- private String[] badAttributeValuePrefixes= {"javascript","vbscript","about","wysiwyg","data","view-source","ms-its","mhtml","shell","lynxexec","lynxcgi","hcp","ms-help","help","disk","vnd.ms.radio","opera","res","resource","chrome","mocha","livescript"};
-
-
- private String[] badAttributes = {"onabort", "onblur", "onchange", "onclick", "ondblclick", "onerror", "onfocus", "onkeydown", "onKeypress", "onkeyup", "onload", "onmousedown", "onmousemove", "onmouseout", "onmouseover", "onmouseup", "onreset", "onselect", "onsubmit", "onunload","onload","onclick","onfocus","onblur","FSCommand","onAbort","onActivate","onAfterPrint","onAfterUpdate","onBeforeActivate","onBeforeCopy","onBeforeCut","onBeforeDeactivate","onBeforeEditFocus","onBeforePaste","onBeforePrint","onBeforeUnload","onBegin","onBlur","onBounce","onCellChange","onChange","onClick","onContextMenu","onControlSelect","onCopy","onCut","onDataAvailible","onDataSetChanged","onDataSetComplete","onDblClick","onDeactivate","onDrag","onDragEnd","onDragLeave","onDragEnter","onDragOver","onDragDrop","onDrop","onEnd","onError","onErrorUpdate","onExit","onFilterChange","onFinish","onFocus","onFocusIn","onFocusOut","onHelp","onKeyDown","onKeyPress","onKeyUp","onLayoutComplete","onLoad","onLoseCapture","onMediaComplete","onMediaError","onMouseDown","onMouseEnter","onMouseLeave","onMouseMove","onMouseOut","onMouseOver","onMouseUp","onMouseWheel","onMove","onMoveEnd","onMoveStart","onOutOfSync","onPaste","onPause","onProgress","onPropertyChange","onReadyStateChange","onRepeat","onReset","onResize","onResizeEnd","onResizeStart","onResume","onReverse","onRowEnter","onRowExit","onRowDelete","onRowInserted","onScroll","onSeek","onSelect","onSelectionChange","onSelectStart","onStart","onStop","onSynchRestored","onSubmit","onTimeError","onTrackChange","onUnload","onURLFlip","seekSegmentTime","style","height","width"};
-
- private boolean isBadAttr(String attrName){
- for (int i=0;i<badAttributes.length;i++){
- if (badAttributes[i].toLowerCase().equals(attrName.toLowerCase()))
- return true;
+ private String[] badAttributeValuePrefixes = {
+ "javascript", "vbscript", "about", "wysiwyg", "data", "view-source",
+ "ms-its", "mhtml", "shell", "lynxexec", "lynxcgi", "hcp", "ms-help",
+ "help", "disk", "vnd.ms.radio", "opera", "res", "resource", "chrome",
+ "mocha", "livescript"};
+
+
+ private String[] badAttributes = {
+ "onabort", "onblur", "onchange", "onclick", "ondblclick", "onerror",
+ "onfocus", "onkeydown", "onKeypress", "onkeyup", "onload", "onmousedown",
+ "onmousemove", "onmouseout", "onmouseover", "onmouseup", "onreset",
+ "onselect", "onsubmit", "onunload", "onload", "onclick", "onfocus",
+ "onblur", "FSCommand", "onAbort", "onActivate", "onAfterPrint",
+ "onAfterUpdate", "onBeforeActivate", "onBeforeCopy", "onBeforeCut",
+ "onBeforeDeactivate", "onBeforeEditFocus", "onBeforePaste",
+ "onBeforePrint", "onBeforeUnload", "onBegin", "onBlur", "onBounce",
+ "onCellChange", "onChange", "onClick", "onContextMenu", "onControlSelect",
+ "onCopy", "onCut", "onDataAvailible", "onDataSetChanged", "onDataSetComplete",
+ "onDblClick", "onDeactivate", "onDrag", "onDragEnd", "onDragLeave", "onDragEnter",
+ "onDragOver", "onDragDrop", "onDrop", "onEnd", "onError", "onErrorUpdate", "onExit",
+ "onFilterChange", "onFinish", "onFocus", "onFocusIn", "onFocusOut", "onHelp",
+ "onKeyDown", "onKeyPress", "onKeyUp", "onLayoutComplete", "onLoad", "onLoseCapture",
+ "onMediaComplete", "onMediaError", "onMouseDown", "onMouseEnter", "onMouseLeave",
+ "onMouseMove", "onMouseOut", "onMouseOver", "onMouseUp", "onMouseWheel", "onMove",
+ "onMoveEnd", "onMoveStart", "onOutOfSync", "onPaste", "onPause", "onProgress",
+ "onPropertyChange", "onReadyStateChange", "onRepeat", "onReset", "onResize",
+ "onResizeEnd", "onResizeStart", "onResume", "onReverse", "onRowEnter", "onRowExit",
+ "onRowDelete", "onRowInserted", "onScroll", "onSeek", "onSelect", "onSelectionChange",
+ "onSelectStart", "onStart", "onStop", "onSynchRestored", "onSubmit", "onTimeError",
+ "onTrackChange", "onUnload", "onURLFlip", "seekSegmentTime", "style", "height", "width"};
+
+ private boolean isBadAttr(String attrName) {
+ for (int i = 0; i < badAttributes.length; i++) {
+ if (badAttributes[i].toLowerCase().equals(attrName.toLowerCase())) {
+ return true;