From 63de11d9c8a41d77db04f41e20bdf6e127d1f9b8 Mon Sep 17 00:00:00 2001
From: appu <apparao@vtiger.com>
Date: Mon, 20 Nov 2023 17:35:57 +0530
Subject: [PATCH] #1790:Issue fixed

---
 include/utils/VtlibUtils.php | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/include/utils/VtlibUtils.php b/include/utils/VtlibUtils.php
index bc2233942..9d8122d19 100644
--- a/include/utils/VtlibUtils.php
+++ b/include/utils/VtlibUtils.php
@@ -807,11 +807,11 @@ function purifyJavascriptAlert($value){
         
         // skip javascript: contents check if tag is not available,as javascript: regex will cause performace issue if the contents will be large 
         if (preg_match_all('/(&.*?lt;|<)'.$tag.'[^>]*?(>|&.*?gt;)/i', $value,$matches)) {
-            $javaScriptRegex = '/(&.*?lt;|<).?'.$tag.' [^>]*(j[\s]?a[\s]?v[\s]?a[\s]?s[\s]?c[\s]?r[\s]?i[\s]?p[\s]?t[\s]*[=&%#:])[^>]*?(>|&.*?gt;)/i';
+            $javaScriptRegex = '/(&.*?lt;|<).?'.$tag.'[^>]*(j[\s]?a[\s]?v[\s]?a[\s]?s[\s]?c[\s]?r[\s]?i[\s]?p[\s]?t[\s]*[=&%#:])[^>]*?(>|&.*?gt;)/i';
             foreach($matches[0] as $matchedValue){
                 //strict check addded - if &tab;/&newLine added in the above tags we are replacing it to spaces.
-                $purifyContent = preg_replace('/&NewLine;|&amp;NewLine;|&Tab;|&amp;Tab;|\t/i',' ',$matchedValue);
-                $purifyContent = preg_replace($javaScriptRegex,"<$tag>",$purifyContent);
+                $purifyContent = preg_replace('/&NewLine;|&amp;NewLine;|&Tab;|&amp;Tab;|\t/i',' ',$purifyContent);
+		$purifyContent = preg_replace($javaScriptRegex,"<$tag>",decode_html($matchedValue));
                 $value = str_replace($matchedValue, $purifyContent, $value);
                 
                 /*
-- 
GitLab