From 2f9ab6e3337daa3e68314eb737a8e8bd964725fa Mon Sep 17 00:00:00 2001
From: emc3 <emc3@1a063a9b-81f0-0310-95a4-ce76da25c4cd>
Date: Tue, 9 Dec 2003 14:39:30 +0000
Subject: [PATCH] Fixed XSS vulnerability in comments

git-svn-id: http://svn.automattic.com/wordpress/trunk@594 1a063a9b-81f0-0310-95a4-ce76da25c4cd
---
 b2-include/b2functions.php | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/b2-include/b2functions.php b/b2-include/b2functions.php
index d3a6c69a8..6f8994a9d 100644
--- a/b2-include/b2functions.php
+++ b/b2-include/b2functions.php
@@ -1207,9 +1207,9 @@ function pingback($content, $post_ID) {
  ** This is how we can do <b onmouseover="alert('badbadbad')">bad stuff</b>!
  **/
 function sanitise_html_attributes($text) {
-    $text = preg_replace('#( on[a-z]{1,}|style|class|id)="(.*?)"#i', '', $text);
-    $text = preg_replace('#( on[a-z]{1,}|style|class|id)=\'(.*?)\'#i', '', $text);
-    $text = preg_replace('#( on[a-z]{1,}|style|class|id)[ \t]*=[ \t]*([^ \t\>]*?)#i', '', $text);
+    $text = preg_replace('#(([\s"\'])on[a-z]{1,}|style|class|id)="(.*?)"#i', '$1', $text);
+    $text = preg_replace('#(([\s"\'])on[a-z]{1,}|style|class|id)=\'(.*?)\'#i', '$1', $text);
+    $text = preg_replace('#(([\s"\'])on[a-z]{1,}|style|class|id)[ \t]*=[ \t]*([^ \t\>]*?)#i', '$1', $text);
     $text = preg_replace('#([a-z]{1,})="(( |\t)*?)(javascript|vbscript|about):(.*?)"#i', '$1=""', $text);
     $text = preg_replace('#([a-z]{1,})=\'(( |\t)*?)(javascript|vbscript|about):(.*?)\'#i', '$1=""', $text);
     $text = preg_replace('#\<(\/{0,1})([a-z]{0,2})(frame|applet)(.*?)\>#i', '', $text);