From 74cd0a9b62f11bc07c5a1d3ba0098b54883eb0ba Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Tue, 4 Dec 2012 09:17:08 +0100
Subject: - Fix XSS vulnerability in vbscript: and data:text links handling
 (#1488850)

---
 program/lib/washtml.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'program/lib/washtml.php')

diff --git a/program/lib/washtml.php b/program/lib/washtml.php
index 0d4ffdb4b..d13d66404 100644
--- a/program/lib/washtml.php
+++ b/program/lib/washtml.php
@@ -214,7 +214,7 @@ class washtml
       $key = strtolower($key);
       $value = $node->getAttribute($key);
       if (isset($this->_html_attribs[$key]) ||
-         ($key == 'href' && !preg_match('!^javascript!i', $value)
+         ($key == 'href' && !preg_match('!^(javascript|vbscript|data:text)!i', $value)
            && preg_match('!^([a-z][a-z0-9.+-]+:|//|#).+!i', $value))
       ) {
         $t .= ' ' . $key . '="' . htmlspecialchars($value, ENT_QUOTES) . '"';
-- 
cgit v1.2.3