Skip to content

Commit

Permalink
Better fix for XSS in style tags (fa2824f)
Browse files Browse the repository at this point in the history
  • Loading branch information
thomascube committed Mar 10, 2017
1 parent fa2824f commit cbd3562
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion program/lib/Roundcube/rcube_utils.php
Original file line number Diff line number Diff line change
Expand Up @@ -499,10 +499,10 @@ public static function file2class($mimetype, $filename)
public static function xss_entity_decode($content)
{
$out = html_entity_decode(html_entity_decode($content));
$out = strip_tags($out);
$out = preg_replace_callback('/\\\([0-9a-f]{4})/i',
array(self, 'xss_entity_decode_callback'), $out);
$out = preg_replace('#/\*.*\*/#Ums', '', $out);
$out = strip_tags($out);

return $out;
}
Expand Down

0 comments on commit cbd3562

Please sign in to comment.