From a0aa29242fe767221f039b2660d46afae8670f0a Mon Sep 17 00:00:00 2001
From: satish <satish.dvnk@vtiger.com>
Date: Tue, 21 Jun 2016 16:06:49 +0530
Subject: [PATCH] Revert "Revert "Tightened attribute check to cleanup.""

This reverts commit ec067d9bb48ea636785690d236c6ff906274c9e4.
---
 include/utils/VtlibUtils.php | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/include/utils/VtlibUtils.php b/include/utils/VtlibUtils.php
index 57852c7b8..e44c1c66d 100644
--- a/include/utils/VtlibUtils.php
+++ b/include/utils/VtlibUtils.php
@@ -667,8 +667,9 @@ function purifyHtmlEventAttributes($value){
                         "onreset|onsearch|onselect|onsubmit|onkeydown|onkeypress|onkeyup|".
                         "onclick|ondblclick|ondrag|ondragend|ondragenter|ondragleave|ondragover|".
                         "ondragstart|ondrop|onmousedown|onmousemove|onmouseout|onmouseover|".
-                        "onmouseup|onmousewheel|onscroll|onwheel|oncopy|oncut|onpaste";
-    if(preg_match("/\s(".$htmlEventAttributes.")\s*=/i", $value)) {
+						"onmouseup|onmousewheel|onscroll|onwheel|oncopy|oncut|onpaste|onload|".
+						"onselectionchange|onabort|onselectstart";
+    if(preg_match("/\s*(".$htmlEventAttributes.")\s*=/i", $value)) {
         $value = str_replace("=", "&equals;", $value);
     }
     return $value;
-- 
GitLab