From d884a771ca23757f47f043ed0028dd00554b3e5c Mon Sep 17 00:00:00 2001
From: ovclas <ovclas@gmail.com>
Date: Mon, 27 Aug 2012 06:16:41 +0000
Subject: [PATCH] XSS Defense

git-svn-id: http://xe-core.googlecode.com/svn/branches/1.5.3.2@11091 201d5d3c-b55e-5fd7-737f-ddc643e51545
---
 config/func.inc.php | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/config/func.inc.php b/config/func.inc.php
index 3415ee367..7368dbc6b 100644
--- a/config/func.inc.php
+++ b/config/func.inc.php
@@ -855,6 +855,15 @@
 					}
 				}
 			}
+
+			if($tag == 'img')
+			{
+				$attribute = strtolower(trim($name));
+				if(strpos(strtolower($val), 'data:') === 0)
+				{
+					continue;
+				}
+			}
 			$val    = str_replace('"', '&quot;', $val);
 			$attr[] = $name."=\"{$val}\"";
 		}