Fix for id= bug. Old code made obsolete by KSES.

git-svn-id: http://svn.automattic.com/wordpress/trunk@876 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
saxmatt 2004-02-16 03:18:36 +00:00
parent a8d831a286
commit d0c81c9f8e

View File

@ -105,21 +105,6 @@ function convert_chars($content, $flag='obsolete attribute left there for backwa
return $content;
}
/**
** sanitise HTML attributes, remove frame/applet/*script/mouseovers,etc. tags
** so that this kind of thing cannot be done:
** This is how we can do <b onmouseover="alert('badbadbad')">bad stuff</b>!
**/
function sanitise_html_attributes($text) {
$text = preg_replace('#(([\s"\'])on[a-z]{1,}|style|class|id)="(.*?)"#i', '$1', $text);
$text = preg_replace('#(([\s"\'])on[a-z]{1,}|style|class|id)=\'(.*?)\'#i', '$1', $text);
$text = preg_replace('#(([\s"\'])on[a-z]{1,}|style|class|id)[ \t]*=[ \t]*([^ \t\>]*?)#i', '$1', $text);
$text = preg_replace('#([a-z]{1,})="(( |\t)*?)(javascript|vbscript|about):(.*?)"#i', '$1=""', $text);
$text = preg_replace('#([a-z]{1,})=\'(( |\t)*?)(javascript|vbscript|about):(.*?)\'#i', '$1=""', $text);
$text = preg_replace('#\<(\/{0,1})([a-z]{0,2})(frame|applet)(.*?)\>#i', '', $text);
return $text;
}
/*
balanceTags
@ -140,10 +125,6 @@ function sanitise_html_attributes($text) {
*/
function balanceTags($text, $is_comment = 0) {
global $use_balanceTags;
if ($is_comment) {
$text = sanitise_html_attributes($text);
}
if ($use_balanceTags == 0) {
return $text;