diff --git a/NEWS b/NEWS
index 629313fcd..1157416cb 100644
--- a/NEWS
+++ b/NEWS
@@ -20,6 +20,7 @@ Bug fixes
- fixed wrong generation of weekly repetitive events with ActiveSync (#2654)
- fixed incorrect XML data conversion with ActiveSync (#2695)
- fixed display of events having a category with HTML entities (#2703)
+ - fixed display of images in CSS background (#2437)
2.2.3 (2014-04-03)
------------------
diff --git a/UI/MailPartViewers/UIxMailPartHTMLViewer.m b/UI/MailPartViewers/UIxMailPartHTMLViewer.m
index e9e45fbbc..df981a470 100644
--- a/UI/MailPartViewers/UIxMailPartHTMLViewer.m
+++ b/UI/MailPartViewers/UIxMailPartHTMLViewer.m
@@ -559,6 +559,13 @@ static NSData* _sanitizeContent(NSData *theData)
&& ![value hasPrefix: @"mailto:"]
&& ![value hasPrefix: @"#"]);
}
+ // Avoid:
+ else if ([name isEqualToString: @"style"])
+ {
+ value = [_attributes valueAtIndex: count];
+ if ([value rangeOfString: @"url" options: NSCaseInsensitiveSearch].location != NSNotFound)
+ name = [NSString stringWithFormat: @"unsafe-%@", name];
+ }
else if (
// Mouse Events
[name isEqualToString: @"onclick"] ||
@@ -594,12 +601,13 @@ static NSData* _sanitizeContent(NSData *theData)
}
else
value = [_attributes valueAtIndex: count];
+
if (!skipAttribute)
[resultPart appendFormat: @" %@=\"%@\"",
name, [value stringByReplacingString: @"\""
withString: @"\\\""]];
}
-
+
if ([VoidTags containsObject: lowerName])
[resultPart appendString: @"/"];
[resultPart appendString: @">"];
@@ -686,16 +694,16 @@ static NSData* _sanitizeContent(NSData *theData)
[self _appendStyle: _chars length: _len];
else if (inBody)
{
- NSString *tmpString;
+ NSString *s;
- tmpString = [NSString stringWithCharacters: _chars length: _len];
+ s = [NSString stringWithCharacters: _chars length: _len];
// HACK: This is to avoid appending the useless junk in the tag
// that Outlook adds. It seems to confuse the XML parser for
// forwarded messages as we get this in the _body_ of the email
// while we really aren't in it!
- if (![tmpString hasPrefix: @" xmlns:v=\"urn:schemas-microsoft-com:vml\""])
- [result appendString: [tmpString stringByEscapingHTMLString]];
+ if (![s hasPrefix: @" xmlns:v=\"urn:schemas-microsoft-com:vml\""])
+ [result appendString: [s stringByEscapingHTMLString]];
}
}
}
diff --git a/UI/WebServerResources/MailerUI.js b/UI/WebServerResources/MailerUI.js
index d418b2f99..a8519a1f5 100644
--- a/UI/WebServerResources/MailerUI.js
+++ b/UI/WebServerResources/MailerUI.js
@@ -1260,7 +1260,7 @@ function configureLoadImagesButton() {
return;
}
var content = $("messageContent");
- var unsafeElements = content.select('[unsafe-src], [unsafe-data], [unsafe-classid], [unsafe-background]');
+ var unsafeElements = content.select('[unsafe-src], [unsafe-data], [unsafe-classid], [unsafe-background], [unsafe-style]');
if (unsafeElements.length == 0) {
loadImagesButton.setStyle({ display: 'none' });
}
@@ -1560,7 +1560,7 @@ function loadRemoteImages() {
var content = $("messageContent");
if (content.hiddenElements) {
$(content.hiddenElements).each(function(element) {
- ['src', 'data', 'classid', 'background'].each(function(attr) {
+ ['src', 'data', 'classid', 'background', 'style'].each(function(attr) {
var unsafeAttr = element.readAttribute('unsafe-' + attr);
if (unsafeAttr) {
log ('unsafe ' + attr + ': ' + unsafeAttr);