- Timestamp:
- 06/19/2008 02:40:20 PM (3 months ago)
- Files:
-
- 1 modified
-
sandbox/config/func.inc.php (modified) (1 diff)
Legend:
- Unmodified
- Added
- Removed
-
sandbox/config/func.inc.php
r4290 r4302 417 417 $content = preg_replace("!<style(.*?)<\/style>!is", '', $content); 418 418 419 // XSS 사용을 위한 이벤트 제거 420 $content = preg_replace_callback("!<([a-z]+)(.*?)>!is", removeJSEvent, $content); 421 419 422 return $content; 423 } 424 425 function removeJSEvent($matches) { 426 $tag = strtolower($matches[1]); 427 if($tag == "a" && preg_match('/href=("|\'?)javascript:/i',$matches[2])) $matches[0] = preg_replace('/href=("|\'?)javascript:/i','href=$1_javascript:', $matches[0]); 428 return preg_replace('/on([a-z]+)=/i','_on$1=',$matches[0]); 420 429 } 421 430
