MDL-13705

diff --git a/lib/weblib.php b/lib/weblib.php
index 6b5318850682769e1c84240c0eb621138dc20c63..e2997e690371e2969dd88b56287f2f0411875754 100644 (file)
--- a/lib/weblib.php
+++ b/lib/weblib.php
@@ -2058,6 +2058,7 @@ function cleanAttributes2($htmlArray){
             }
             $arreach['value'] = preg_replace("/j\s*a\s*v\s*a\s*s\s*c\s*r\s*i\s*p\s*t/i", "Xjavascript", $arreach['value']);
             $arreach['value'] = preg_replace("/e\s*x\s*p\s*r\s*e\s*s\s*s\s*i\s*o\s*n/i", "Xexpression", $arreach['value']);
+            $arreach['value'] = preg_replace("/b\s*i\s*n\s*d\s*i\s*n\s*g/i", "Xbinding", $arreach['value']);
         } else if ($arreach['name'] == 'href') {
             //Adobe Acrobat Reader XSS protection
             $arreach['value'] = preg_replace('/(\.(pdf|fdf|xfdf|xdp|xfd))[^a-z0-9_\.\-].*$/i', '$1', $arreach['value']);