From 74cd0a9b62f11bc07c5a1d3ba0098b54883eb0ba Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Tue, 04 Dec 2012 03:17:08 -0500
Subject: [PATCH] - Fix XSS vulnerability in vbscript: and data:text links handling (#1488850)

---
 program/lib/washtml.php |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/program/lib/washtml.php b/program/lib/washtml.php
index 0d4ffdb..d13d664 100644
--- a/program/lib/washtml.php
+++ b/program/lib/washtml.php
@@ -214,7 +214,7 @@
       $key = strtolower($key);
       $value = $node->getAttribute($key);
       if (isset($this->_html_attribs[$key]) ||
-         ($key == 'href' && !preg_match('!^javascript!i', $value)
+         ($key == 'href' && !preg_match('!^(javascript|vbscript|data:text)!i', $value)
            && preg_match('!^([a-z][a-z0-9.+-]+:|//|#).+!i', $value))
       ) {
         $t .= ' ' . $key . '="' . htmlspecialchars($value, ENT_QUOTES) . '"';

--
Gitblit v1.9.1