diff --git a/htdocs/core/lib/functions.lib.php b/htdocs/core/lib/functions.lib.php index 6c034e9baa7..6aed72e06f8 100644 --- a/htdocs/core/lib/functions.lib.php +++ b/htdocs/core/lib/functions.lib.php @@ -1272,7 +1272,7 @@ function sanitizeVal($out = '', $check = 'alphanohtml', $filter = null, $options case 'restricthtmlnolink': case 'restricthtml': // Recommended for most html textarea case 'restricthtmlallowclass': - case 'restricthtmlallowlinkjstag': // Allow link and js tag for head section. + case 'restricthtmlallowlinkscript': // Allow link and script tag for head section. case 'restricthtmlallowunvalid': $out = dol_htmlwithnojs($out, 1, $check); break; @@ -8259,7 +8259,7 @@ function dol_nl2br($stringtoencode, $nl2brmode = 0, $forxml = false) * * @param string $stringtoencode String to encode * @param int $nouseofiframesandbox 0=Default, 1=Allow use of option MAIN_SECURITY_USE_SANDBOX_FOR_HTMLWITHNOJS for html sanitizing (not yet working) - * @param string $check 'restricthtmlnolink' or 'restricthtml' or 'restricthtmlallowclass' or 'restricthtmlallowlinkjstag' or 'restricthtmlallowunvalid' + * @param string $check 'restricthtmlnolink' or 'restricthtml' or 'restricthtmlallowclass' or 'restricthtmlallowlinkscript' or 'restricthtmlallowunvalid' * @return string HTML sanitized */ function dol_htmlwithnojs($stringtoencode, $nouseofiframesandbox = 0, $check = 'restricthtml') @@ -8376,7 +8376,7 @@ function dol_htmlwithnojs($stringtoencode, $nouseofiframesandbox = 0, $check = ' $out = preg_replace('/&#x?[0-9]+/i', '', $out); // For example if we have javascript with an entities without the ; to hide the 'a' of 'javascript'. // Keep only some html tags and remove also some 'javascript:' strings - if ($check == 'restricthtmlallowlinkjstag') { + if ($check == 'restricthtmlallowlinkscript') { $out = dol_string_onlythesehtmltags($out, 0, 1, 0, 0, array(), 1); } elseif ($check == 'restricthtmlallowclass') { $out = dol_string_onlythesehtmltags($out, 0, 0, 1);