MC-41412: Improve inline translation.

StasKozar · StasKozar · commit 623d9a2c70e9 · 2021-04-06T11:21:37.000+03:00
diff --git a/lib/internal/Magento/Framework/Filter/Input/MaliciousCode.php b/lib/internal/Magento/Framework/Filter/Input/MaliciousCode.php
@@ -30,9 +30,9 @@ class MaliciousCode implements \Zend_Filter_Interface
         '/(ondblclick|onclick|onkeydown|onkeypress|onkeyup|onmousedown|onmousemove|onmouseout|onmouseover|onmouseup|'.
         'onload|onunload|onerror)=[^<]*(?=\/*\>)/Uis',
         //tags
-        '/<\/?\??(script|meta|link|frame|iframe|object).*>/Uis',
+        '/<\/?(script|meta|link|frame|iframe|object).*>/Uis',
         //scripts
-        '/<\/?\??(php).*>/Uis',
+        '/<\?{1}\s*?(php|=).*>/Uis',
         //base64 usage
         '/src=[^<]*base64[^<]*(?=\/*\>)/Uis',
     ];
diff --git a/lib/internal/Magento/Framework/Filter/Test/Unit/Input/MaliciousCodeTest.php b/lib/internal/Magento/Framework/Filter/Test/Unit/Input/MaliciousCodeTest.php
@@ -114,7 +114,9 @@ public function filterDataProvider()
                 'alert(1);',
             ],
             'Nested scripts' => [
-                '<?php echo "test"?>',
+                '<?php echo "test" ?>',
+                '',
+                '<?= "test" ?>',
                 '',
             ],
         ];
