* Sanitizer CSS comment processing order fix
This commit is contained in:
Brion Vibber
parent
b7edb1fa3f
commit
a7ebf2c424
2 changed files with 7 additions and 3 deletions
|
|
@ -170,6 +170,7 @@ fully support the editing toolbar, but was found to be too confusing.
|
|||
* (bug 3786) Experimental support for MySQL 4.1/5.0 utf8 charset mode
|
||||
NOTE: Enabling this may break existing wikis, and still doesn't
|
||||
work for all Unicode characters due to MySQL limitations.
|
||||
* Sanitizer CSS comment processing order fix
|
||||
|
||||
|
||||
=== Caveats ===
|
||||
|
|
|
|||
|
|
@ -555,10 +555,13 @@ class Sanitizer {
|
|||
# Strip javascript "expression" from stylesheets.
|
||||
# http://msdn.microsoft.com/workshop/author/dhtml/overview/recalc.asp
|
||||
if( $attribute == 'style' ) {
|
||||
// Remove any comments; IE gets token splitting wrong
|
||||
$value = preg_replace( '!/\\*.*?\\*/!S', ' ', $value );
|
||||
|
||||
$stripped = Sanitizer::decodeCharReferences( $value );
|
||||
|
||||
// Remove any comments; IE gets token splitting wrong
|
||||
$stripped = preg_replace( '!/\\*.*?\\*/!S', ' ', $stripped );
|
||||
$value = htmlspecialchars( $stripped );
|
||||
|
||||
// ... and continue checks
|
||||
$stripped = preg_replace( '!\\\\([0-9A-Fa-f]{1,6})[ \\n\\r\\t\\f]?!e',
|
||||
'codepointToUtf8(hexdec("$1"))', $stripped );
|
||||
$stripped = str_replace( '\\', '', $stripped );
|
||||
|
|
|
|||
Loading…
Reference in a new issue