From da80e6204252b78c3cbe380df54c056df438a1d0 Mon Sep 17 00:00:00 2001 From: Dries Buytaert Date: Sun, 29 Jun 2003 18:21:47 +0000 Subject: - Removed "link" from the XSS check as well as "font". --- includes/common.inc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'includes/common.inc') diff --git a/includes/common.inc b/includes/common.inc index 4b7fb4e2e..a60265314 100644 --- a/includes/common.inc +++ b/includes/common.inc @@ -490,7 +490,7 @@ function xss_check_input_data($data) { $match += preg_match("/\W(src|href)\s*=[\s'\"]*javascript[^>]+?>/i", $data); // check tags: - $match += preg_match("/<\s*(applet|script|object|style|embed|form|blink|meta|font|html|link|frame|iframe|layer|ilayer|head|frameset|xml)/i", $data); + $match += preg_match("/<\s*(applet|script|object|style|embed|form|blink|meta|html|frame|iframe|layer|ilayer|head|frameset|xml)/i", $data); if ($match) { watchdog("warning", "terminated request because of suspicious input data: ". drupal_specialchars($data)); -- cgit v1.2.3