Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
Fixed XSS detection with :
  • Loading branch information
mahagr committed Oct 25, 2021
1 parent 17dfd13 commit afc69a3
Show file tree
Hide file tree
Showing 2 changed files with 2 additions and 1 deletion.
1 change: 1 addition & 0 deletions CHANGELOG.md
Expand Up @@ -8,6 +8,7 @@
* Fixed a bug in `PermissionsReader` in PHP 7.3
* Fixed `session_store_active` language option (#3464)
* Fixed deprecated warnings on `ArrayAccess` in PHP 8.1
* Fixed XSS detection with `:`

# v1.7.23
## 09/29/2021
Expand Down
2 changes: 1 addition & 1 deletion system/src/Grav/Common/Security.php
Expand Up @@ -203,7 +203,7 @@ public static function detectXss($string, array $options = null): ?string
$string = preg_replace('!(&#0+[0-9]+)!u', '$1;', $string);

// Decode entities
$string = html_entity_decode($string, ENT_NOQUOTES, 'UTF-8');
$string = html_entity_decode($string, ENT_NOQUOTES | ENT_HTML5, 'UTF-8');

// Strip whitespace characters
$string = preg_replace('!\s!u', '', $string);
Expand Down

0 comments on commit afc69a3

Please sign in to comment.