From: skodak <skodak>
Date: Thu, 28 Feb 2008 21:17:52 +0000 (+0000)
Subject: MDL-13705
X-Git-Url: http://git.mjollnir.org/gw?a=commitdiff_plain;h=8cd2314b9ab5938ab1e65c29d43189cc545f7fe1;p=moodle.git

MDL-13705
---

diff --git a/lib/weblib.php b/lib/weblib.php
index 6b53188506..e2997e6903 100644
--- a/lib/weblib.php
+++ b/lib/weblib.php
@@ -2058,6 +2058,7 @@ function cleanAttributes2($htmlArray){
             }
             $arreach['value'] = preg_replace("/j\s*a\s*v\s*a\s*s\s*c\s*r\s*i\s*p\s*t/i", "Xjavascript", $arreach['value']);
             $arreach['value'] = preg_replace("/e\s*x\s*p\s*r\s*e\s*s\s*s\s*i\s*o\s*n/i", "Xexpression", $arreach['value']);
+            $arreach['value'] = preg_replace("/b\s*i\s*n\s*d\s*i\s*n\s*g/i", "Xbinding", $arreach['value']);
         } else if ($arreach['name'] == 'href') {
             //Adobe Acrobat Reader XSS protection
             $arreach['value'] = preg_replace('/(\.(pdf|fdf|xfdf|xdp|xfd))[^a-z0-9_\.\-].*$/i', '$1', $arreach['value']);