From 2bdfaf8d83b51c8eef530e1364364e35e79318f4 Mon Sep 17 00:00:00 2001
From: Uma <uma.s@vtiger.com>
Date: Mon, 15 Jun 2020 17:33:41 +0530
Subject: [PATCH] Fixes cleaning up text data for vulnerable code

---
 include/utils/VtlibUtils.php | 18 +++++++++++-------
 1 file changed, 11 insertions(+), 7 deletions(-)

diff --git a/include/utils/VtlibUtils.php b/include/utils/VtlibUtils.php
index 8ddf0ec62..77e56ce62 100644
--- a/include/utils/VtlibUtils.php
+++ b/include/utils/VtlibUtils.php
@@ -715,12 +715,16 @@ function vtlib_purify($input, $ignore=false) {
  * @return <String>
  */
 function purifyHtmlEventAttributes($value,$replaceAll = false){
-	$htmlEventAttributes = "onerror|onblur|onchange|oncontextmenu|onfocus|oninput|oninvalid|".
-                        "onreset|onsearch|onselect|onsubmit|onkeydown|onkeypress|onkeyup|".
-                        "onclick|ondblclick|ondrag|ondragend|ondragenter|ondragleave|ondragover|".
-                        "ondragstart|ondrop|onmousedown|onmousemove|onmouseout|onmouseover|".
-						"onmouseup|onmousewheel|onscroll|onwheel|oncopy|oncut|onpaste|onload|".
-						"onselectionchange|onabort|onselectstart|onstart|onfinish|onloadstart|onshow";
+	$htmlEventAttributes = "onerror|onblur|onchange|oncontextmenu|onfocus|oninput|oninvalid|onresize|onauxclick|oncancel|oncanplay|oncanplaythrough|".
+                        "onreset|onsearch|onselect|onsubmit|onkeydown|onkeypress|onkeyup|onclose|oncuechange|ondurationchange|onemptied|onended|".
+                        "onclick|ondblclick|ondrag|ondragend|ondragenter|ondragleave|ondragover|ondragexit|onformdata|onloadeddata|onloadedmetadata|".
+                        "ondragstart|ondrop|onmousedown|onmousemove|onmouseout|onmouseover|onmouseenter|onmouseleave|onpause|onplay|onplaying|".
+						"onmouseup|onmousewheel|onscroll|onwheel|oncopy|oncut|onpaste|onload|onprogress|onratechange|onsecuritypolicyviolation|".
+						"onselectionchange|onabort|onselectstart|onstart|onfinish|onloadstart|onshow|onreadystatechange|onseeked|onslotchange|".
+						"onseeking|onstalled|onsubmit|onsuspend|ontimeupdate|ontoggle|onvolumechange|onwaiting|onwebkitanimationend|onstorage|".
+						"onwebkitanimationiteration|onwebkitanimationstart|onwebkittransitionend|onafterprint|onbeforeprint|onbeforeunload|".
+						"onhashchange|onlanguagechange|onmessage|onmessageerror|onoffline|ononline|onpagehide|onpageshow|onpopstate|onunload".
+						"onrejectionhandled|onunhandledrejection|onloadend";
     
     // remove malicious html attributes with its value.
     if ($replaceAll) {
@@ -728,7 +732,7 @@ function purifyHtmlEventAttributes($value,$replaceAll = false){
         $value = preg_replace("/\s*(" . $htmlEventAttributes . ")" . $regex, '', $value);
 		
 		/**
-		* #131224556::if anchor tag having 'javascript:' string then remove the tag contents.
+		* If anchor tag having 'javascript:' string then remove the tag contents.
 		* Right now, we fixed this for anchor tag as we don't see any other such things right now.  
 		* All other event attributes are already handled above. Need to update this if any thing new found
 		*/
-- 
GitLab