From f01c8ec4f1324ed8b68e912220735af96c86883c Mon Sep 17 00:00:00 2001
From: Andrew Dolgov <fox@madoka.volgo-balt.ru>
Date: Sun, 17 Mar 2013 14:55:55 +0400
Subject: prevent absolutely useless 'exploit' (not really) while editing
 filters (closes #572)

---
 js/functions.js | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'js')

diff --git a/js/functions.js b/js/functions.js
index 72f72ddaa..e00690c1c 100644
--- a/js/functions.js
+++ b/js/functions.js
@@ -964,6 +964,8 @@ function createNewRuleElement(parentNode, replaceNode) {
 	try {
 		var form = document.forms["filter_new_rule_form"];
 
+		form.reg_exp.value = form.reg_exp.value.replace(/(<([^>]+)>)/ig,"");
+
 		var query = "backend.php?op=pref-filters&method=printrulename&rule="+
 			param_escape(dojo.formToJson(form));
 
-- 
cgit v1.2.3