From 09cbeb40a284f8d369be9bf982abf6b9b546f249 Mon Sep 17 00:00:00 2001
From: moodler <moodler>
Date: Sun, 28 Mar 2004 06:31:27 +0000
Subject: [PATCH] An improvemement, I think, in the way Javascript is stripped
 in clean_text

---
 lib/weblib.php | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/lib/weblib.php b/lib/weblib.php
index 6a95f30449..f0f121602b 100644
--- a/lib/weblib.php
+++ b/lib/weblib.php
@@ -666,13 +666,13 @@ function clean_text($text, $format=FORMAT_MOODLE) {
         case FORMAT_MOODLE:
         case FORMAT_HTML:
         case FORMAT_WIKI:
-        /// Remove javascript: label
+        /// Remove tags that are not allowed
             $text = strip_tags($text, $ALLOWED_TAGS);
-        /// Remove javascript/VBScript
-            $text = str_ireplace("javascript:", "xxx", $text);           
+        /// Munge javascript: label
+            $text = str_ireplace("javascript:", "Xjavascript:", $text);           
         /// Remove script events
-            $text = eregi_replace("([^a-z])language([[:space:]]*)=", "xxx", $text);    
-            $text = eregi_replace("([^a-z])on([a-z]+)([[:space:]]*)=", "xxx", $text);  
+            $text = eregi_replace("([^a-z])language([[:space:]]*)=", "\\1Xlanguage=", $text);    
+            $text = eregi_replace("([^a-z])on([a-z]+)([[:space:]]*)=", "\\1Xon\\2=", $text);  
             return $text;
 
         case FORMAT_PLAIN:
-- 
2.39.5