 function node_filter_html($text) {
-  $text = eregi_replace("([ \f\r\t\n\'\"])style=[^>]+>", "\\1", $text);
-  $text = eregi_replace("([ \f\r\t\n\'\"])on[a-z]+=[^>]+>", "\\1", $text);
   $text = strip_tags($text, variable_get("allowed_html", ""));
   return $text;
 }
@@ -370,6 +368,11 @@ function node_comment_mode($nid) {
 }
 
 function node_filter($text) {
+  $text = preg_replace("/\Wstyle\s*=[^>]+?>/i", ">", $text);
+  $text = preg_replace("/\Won[a-z]+\s*=[^>]+?>/i", ">", $text);
+  $text = preg_replace("/\Wsrc\s*=[\s'\"]*javascript[^>]+?>/i", ">", $text);
+  $text = preg_replace("/\Whref\s*=[\s'\"]*javascript:[^>]+?>/i", ">", $text);
+
   if (variable_get("filter_html", 0)) $text = node_filter_html($text);
   if (variable_get("filter_link", 0)) $text = node_filter_link($text);
   return node_filter_line($text);
diff --git a/modules/node/node.module b/modules/node/node.module
index e9bdb3d1757f..9aaf8a0e3282 100644
--- a/modules/node/node.module
+++ b/modules/node/node.module
@@ -300,8 +300,6 @@ function node_conf_filters() {
 }
 
 function node_filter_html($text) {
-  $text = eregi_replace("([ \f\r\t\n\'\"])style=[^>]+>", "\\1", $text);
-  $text = eregi_replace("([ \f\r\t\n\'\"])on[a-z]+=[^>]+>", "\\1", $text);
   $text = strip_tags($text, variable_get("allowed_html", ""));
   return $text;
 }
@@ -370,6 +368,11 @@ function node_comment_mode($nid) {
 }
 
 function node_filter($text) {
+  $text = preg_replace("/\Wstyle\s*=[^>]+?>/i", ">", $text);
+  $text = preg_replace("/\Won[a-z]+\s*=[^>]+?>/i", ">", $text);
+  $text = preg_replace("/\Wsrc\s*=[\s'\"]*javascript[^>]+?>/i", ">", $text);
+  $text = preg_replace("/\Whref\s*=[\s'\"]*javascript:[^>]+?>/i", ">", $text);
+
   if (variable_get("filter_html", 0)) $text = node_filter_html($text);
   if (variable_get("filter_link", 0)) $text = node_filter_link($text);
   return node_filter_line($text);
-- 
GitLab