From b3206b4b2822b8c9d18c4730aa1afdf72a758f8c Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Wed, 15 Aug 2012 04:13:17 -0400
Subject: [PATCH] Fix XSS issue with href="javascript:" not being removed (#1488613)

---
 program/include/html.php |    3 ++-
 1 files changed, 2 insertions(+), 1 deletions(-)

diff --git a/program/include/html.php b/program/include/html.php
index 0e89d77..c15ef45 100644
--- a/program/include/html.php
+++ b/program/include/html.php
@@ -317,7 +317,8 @@
 {
     protected $tagname = 'input';
     protected $type = 'text';
-    protected $allowed = array('type','name','value','size','tabindex',
+    protected $allowed = array(
+        'type','name','value','size','tabindex','autocapitalize',
         'autocomplete','checked','onchange','onclick','disabled','readonly',
         'spellcheck','results','maxlength','src','multiple','placeholder');
 

--
Gitblit v1.9.1