Changeset 14928 for branches/rel/data


Ignore:
Timestamp:
2007/06/26 15:10:47 (17 years ago)
Author:
adati
Message:

XSS:置換候補に「javascript:」を追加

File:
1 edited

Legend:

Unmodified
Added
Removed
  • branches/rel/data/smarty_extends/modifier.script_escape.php

    r14529 r14928  
    88function smarty_modifier_script_escape($value) { 
    99     
    10     if (is_array($value)) {return $value;} 
     10    if (is_array($value)) return $value; 
    1111     
    12     $pattern = "/<script.*?>|<\/script>/"; 
    13     $convert = "#####"; 
     12    $pattern = "/<script.*?>|<\/script>|javascript:/"; 
     13    $convert = "#script tag escaped#"; 
    1414     
    1515    if ( preg_match_all($pattern, $value, $matches) ) { 
Note: See TracChangeset for help on using the changeset viewer.