From 7005fbdd00eee4b51c1464a246382edc65e0509a Mon Sep 17 00:00:00 2001
From: e107steved <steved@e107.org>
Date: Fri, 15 Jun 2007 19:30:57 +0000
Subject: [PATCH] Do a bit of filtering on URLs

---
 e107_files/bbcode/link.bb | 3 ++-
 e107_files/bbcode/url.bb  | 2 ++
 2 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/e107_files/bbcode/link.bb b/e107_files/bbcode/link.bb
index c7a410e24..420365a15 100644
--- a/e107_files/bbcode/link.bb
+++ b/e107_files/bbcode/link.bb
@@ -17,10 +17,11 @@ if(substr($parm,0,6) == "mailto")
 if ($parm && $parm != 'external' && strpos($parm, ' ') === FALSE)
 {
 	$parm = preg_replace('#^external.#is', '', $parm);
+	if (strtolower(substr($parm,0,11)) == 'javascript:') return '';
 	return "<a class='bbcode' href='".$tp -> toAttribute($parm)."'".$external.">".$code_text."</a>";
 }
-
 else
 {
+  if (strtolower(substr($parm,0,11)) == 'javascript:') return '';
 	return "<a class='bbcode' href='".$tp -> toAttribute($code_text)."'".$external.">".$code_text."</a>";
 }
diff --git a/e107_files/bbcode/url.bb b/e107_files/bbcode/url.bb
index 5dce0fa26..600c05892 100644
--- a/e107_files/bbcode/url.bb
+++ b/e107_files/bbcode/url.bb
@@ -6,9 +6,11 @@ $external = ($pref['links_new_window'] || strpos($parm, 'external') === 0) ? " r
 if ($parm && $parm != 'external' && strpos($parm, ' ') === FALSE)
 {
 	$parm = preg_replace('#^external.#is', '', $parm);
+	if (strtolower(substr($parm,0,11)) == 'javascript:') return '';
 	return "<a href='".$tp -> toAttribute($parm)."'".$external.">".$code_text."</a>";
 }
 else
 {
+  if (strtolower(substr($parm,0,11)) == 'javascript:') return '';
 	return "<a href='".$tp -> toAttribute($code_text)."'".$external.">".$code_text."</a>";
 }