diff options
author | David Rothstein <drothstein@gmail.com> | 2015-05-04 23:45:57 -0400 |
---|---|---|
committer | David Rothstein <drothstein@gmail.com> | 2015-05-04 23:45:57 -0400 |
commit | 254424dcfa2a165be18fec2917f6fbd22fbd9970 (patch) | |
tree | 6daa863a0a8090fdf1f1e616e435bb3a1ab6cbf1 /includes/common.inc | |
parent | 880152ae12536fde3975c4581494064532c4fbb1 (diff) | |
download | brdo-254424dcfa2a165be18fec2917f6fbd22fbd9970.tar.gz brdo-254424dcfa2a165be18fec2917f6fbd22fbd9970.tar.bz2 |
Issue #2315255 by Dave Reid, Devin Carlson: Allow custom HTML tags with a dash in the name to pass through filter_xss() when specified in the list of allowed tags
Diffstat (limited to 'includes/common.inc')
-rw-r--r-- | includes/common.inc | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/includes/common.inc b/includes/common.inc index b7b9562d4..cd3014553 100644 --- a/includes/common.inc +++ b/includes/common.inc @@ -1522,7 +1522,7 @@ function _filter_xss_split($m, $store = FALSE) { return '<'; } - if (!preg_match('%^<\s*(/\s*)?([a-zA-Z0-9]+)([^>]*)>?|(<!--.*?-->)$%', $string, $matches)) { + if (!preg_match('%^<\s*(/\s*)?([a-zA-Z0-9\-]+)([^>]*)>?|(<!--.*?-->)$%', $string, $matches)) { // Seriously malformed. return ''; } |