Global: Fix filter for "on" attributes was too wide and replaced normal text containing " on" - refs #5887

Fix df47eac
Advisory GHSA-8qqw-rjh4-5gp2

Author: AngelFQC

main/inc/lib/formvalidator/FormValidator.class.php

@@ -2102,14 +2102,10 @@ function plain_url_filter($html, $mode = NO_HTML)
 
 /**
  * Prevent execution of event handlers in HTML elements.
- *
- * @param string $html
- *
- * @return string
  */
-function attr_on_filter($html)
+function attr_on_filter(string $html): string
 {
-    $prefix = uniqid('data-cke-').'-';
+    $pattern = '/\s*on\w+=(?:"[^"]*"|\'[^\']*\'|[^\s>]+)/i';
 
-    return preg_replace('/\b(on[a-z]+)\b\s*=/i', '$1'.$prefix.'$2', $html);
+    return preg_replace($pattern, '', $html);
 }