On 10/17/2013 at 10:39 AM, vekia said:
in class/Validation.php
change this:
public static function isCleanHtml($html){ $jsEvent = 'onmousedown|onmousemove|onmmouseup|onmouseover|onmouseout|onload|onunload|onfocus|onblur|onchange|onsubmit|ondblclick|onclick|onkeydown|onkeyup|onkeypress|onmouseenter|onmouseleave'; return (!preg_match('/<[ \t\n]*script/i', $html) && !preg_match('/<?.*('.$jsEvent.')[ \t\n]*=/i', $html) && !preg_match('/.*script\:/i', $html)); }to:
public static function isCleanHtml($html){ return $html; }
Hi everyone,
I just came into similliar situation - and realized that this could be potentially unsafe - because I ('m not a PS developer) dont know at which places the isCleanHtml function is used. So from my point of view there is much more safer solution:
- create another function derived from isCleanHtml (possibly isCleanHtmlWithScripts) - you just remove the lines with script matching regex
-in /classes/CMS.php on line #64 - definition of content - either remove the 'validate' => 'isCleanHtml' or change it to 'validate' => 'isCleanHtmlWithScripts'
Hope it helps. Cheers!