From d53ce67174bd0fb54ed0003ba20037488b8024db Mon Sep 17 00:00:00 2001
From: Jamie Cameron <jcameron@webmin.com>
Date: Sun, 21 May 2017 11:25:58 -0700
Subject: [PATCH] Filter out ANY onX= tags in HTML, as the number of possible
 ways Javascript can be called is unbounded

---
 web-lib-funcs.pl | 1 +
 1 file changed, 1 insertion(+)

diff --git a/web-lib-funcs.pl b/web-lib-funcs.pl
index 28628df7b..188bba462 100755
--- a/web-lib-funcs.pl
+++ b/web-lib-funcs.pl
@@ -7874,6 +7874,7 @@ $rv =~ s/<\s*script[^>]*>([\000-\377]*?)<\s*\/script\s*>//gi;
 $rv =~ s/(on(Abort|BeforeUnload|Blur|Change|Click|ContextMenu|Copy|Cut|DblClick|Drag|DragEnd|DragEnter|DragLeave|DragOver|DragStart|DragDrop|Drop|Error|Focus|FocusIn|FocusOut|HashChange|Input|Invalid|KeyDown|KeyPress|KeyUp|Load|MouseDown|MouseEnter|MouseLeave|MouseMove|MouseOut|MouseOver|MouseUp|Move|Paste|PageShow|PageHide|Reset|Resize|Scroll|Search|Select|Submit|Toggle|Unload)=)/x$1/gi;
 $rv =~ s/(javascript:)/x$1/gi;
 $rv =~ s/(vbscript:)/x$1/gi;
+$rv =~ s/<([^>]*\s|)(on\S+=)(.*)>/<$1x$2$3>/gi;
 return $rv;
 }