From 87fc21be8c05456b302007a4420c0794531fd2a0 Mon Sep 17 00:00:00 2001
From: zero <skklove@gmail.com>
Date: Thu, 19 Jun 2008 05:40:20 +0000
Subject: [PATCH] =?UTF-8?q?XSS=20=EC=8B=9C=EB=8F=84=EB=A5=BC=20=EC=B0=A8?=
 =?UTF-8?q?=EB=8B=A8=ED=95=98=EA=B8=B0=20=EC=9C=84=ED=95=9C=20=EA=B8=80=20?=
 =?UTF-8?q?=EB=82=B4=EC=9A=A9=EC=9D=98=20event=20handling=20=EC=BD=94?=
 =?UTF-8?q?=EB=93=9C=EB=A5=BC=20=EB=AC=B4=ED=9A=A8=ED=99=94=20=EC=8B=9C?=
 =?UTF-8?q?=ED=82=A4=EB=8F=84=EB=A1=9D=20=EA=B8=B0=EB=8A=A5=20=EC=B6=94?=
 =?UTF-8?q?=EA=B0=80?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

git-svn-id: http://xe-core.googlecode.com/svn/sandbox@4302 201d5d3c-b55e-5fd7-737f-ddc643e51545
---
 config/func.inc.php | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/config/func.inc.php b/config/func.inc.php
index 571cceb74..3044ac8d4 100644
--- a/config/func.inc.php
+++ b/config/func.inc.php
@@ -416,9 +416,18 @@
         // style 태그 제거
         $content = preg_replace("!<style(.*?)<\/style>!is", '', $content);
 
+        // XSS 사용을 위한 이벤트 제거
+        $content = preg_replace_callback("!<([a-z]+)(.*?)>!is", removeJSEvent, $content);
+
         return $content;
     }
 
+    function removeJSEvent($matches) {
+        $tag = strtolower($matches[1]);
+        if($tag == "a" && preg_match('/href=("|\'?)javascript:/i',$matches[2])) $matches[0] = preg_replace('/href=("|\'?)javascript:/i','href=$1_javascript:', $matches[0]);
+        return preg_replace('/on([a-z]+)=/i','_on$1=',$matches[0]);
+    }
+
     // hexa값을 RGB로 변환
     if(!function_exists('hexrgb')) {
         function hexrgb($hexstr) {