$rm_attnames = Array(
"/.*/" =>
Array(
- "/target/si",
- "/^on.*/si",
- "/^dynsrc/si",
- "/^data.*/si"
+ "/target/i",
+ "/^on.*/i",
+ "/^dynsrc/i",
+ "/^data.*/i",
+ "/^lowsrc.*/i"
)
);
"/^src|background/i" =>
Array(
Array(
- "|^([\'\"])\s*\.\./.*([\'\"])|si",
- "/^([\'\"])\s*\S+script\s*:.*([\'\"])/si",
- "/^([\'\"])\s*mocha\s*:*.*([\'\"])/si",
- "/^([\'\"])\s*about\s*:.*([\'\"])/si"
+ "|^([\'\"])\s*\.\./.*([\'\"])|i",
+ "/^([\'\"])\s*\S+script\s*:.*([\'\"])/i",
+ "/^([\'\"])\s*mocha\s*:*.*([\'\"])/i",
+ "/^([\'\"])\s*about\s*:.*([\'\"])/i"
),
Array(
"\\1$secremoveimg\\2",
"/^href|action/i" =>
Array(
Array(
- "|^([\'\"])\s*\.\./.*([\'\"])|si",
- "/^([\'\"])\s*\S+script\s*:.*([\'\"])/si",
- "/^([\'\"])\s*mocha\s*:*.*([\'\"])/si",
- "/^([\'\"])\s*about\s*:.*([\'\"])/si"
+ "|^([\'\"])\s*\.\./.*([\'\"])|i",
+ "/^([\'\"])\s*\S+script\s*:.*([\'\"])/i",
+ "/^([\'\"])\s*mocha\s*:*.*([\'\"])/i",
+ "/^([\'\"])\s*about\s*:.*([\'\"])/i"
),
Array(
"\\1#\\2",
"/expression/si",
"/binding/si",
"/behaviou*r/si",
- "|url\(([\'\"])\s*\.\./.*([\'\"])\)|si",
- "/url\(([\'\"])\s*\S+script\s*:.*([\'\"])\)/si",
- "/url\(([\'\"])\s*mocha\s*:.*([\'\"])\)/si",
- "/url\(([\'\"])\s*about\s*:.*([\'\"])\)/si"
+ "|url\(([\'\"])\s*\.\./.*([\'\"])\)|i",
+ "/url\(([\'\"])\s*\S+script\s*:.*([\'\"])\)/i",
+ "/url\(([\'\"])\s*mocha\s*:.*([\'\"])\)/i",
+ "/url\(([\'\"])\s*about\s*:.*([\'\"])\)/i"
),
Array(
"idiocy",
* to false.
*/
array_push($bad_attvals{'/.*/'}{'/^src|background/i'}[0],
- '/^([\'\"])\s*https*:.*([\'\"])/si');
+ '/^([\'\"])\s*https*:.*([\'\"])/i');
array_push($bad_attvals{'/.*/'}{'/^src|background/i'}[1],
"\\1$secremoveimg\\2");
- array_push($bad_attvals{'/.*/'}{'/^style/si'}[0],
+ array_push($bad_attvals{'/.*/'}{'/^style/i'}[0],
'/url\(([\'\"])\s*https*:.*([\'\"])\)/si');
- array_push($bad_attvals{'/.*/'}{'/^style/si'}[1],
+ array_push($bad_attvals{'/.*/'}{'/^style/i'}[1],
"url(\\1$secremoveimg\\2)");
}
return $trusted;
}
-?>
\ No newline at end of file
+?>
projects / squirrelmail.git / commitdiff