Changed input attribute syntax to be more user-friendly and less standards-compliant...

author Tim Starling <tstarling@users.mediawiki.org>

Sun, 1 May 2005 18:15:58 +0000 (18:15 +0000)

committer Tim Starling <tstarling@users.mediawiki.org>

Sun, 1 May 2005 18:15:58 +0000 (18:15 +0000)
author Tim Starling <tstarling@users.mediawiki.org>
Sun, 1 May 2005 18:15:58 +0000 (18:15 +0000)
committer Tim Starling <tstarling@users.mediawiki.org>
Sun, 1 May 2005 18:15:58 +0000 (18:15 +0000)
diff --git a/includes/Sanitizer.php b/includes/Sanitizer.php

index e6c56e9..384fd20 100644 (file)
--- a/includes/Sanitizer.php
+++ b/includes/Sanitizer.php
@@ -216,7 +216,10 @@ class Sanitizer {
                         return '';
                 }
                 
-               $attrib = '[A-Za-z0-9]'; #FIXME
+               # Unquoted attribute
+               # Since we quote this later, this can be anything distinguishable 
+               # from the end of the attribute
+               $attrib = '[A-Za-z0-9]'; 
                 $space = '[\x09\x0a\x0d\x20]';
                 if( !preg_match_all(
                         "/(?:^|$space)($attrib+)
@@ -225,7 +228,7 @@ class Sanitizer {
                              # The attribute value: quoted or alone
                               \"([^<\"]*)\"
                              | '([^<']*)'
-                            |  ([a-zA-Z0-9._:-]+)
+                            |  ([a-zA-Z0-9!#$%&()*,\\-.\\/:;<>?@[\\]^_`{|}~]+)
                              |  (\#[0-9a-fA-F]+) # Technically wrong, but lots of
                                                  # colors are specified like this.
                                                  # We'll be normalizing it.
author	Tim Starling <tstarling@users.mediawiki.org>
	Sun, 1 May 2005 18:15:58 +0000 (18:15 +0000)
committer	Tim Starling <tstarling@users.mediawiki.org>
	Sun, 1 May 2005 18:15:58 +0000 (18:15 +0000)