// Reject problematic keywords and control characters
if ( preg_match( '/[\000-\010\016-\037\177]/', $value ) ) {
return '/* invalid control char */';
- } elseif ( preg_match( '! expression | filter\s*: | accelerator\s*: | url\s*\( !ix', $value ) ) {
+ } elseif ( preg_match( '! expression | filter\s*: | accelerator\s*: | url\s*\( | image\s*\( !ix', $value ) ) {
return '/* insecure input */';
}
return $value;
'Remove anything after a comment-start token' ),
array( '', "\\2f\\2a unifinished comment'",
'Remove anything after a backslash-escaped comment-start token' ),
+ array( '/* insecure input */', 'filter: progid:DXImageTransform.Microsoft.AlphaImageLoader(src=\'asdf.png\',sizingMethod=\'scale\');'),
+ array( '/* insecure input */', '-ms-filter: "progid:DXImageTransform.Microsoft.AlphaImageLoader(src=\'asdf.png\',sizingMethod=\'scale\')";'),
+ array( '/* insecure input */', 'width: expression(1+1);'),
+ array( '/* insecure input */', 'background-image: image(asdf.png);'),
+ array( '/* insecure input */', 'background-image: -webkit-image(asdf.png);'),
+ array( '/* insecure input */', 'background-image: -moz-image(asdf.png);'),
);
}
}