LupusNobilis
/
sogo
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Fix for bug #2721

pull/37/merge
Ludovic Marcotte 2014-04-23 09:22:20 -04:00
parent 49363cfe36
commit 619cb2c0ec
3 changed files with 16 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
NEWS
View File

@ -20,6 +20,7 @@ Bug fixes
- fixed wrong generation of weekly repetitive events with ActiveSync (#2654)
- fixed incorrect XML data conversion with ActiveSync (#2695)
- fixed display of events having a category with HTML entities (#2703)
- fixed display of images in CSS background (#2437)
2.2.3 (2014-04-03)
------------------

18
UI/MailPartViewers/UIxMailPartHTMLViewer.m
View File

@ -559,6 +559,13 @@ static NSData* _sanitizeContent(NSData *theData)
&& ![value hasPrefix: @"mailto:"]
&& ![value hasPrefix: @"#"]);
}
// Avoid: <div style="background:url('http://www.sogo.nu/fileadmin/sogo/logos/sogo.bts.png' ); width: 200px; height: 200px;" title="ssss">
else if ([name isEqualToString: @"style"])
{
value = [_attributes valueAtIndex: count];
if ([value rangeOfString: @"url" options: NSCaseInsensitiveSearch].location != NSNotFound)
name = [NSString stringWithFormat: @"unsafe-%@", name];
}
else if (
// Mouse Events
[name isEqualToString: @"onclick"] ||
@ -594,12 +601,13 @@ static NSData* _sanitizeContent(NSData *theData)
}
else
value = [_attributes valueAtIndex: count];
if (!skipAttribute)
[resultPart appendFormat: @" %@=\"%@\"",
name, [value stringByReplacingString: @"\""
withString: @"\\\""]];
}
if ([VoidTags containsObject: lowerName])
[resultPart appendString: @"/"];
[resultPart appendString: @">"];
@ -686,16 +694,16 @@ static NSData* _sanitizeContent(NSData *theData)
[self _appendStyle: _chars length: _len];
else if (inBody)
{
NSString *tmpString;
NSString *s;
tmpString = [NSString stringWithCharacters: _chars length: _len];
s = [NSString stringWithCharacters: _chars length: _len];
// HACK: This is to avoid appending the useless junk in the <html> tag
// that Outlook adds. It seems to confuse the XML parser for
// forwarded messages as we get this in the _body_ of the email
// while we really aren't in it!
if (![tmpString hasPrefix: @" xmlns:v=\"urn:schemas-microsoft-com:vml\""])
[result appendString: [tmpString stringByEscapingHTMLString]];
if (![s hasPrefix: @" xmlns:v=\"urn:schemas-microsoft-com:vml\""])
[result appendString: [s stringByEscapingHTMLString]];
}
}
}

4
UI/WebServerResources/MailerUI.js
View File

@ -1260,7 +1260,7 @@ function configureLoadImagesButton() {
return;
}
var content = $("messageContent");
var unsafeElements = content.select('[unsafe-src], [unsafe-data], [unsafe-classid], [unsafe-background]');
var unsafeElements = content.select('[unsafe-src], [unsafe-data], [unsafe-classid], [unsafe-background], [unsafe-style]');
if (unsafeElements.length == 0) {
loadImagesButton.setStyle({ display: 'none' });
}
@ -1560,7 +1560,7 @@ function loadRemoteImages() {
var content = $("messageContent");
if (content.hiddenElements) {
$(content.hiddenElements).each(function(element) {
['src', 'data', 'classid', 'background'].each(function(attr) {
['src', 'data', 'classid', 'background', 'style'].each(function(attr) {
var unsafeAttr = element.readAttribute('unsafe-' + attr);
if (unsafeAttr) {
log ('unsafe ' + attr + ': ' + unsafeAttr);