diff options
| -rw-r--r-- | modules/filter/filter.module | 12 |
1 files changed, 9 insertions, 3 deletions
diff --git a/modules/filter/filter.module b/modules/filter/filter.module index 3add5fa56..d95d4d63f 100644 --- a/modules/filter/filter.module +++ b/modules/filter/filter.module @@ -1253,9 +1253,11 @@ function filter_xss($string, $allowed_tags = array('a', 'em', 'strong', 'cite', return preg_replace_callback('% ( - <[^>]*.(>|$) # a string that starts with a <, up until the > or the end of the string - | # or - > # just a > + <(?=[^a-zA-Z/]) # a lone < + | # or + <[^>]*.(>|$) # a string that starts with a <, up until the > or the end of the string + | # or + > # just a > )%x', '_filter_xss_split', $string); } @@ -1286,6 +1288,10 @@ function _filter_xss_split($m, $store = FALSE) { // We matched a lone ">" character return '>'; } + else if (strlen($string) == 1) { + // We matched a lone "<" character + return '<'; + } if (!preg_match('%^<\s*(/\s*)?([a-zA-Z0-9]+)([^>]*)>?$%', $string, $matches)) { // Seriously malformed |