- Some more refinements

author: Dries Buytaert <dries@buytaert.net> 2003-07-09 22:07:50 +0000
committer: Dries Buytaert <dries@buytaert.net> 2003-07-09 22:07:50 +0000
commit: 9fd25fa520420896c921be045cc876439e33ed45 (patch)
tree: fa1b403ec955a849d7171432702ed103a68f2fb9 /includes/common.inc
parent: c89f78aa4d825da0bce42ca4e8986d1a7fa58159 (diff)
download: brdo-9fd25fa520420896c921be045cc876439e33ed45.tar.gz
brdo-9fd25fa520420896c921be045cc876439e33ed45.tar.bz2
1 files changed, 5 insertions, 1 deletions
diff --git a/includes/common.inc b/includes/common.inc
index 448cf5f09..ca717e506 100644
--- a/includes/common.inc
+++ b/includes/common.inc
@@ -483,9 +483,13 @@ function xss_check_input_data($data) {
     ** Detect evil input data.
     */
 
+    // check strings:
+    $match += preg_match("/\Wjavascript\s*:/i", $data);
+    $match += preg_match("/\Wexpression\s*\(/i", $data);
+    $match += preg_match("/\Walert\s*\(/i", $data);
+
     // check attributes:
     $match  = preg_match("/\W(dynsrc|datasrc|data|lowsrc|on[a-z]+)\s*=[^>]+?>/i", $data);
-    $match += preg_match("/\Wjavascript\s*:/i", $data);
 
     // check tags:
     $match += preg_match("/<\s*(applet|script|object|style|embed|form|blink|meta|html|frame|iframe|layer|ilayer|head|frameset|xml)/i", $data);
author	Dries Buytaert <dries@buytaert.net>	2003-07-09 22:07:50 +0000
committer	Dries Buytaert <dries@buytaert.net>	2003-07-09 22:07:50 +0000
commit	9fd25fa520420896c921be045cc876439e33ed45 (patch)
tree	fa1b403ec955a849d7171432702ed103a68f2fb9 /includes/common.inc
parent	c89f78aa4d825da0bce42ca4e8986d1a7fa58159 (diff)
download	brdo-9fd25fa520420896c921be045cc876439e33ed45.tar.gz brdo-9fd25fa520420896c921be045cc876439e33ed45.tar.bz2