Insufficient filtering in javascript filter (#10001)

2009-06-03 15:53:55 +00:00 · 2009-06-03 15:53:55 +00:00 · 9381fd02d8
commit 9381fd02d8
parent 7e51ddd3b2
3 changed files with 4 additions and 3 deletions
--- a/docs/changelog/7.x.x.txt
+++ b/docs/changelog/7.x.x.txt
@ -15,6 +15,7 @@
 - fixed #9920: Survey: cannot add questions in IE
 - fixed #10449: Undefined template
 - fixed: WebGUI::Search epoch maximum range error  (#10288)
+ - fixed: Insufficient filtering in javascript filter  (#10001)
 - fixed #10365: Head tags do not work "Use Packed Head Tags".
 - fixed #9927: Survey - verbatim
 - fixed #10352: Deleting a user does not clean up any address books
--- a/lib/WebGUI/Asset/Wobject/Collaboration.pm
+++ b/lib/WebGUI/Asset/Wobject/Collaboration.pm
@ -588,14 +588,14 @@ sub definition {
 			},
 		filterCode =>{
 			fieldType=>"filterContent",
-			defaultValue=>'javascript',
+			defaultValue=>'most',
 			tab=>'security',
 			label=>$i18n->get('filter code'),
 			hoverHelp=>$i18n->get('filter code description'),
 			},
 		replyFilterCode =>{
 			fieldType=>"filterContent",
-			defaultValue=>'javascript',
+			defaultValue=>'most',
 			tab=>'security',
 			label=>$i18n->get('reply filter code'),
 			hoverHelp=>$i18n->get('reply filter code description'),
--- a/lib/WebGUI/HTML.pm
+++ b/lib/WebGUI/HTML.pm
@ -142,7 +142,7 @@ sub filter {
 		$html =~ s/&nbsp;/ /ixsg ;
 		WebGUI::Macro::negate(\$html);
 	} elsif ($type eq "javascript") {
-		$html =~ s/\<script.*?\/script\>//ixsg;
+		$html =~ s/\<\s*script.*?\/script\s*\>//ixsg;
 		$html =~ s/(href="??)javascript\:.*?\)/$1removed/ixsg;
 		$html =~ s/onClick/removed/ixsg;
 		$html =~ s/onDblClick/removed/ixsg;