From 1a3054c04133767ecce7940501f21836f8e9ac97 Mon Sep 17 00:00:00 2001 From: Cameron Date: Thu, 14 Jan 2021 14:50:16 -0800 Subject: [PATCH] Removed old code from parser. --- e107_handlers/e_parse_class.php | 101 -------------------------------- 1 file changed, 101 deletions(-) diff --git a/e107_handlers/e_parse_class.php b/e107_handlers/e_parse_class.php index 4aa76085e..3c061016f 100644 --- a/e107_handlers/e_parse_class.php +++ b/e107_handlers/e_parse_class.php @@ -5292,12 +5292,6 @@ class e_parser */ $cleaned = $doc->saveHTML($doc->documentElement); // $doc->documentElement fixes utf-8/entities issue. @see http://stackoverflow.com/questions/8218230/php-domdocument-loadhtml-not-encoding-utf-8-correctly - // Workaround for https://bugs.php.net/bug.php?id=76285 - // Part 2 of 2 - // prevent replacement of   with spaces. - convert back. - - // convert shortcode temporary triple-curly braces back to entities. - // convert shortcode temporary triple-curly braces back to entities. $cleaned = str_replace( array("\n", '__E_PARSER_CLEAN_HTML_LINE_BREAK__', '__E_PARSER_CLEAN_HTML_NON_BREAKING_SPACE__', '{{{', '}}}', '__E_PARSER_CLEAN_HTML_CURLY_OPEN__', '__E_PARSER_CLEAN_HTML_CURLY_CLOSED__', '', '', '', ''), @@ -5343,101 +5337,6 @@ class e_parser } - - /** - * XSS HTML code to test against - */ - public function getXss() - { - -$html = << -日本語
-简体中文
-Test -A GOOD LINK: Some Link -Test regex - - -
Hi there
-
- - -
    -
  • -
-
- -XXX - - -alert(1)//0 -
< -script>document.getElementById("div2").innerHTML = document.getElementById("div1").innerHTML; -Some example text
-This is bold
-This is italic
-Some small text -
This is pre-formatted
-        
-        Bold Stuff
-        
something

-        code
-        BOLD
-        function myfunction()
-        {
-            
-        }
-
- - function myfunction() - { - - } - - - -><image xlink:href=" - - - // O10.10↓, OM10.0↓, GC6↓, FF // IE6, O10.10↓, OM10.0↓ // IE6, O11.01↓, OM10.1↓ -
x
- -[A] "> "> "> [B] "> [C] [D] <% foo> - - some content without two new line \n\n Content-Type: multipart/related; boundary="******"some content without two new line --****** Content-Location: xss.html Content-Transfer-Encoding: base64 PGlmcmFtZSBuYW1lPWxvIHN0eWxlPWRpc3BsYXk6bm9uZT48L2lmcmFtZT4NCjxzY3JpcHQ+DQp1 cmw9bG9jYXRpb24uaHJlZjtkb2N1bWVudC5nZXRFbGVtZW50c0J5TmFtZSgnbG8nKVswXS5zcmM9 dXJsLnN1YnN0cmluZyg2LHVybC5pbmRleE9mKCcvJywxNSkpO3NldFRpbWVvdXQoImFsZXJ0KGZy YW1lc1snbG8nXS5kb2N1bWVudC5jb29raWUpIiwyMDAwKTsNCjwvc2NyaXB0PiAgICAg --******-- -
- -XXX - - - - `><img src=xx:x onerror=alert(1)></a> `><img src=xx:x onerror=alert(2)// `><img src=xx:x onerror=alert(3)// - - - // Safari 5.0, Chrome 9, 10 // Safari 5.0 - - - <% %></xmp><img src=xx:x onerror=alert(1)// %>/ alert(2) XXX -->{} *{color:red} -X - -
XXX
-
- - - -





...



- -
Some text goes here
- - -EOF; - -return $html; - - } -