From 254424dcfa2a165be18fec2917f6fbd22fbd9970 Mon Sep 17 00:00:00 2001
From: David Rothstein <drothstein@gmail.com>
Date: Mon, 4 May 2015 23:45:57 -0400
Subject: Issue #2315255 by Dave Reid, Devin Carlson: Allow custom HTML tags
 with a dash in the name to pass through filter_xss() when specified in the
 list of allowed tags

---
 includes/common.inc | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'includes')

diff --git a/includes/common.inc b/includes/common.inc
index b7b9562d4..cd3014553 100644
--- a/includes/common.inc
+++ b/includes/common.inc
@@ -1522,7 +1522,7 @@ function _filter_xss_split($m, $store = FALSE) {
     return '&lt;';
   }
 
-  if (!preg_match('%^<\s*(/\s*)?([a-zA-Z0-9]+)([^>]*)>?|(<!--.*?-->)$%', $string, $matches)) {
+  if (!preg_match('%^<\s*(/\s*)?([a-zA-Z0-9\-]+)([^>]*)>?|(<!--.*?-->)$%', $string, $matches)) {
     // Seriously malformed.
     return '';
   }
-- 
cgit v1.2.3