Commit afd8ccaf authored by Steven Wittens's avatar Steven Wittens
Browse files

- #27230: Fix XHTML slash in XSS filter

parent 7445e8e8
......@@ -1134,13 +1134,14 @@ function _filter_xss_split($m, $store = FALSE) {
return "</$elem>";
}
// Is there a closing XHTML slash at the end of the attributes?
$xhtml_slash = preg_match('%\s/\s*$%', $attr) ? '/' : '';
$xhtml_slash = preg_match('%\s?/\s*$%', $attrlist) ? ' /' : '';
// Clean up attributes
$attr2 = implode(' ', _filter_xss_attributes($attrlist));
$attr2 = preg_replace('/[<>]/', '', $attr2);
$attr2 = strlen($attr2) ? ' '. $attr2 : '';
return "<$elem $attr2$xhtml_slash>";
return "<$elem$attr2$xhtml_slash>";
}
/**
......
......@@ -1134,13 +1134,14 @@ function _filter_xss_split($m, $store = FALSE) {
return "</$elem>";
}
// Is there a closing XHTML slash at the end of the attributes?
$xhtml_slash = preg_match('%\s/\s*$%', $attr) ? '/' : '';
$xhtml_slash = preg_match('%\s?/\s*$%', $attrlist) ? ' /' : '';
// Clean up attributes
$attr2 = implode(' ', _filter_xss_attributes($attrlist));
$attr2 = preg_replace('/[<>]/', '', $attr2);
$attr2 = strlen($attr2) ? ' '. $attr2 : '';
return "<$elem $attr2$xhtml_slash>";
return "<$elem$attr2$xhtml_slash>";
}
/**
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment