From 70afc0f3a670cd387466f2915e368d60b64d62ee Mon Sep 17 00:00:00 2001
From: mikelittle <mikelittle@1a063a9b-81f0-0310-95a4-ce76da25c4cd>
Date: Sat, 2 Aug 2003 13:26:26 +0000
Subject: [PATCH] Separated out html sanitise stuff from balance tags. Also
 made it slightly more robust.

git-svn-id: http://svn.automattic.com/wordpress/trunk@284 1a063a9b-81f0-0310-95a4-ce76da25c4cd
---
 b2-include/b2functions.php | 24 +++++++++++++++---------
 1 file changed, 15 insertions(+), 9 deletions(-)

diff --git a/b2-include/b2functions.php b/b2-include/b2functions.php
index 74dcedc144..558228c8af 100644
--- a/b2-include/b2functions.php
+++ b/b2-include/b2functions.php
@@ -1113,6 +1113,20 @@ function pingback($content, $post_ID) {
 	debug_fclose($log);
 }
 
+/**
+ ** sanitise HTML attributes, remove frame/applet/*script/mouseovers,etc. tags
+ ** so that this kind of thing cannot be done:
+ ** This is how we can do <b onmouseover="alert('badbadbad')">bad stuff</b>!
+ **/
+function sanitise_html_attributes($text) {
+    $text = preg_replace('#( on[a-z]{1,}|style|class|id)="(.*?)"#i', '', $text);
+    $text = preg_replace('#( on[a-z]{1,}|style|class|id)=\'(.*?)\'#i', '', $text);
+    $text = preg_replace('#( on[a-z]{1,}|style|class|id)[ \t]*=[ \t]*([^ \t\>]*?)#i', '', $text);
+    $text = preg_replace('#([a-z]{1,})="(( |\t)*?)(javascript|vbscript|about):(.*?)"#i', '$1=""', $text);
+    $text = preg_replace('#([a-z]{1,})=\'(( |\t)*?)(javascript|vbscript|about):(.*?)\'#i', '$1=""', $text);
+    $text = preg_replace('#\<(\/{0,1})([a-z]{0,2})(frame|applet)(.*?)\>#i', '', $text);
+    return $text;
+}
 
 /*
  balanceTags
@@ -1132,19 +1146,11 @@ function pingback($content, $post_ID) {
                   Added Cleaning Hooks
              1.0  First Version
 */
-
 function balanceTags($text, $is_comment = 0) {
 	global $use_balanceTags;
 
 	if ($is_comment) {
-        $text = stripslashes($text);
-		// sanitise HTML attributes, remove frame/applet tags
-		$text = preg_replace('#( on[a-z]{1,}|style|class|id)="(.*?)"#i', '', $text);
-		$text = preg_replace('#( on[a-z]{1,}|style|class|id)=\'(.*?)\'#i', '', $text);
-		$text = preg_replace('#([a-z]{1,})="(( |\t)*?)(javascript|vbscript|about):(.*?)"#i', '$1=""', $text);
-		$text = preg_replace('#([a-z]{1,})=\'(( |\t)*?)(javascript|vbscript|about):(.*?)\'#i', '$1=""', $text);
-		$text = preg_replace('#\<(\/{0,1})([a-z]{0,2})(frame|applet)(.*?)\>#i', '', $text);
-        $text = addslashes($text);
+        $text = sanitise_html_attributes($text);
 	}
 	
 	if ($use_balanceTags == 0) {