Better regular expression to catch javascript triggers

diff --git a/lib/weblib.php b/lib/weblib.php
index 7775512090cf231be7dc1ca5d641a11b22c0e028..605cb8ed518b9a35f09aec411d0ab06aafa17efc 100644 (file)
--- a/lib/weblib.php
+++ b/lib/weblib.php
@@ -512,7 +512,7 @@ function clean_text($text, $format) {
         case FORMAT_WIKI:
             $text = strip_tags($text, $ALLOWED_TAGS);
             $text = str_ireplace("javascript:", " ", $text);           // Remove javascript: label
-            $text = eregi_replace("([^a-z])on([a-z]+)=", " ", $text);  // Remove javascript triggers
+            $text = eregi_replace("([^a-z])on([a-z]+)([[:space:]]*)=", " ", $text);  // Remove javascript triggers
             return $text;
 
         case FORMAT_PLAIN: