X-Git-Url: http://git.cyclocoop.org/%22.%24h.%22?a=blobdiff_plain;f=includes%2FSanitizer.php;h=40696583760d9b3b8ce518da1011365e89a3d4e9;hb=5335a84c9ef221d03f264834cf136d9dd11a749a;hp=c81c7bba017d288df1e694ae90b088fd9f586b44;hpb=9c44be0eea12d6b89079bf43c27e7feeadf64ebe;p=lhc%2Fweb%2Fwiklou.git

diff --git a/includes/Sanitizer.php b/includes/Sanitizer.php
index c81c7bba01..4069658376 100644
--- a/includes/Sanitizer.php
+++ b/includes/Sanitizer.php
@@ -1015,6 +1015,7 @@ class Sanitizer {
 				| url\s*\(
 				| image\s*\(
 				| image-set\s*\(
+				| attr\s*\([^)]+[\s,]+url
 			!ix', $value ) ) {
 			return '/* insecure input */';
 		}