From 02e98663981db49a59b0be2289d0fca8b8228394 Mon Sep 17 00:00:00 2001
From: Shannon <sdeminick@gmail.com>
Date: Wed, 9 Sep 2015 21:41:06 +0200
Subject: [PATCH] Fixes regression issue with xss

---
 src/Umbraco.Core/StringExtensions.cs                         | 5 +++--
 .../umbraco/settings/stylesheet/editstylesheet.aspx.cs       | 2 +-
 2 files changed, 4 insertions(+), 3 deletions(-)

diff --git a/src/Umbraco.Core/StringExtensions.cs b/src/Umbraco.Core/StringExtensions.cs
index 9ee33a286b..be5820cdf8 100644
--- a/src/Umbraco.Core/StringExtensions.cs
+++ b/src/Umbraco.Core/StringExtensions.cs
@@ -170,13 +170,14 @@ namespace Umbraco.Core
         /// Cleans string to aid in preventing xss attacks.
         /// </summary>
         /// <param name="input"></param>
+        /// <param name="ignoreFromClean"></param>
         /// <returns></returns>
-        internal static string CleanForXss(this string input)
+        internal static string CleanForXss(this string input, params char[] ignoreFromClean)
         {
             //remove any html
             input = input.StripHtml();
             //strip out any potential chars involved with XSS
-            return input.ExceptChars(new HashSet<char>("*?(){}[];:%<>/\\|&'\"".ToCharArray()));
+            return input.ExceptChars(new HashSet<char>("*?(){}[];:%<>/\\|&'\"".ToCharArray().Except(ignoreFromClean)));
         }
 
         public static string ExceptChars(this string str, HashSet<char> toExclude)
diff --git a/src/Umbraco.Web/umbraco.presentation/umbraco/settings/stylesheet/editstylesheet.aspx.cs b/src/Umbraco.Web/umbraco.presentation/umbraco/settings/stylesheet/editstylesheet.aspx.cs
index c0b90bd29a..ce19c7991c 100644
--- a/src/Umbraco.Web/umbraco.presentation/umbraco/settings/stylesheet/editstylesheet.aspx.cs
+++ b/src/Umbraco.Web/umbraco.presentation/umbraco/settings/stylesheet/editstylesheet.aspx.cs
@@ -78,7 +78,7 @@ namespace umbraco.cms.presentation.settings.stylesheet
             ScriptManager.GetCurrent(Page).Services.Add(new ServiceReference("../webservices/legacyAjaxCalls.asmx"));
 
             //Clean the name field for xss
-            NameTxt.Text = NameTxt.Text.CleanForXss();
+            NameTxt.Text = NameTxt.Text.CleanForXss(ignoreFromClean:'\\');
         }
 
         /// <summary>