From: Daniel Kinzler <daniel@users.mediawiki.org>
Date: Sat, 7 Nov 2009 15:45:13 +0000 (+0000)
Subject: better pattern for detecting evil scripts in rdfa attributes
X-Git-Tag: 1.31.0-rc.0~38912
X-Git-Url: https://git.heureux-cyclage.org/?p=lhc%2Fweb%2Fwiklou.git;a=commitdiff_plain;h=fe686b4d40ce30808cf34edc55eada0ac4dd5c5b

better pattern for detecting evil scripts in rdfa attributes
---

diff --git a/includes/Sanitizer.php b/includes/Sanitizer.php
index 30eff4ba9f..712dc43991 100644
--- a/includes/Sanitizer.php
+++ b/includes/Sanitizer.php
@@ -56,6 +56,11 @@ define( 'MW_ATTRIBS_REGEX',
 		)
 	   )?(?=$space|\$)/sx" );
 
+/**
+ * Regular expression to match URIs that could trigger script execution
+ */
+define( 'MW_SCRIPT_URL_PATTERN', '/(^|\s)(javascript|vbscript)[^\w]/i' );
+
 /**
  * List of all named character entities defined in HTML 4.01
  * http://www.w3.org/TR/html4/sgml/entities.html
@@ -631,7 +636,7 @@ class Sanitizer {
 				$attribute === 'about' || $attribute === 'property' || $attribute === 'resource' ||
 				$attribute === 'datatype' || $attribute === 'typeof' ) {  
 				//Paranoia. Allow "simple" values but suppress javascript
-				if ( preg_match( '/(^|\s)javascript\s*:/i', $value ) ) {
+				if ( preg_match( MW_SCRIPT_URL_PATTERN, $value ) ) {
 					continue; 
 				}
 			}