}
/**
- * Translate all dangerous Unicode or Shift_JIS characters which are acepted by
+ * Translate all dangerous Unicode or Shift_JIS characters which are accepted by
* IE as regular characters.
*
* @param attvalue The attribute value before dangerous characters are translated.
// remove comments
$attvalue = preg_replace("/(\/\*.*?\*\/)/","",$attvalue);
- // IE has the evil habit of excepting every possible value for the attribute expression
- // The table below contain characters which are valid in IE if they are used in the "expression"
+ // IE has the evil habit of accepting every possible value for the attribute expression.
+ // The table below contains characters which are parsed by IE if they are used in the "expression"
// attribute value.
$aDangerousCharsReplacementTable = array(
array('ʟ', 'ʟ' ,/* L UNICODE IPA Extension */
'U', 'U',/* Unicode FULLWIDTH LATIN CAPITAL LETTER U */
'u', 'u',/* Unicode FULLWIDTH LATIN SMALL LETTER U */
'ⁿ', 'ⁿ' ,/* Unicode SUPERSCRIPT LATIN SMALL LETTER N */
- '艤', /* Shift JIS FULLWIDTH LATIN CAPITAL LETTER E */ // in unicode this is some chinese char range
+ '艤', /* Shift JIS FULLWIDTH LATIN CAPITAL LETTER E */ // in unicode this is some Chinese char range
'芅', /* Shift JIS FULLWIDTH LATIN SMALL LETTER E */
'艷', /* Shift JIS FULLWIDTH LATIN CAPITAL LETTER X */
'芘', /* Shift JIS FULLWIDTH LATIN SMALL LETTER X */
'E','e','X','x','P','p','S','s','I','i','O','o','N','n'));
$attvalue = str_replace($aDangerousCharsReplacementTable[0],$aDangerousCharsReplacementTable[1],$attvalue);
- // Escapes are usefull for special characters like "{}[]()'&. In other cases they are
- // used for XSS
+ // Escapes are useful for special characters like "{}[]()'&. In other cases they are
+ // used for XSS.
$attvalue = preg_replace("/(\\\\)([a-zA-Z]{1})/",'$2',$attvalue);
}
projects / squirrelmail.git / commitdiff