#1790:Issue fixed

63de11d9 · Apparao G · ac9372b5 · 63de11d9
Commit 63de11d9 authored 1 year ago by Apparao G
--- a/include/utils/VtlibUtils.php
+++ b/include/utils/VtlibUtils.php
@@ -807,11 +807,11 @@ function purifyJavascriptAlert($value){
        // skip javascript: contents check if tag is not available,as javascript: regex will cause performace issue if the contents will be large 
        if (preg_match_all('/(&.*?lt;|<)'.$tag.'[^>]*?(>|&.*?gt;)/i', $value,$matches)) {
-            $javaScriptRegex = '/(&.*?lt;|<).?'.$tag.' [^>]*(j[\s]?a[\s]?v[\s]?a[\s]?s[\s]?c[\s]?r[\s]?i[\s]?p[\s]?t[\s]*[=&%#:])[^>]*?(>|&.*?gt;)/i';
+            $javaScriptRegex = '/(&.*?lt;|<).?'.$tag.'[^>]*(j[\s]?a[\s]?v[\s]?a[\s]?s[\s]?c[\s]?r[\s]?i[\s]?p[\s]?t[\s]*[=&%#:])[^>]*?(>|&.*?gt;)/i';
            foreach($matches[0] as $matchedValue){
                //strict check addded - if &tab;/&newLine added in the above tags we are replacing it to spaces.
-                $purifyContent = preg_replace('/&NewLine;|&amp;NewLine;|&Tab;|&amp;Tab;|\t/i',' ',$matchedValue);
+                $purifyContent = preg_replace('/&NewLine;|&amp;NewLine;|&Tab;|&amp;Tab;|\t/i',' ',$purifyContent);
-                $purifyContent = preg_replace($javaScriptRegex,"<$tag>",$purifyContent);
+		$purifyContent = preg_replace($javaScriptRegex,"<$tag>",decode_html($matchedValue));
                $value = str_replace($matchedValue, $purifyContent, $value);
                /*