|
|
@ -540,10 +540,10 @@ class rcube_utils
|
|
|
|
public static function xss_entity_decode($content)
|
|
|
|
public static function xss_entity_decode($content)
|
|
|
|
{
|
|
|
|
{
|
|
|
|
$out = html_entity_decode(html_entity_decode($content));
|
|
|
|
$out = html_entity_decode(html_entity_decode($content));
|
|
|
|
$out = strip_tags($out);
|
|
|
|
|
|
|
|
$out = preg_replace_callback('/\\\([0-9a-f]{4})/i',
|
|
|
|
$out = preg_replace_callback('/\\\([0-9a-f]{4})/i',
|
|
|
|
array(self, 'xss_entity_decode_callback'), $out);
|
|
|
|
array(self, 'xss_entity_decode_callback'), $out);
|
|
|
|
$out = preg_replace('#/\*.*\*/#Ums', '', $out);
|
|
|
|
$out = preg_replace('#/\*.*\*/#Ums', '', $out);
|
|
|
|
|
|
|
|
$out = strip_tags($out);
|
|
|
|
|
|
|
|
|
|
|
|
return $out;
|
|
|
|
return $out;
|
|
|
|
}
|
|
|
|
}
|
|
|
|