Merge pull request #831 from dogmatic69/sanitize-regex-cleanup

adjusting the way the regex is done so its easier to read
2024-11-15 03:18:26 +00:00 · 2012-09-13 14:41:36 -07:00 · 2012-09-13 14:41:36 -07:00 · 31ca237709
commit 31ca237709
parent 0f8262ec45 50333a2866
1 changed files with 7 additions and 2 deletions
--- a/lib/Cake/Utility/Sanitize.php
+++ b/lib/Cake/Utility/Sanitize.php
@ -150,10 +150,15 @@ class Sanitize {
 * Strips scripts and stylesheets from output
 *
 * @param string $str String to sanitize
- * @return string String with <script>, <style>, <link>, <img> elements removed.
+ * @return string String with <link>, <img>, <script>, <style> elements and html comments removed.
 */
 	public static function stripScripts($str) {
-		$regex = '/(<link[^>]+rel="[^"]*stylesheet"[^>]*>|<img[^>]*>|style="[^"]*")|<script[^>]*>.*?<\/script>|<style[^>]*>.*?<\/style>|<!--.*?-->/is';
+		$regex =
+			'/(<link[^>]+rel="[^"]*stylesheet"[^>]*>|' .
+			'<img[^>]*>|style="[^"]*")|' .
+			'<script[^>]*>.*?<\/script>|' .
+			'<style[^>]*>.*?<\/style>|' .
+			'<!--.*?-->/is';
 		return preg_replace($regex, '', $str);
 	}