MC-41412: Improve inline translation.

StasKozar · StasKozar · commit 68dd9947e0fc · 2021-03-31T16:02:33.000+03:00
diff --git a/lib/internal/Magento/Framework/Filter/Input/MaliciousCode.php b/lib/internal/Magento/Framework/Filter/Input/MaliciousCode.php
@@ -30,7 +30,9 @@ class MaliciousCode implements \Zend_Filter_Interface
         '/(ondblclick|onclick|onkeydown|onkeypress|onkeyup|onmousedown|onmousemove|onmouseout|onmouseover|onmouseup|'.
         'onload|onunload|onerror)=[^<]*(?=\/*\>)/Uis',
         //tags
-        '/<\/?\??(script|meta|link|frame|iframe|object|php).*>/Uis',
+        '/<\/?\??(script|meta|link|frame|iframe|object).*>/Uis',
+        //scripts
+        '/<\/?\??(php).*>/Uis',
         //base64 usage
         '/src=[^<]*base64[^<]*(?=\/*\>)/Uis',
     ];
diff --git a/lib/internal/Magento/Framework/Filter/Test/Unit/Input/MaliciousCodeTest.php b/lib/internal/Magento/Framework/Filter/Test/Unit/Input/MaliciousCodeTest.php
@@ -112,8 +112,11 @@ public function filterDataProvider()
             'Nested malicious tags' => [
                 '<scri<script>pt>alert(1);</scri<script>pt>',
                 'alert(1);',
+            ],
+            'Nested scripts' => [
                 '<?php echo "test"?>',
-            ]
+                '',
+            ],
         ];
     }
 
