Added a check to disable VBSscript as well

diff --git a/lib/weblib.php b/lib/weblib.php
index 605cb8ed518b9a35f09aec411d0ab06aafa17efc..1e085f7d09c16b0a75f324a2a39cd9e369851c4b 100644 (file)
--- a/lib/weblib.php
+++ b/lib/weblib.php
@@ -512,7 +512,8 @@ function clean_text($text, $format) {
         case FORMAT_WIKI:
             $text = strip_tags($text, $ALLOWED_TAGS);
             $text = str_ireplace("javascript:", " ", $text);           // Remove javascript: label
-            $text = eregi_replace("([^a-z])on([a-z]+)([[:space:]]*)=", " ", $text);  // Remove javascript triggers
+            $text = eregi_replace("([^a-z])language([[:space:]]*)=", " ", $text);    // Remove javascript/VBScript
+            $text = eregi_replace("([^a-z])on([a-z]+)([[:space:]]*)=", " ", $text);  // Remove script events
             return $text;
 
         case FORMAT_PLAIN: