From 619cb2c0ec310514c80e976dcb2cf89c25822f46 Mon Sep 17 00:00:00 2001 From: Ludovic Marcotte Date: Wed, 23 Apr 2014 09:22:20 -0400 Subject: [PATCH] Fix for bug #2721 --- NEWS | 1 + UI/MailPartViewers/UIxMailPartHTMLViewer.m | 18 +++++++++++++----- UI/WebServerResources/MailerUI.js | 4 ++-- 3 files changed, 16 insertions(+), 7 deletions(-) diff --git a/NEWS b/NEWS index 629313fcd..1157416cb 100644 --- a/NEWS +++ b/NEWS @@ -20,6 +20,7 @@ Bug fixes - fixed wrong generation of weekly repetitive events with ActiveSync (#2654) - fixed incorrect XML data conversion with ActiveSync (#2695) - fixed display of events having a category with HTML entities (#2703) + - fixed display of images in CSS background (#2437) 2.2.3 (2014-04-03) ------------------ diff --git a/UI/MailPartViewers/UIxMailPartHTMLViewer.m b/UI/MailPartViewers/UIxMailPartHTMLViewer.m index e9e45fbbc..df981a470 100644 --- a/UI/MailPartViewers/UIxMailPartHTMLViewer.m +++ b/UI/MailPartViewers/UIxMailPartHTMLViewer.m @@ -559,6 +559,13 @@ static NSData* _sanitizeContent(NSData *theData) && ![value hasPrefix: @"mailto:"] && ![value hasPrefix: @"#"]); } + // Avoid:
+ else if ([name isEqualToString: @"style"]) + { + value = [_attributes valueAtIndex: count]; + if ([value rangeOfString: @"url" options: NSCaseInsensitiveSearch].location != NSNotFound) + name = [NSString stringWithFormat: @"unsafe-%@", name]; + } else if ( // Mouse Events [name isEqualToString: @"onclick"] || @@ -594,12 +601,13 @@ static NSData* _sanitizeContent(NSData *theData) } else value = [_attributes valueAtIndex: count]; + if (!skipAttribute) [resultPart appendFormat: @" %@=\"%@\"", name, [value stringByReplacingString: @"\"" withString: @"\\\""]]; } - + if ([VoidTags containsObject: lowerName]) [resultPart appendString: @"/"]; [resultPart appendString: @">"]; @@ -686,16 +694,16 @@ static NSData* _sanitizeContent(NSData *theData) [self _appendStyle: _chars length: _len]; else if (inBody) { - NSString *tmpString; + NSString *s; - tmpString = [NSString stringWithCharacters: _chars length: _len]; + s = [NSString stringWithCharacters: _chars length: _len]; // HACK: This is to avoid appending the useless junk in the tag // that Outlook adds. It seems to confuse the XML parser for // forwarded messages as we get this in the _body_ of the email // while we really aren't in it! - if (![tmpString hasPrefix: @" xmlns:v=\"urn:schemas-microsoft-com:vml\""]) - [result appendString: [tmpString stringByEscapingHTMLString]]; + if (![s hasPrefix: @" xmlns:v=\"urn:schemas-microsoft-com:vml\""]) + [result appendString: [s stringByEscapingHTMLString]]; } } } diff --git a/UI/WebServerResources/MailerUI.js b/UI/WebServerResources/MailerUI.js index d418b2f99..a8519a1f5 100644 --- a/UI/WebServerResources/MailerUI.js +++ b/UI/WebServerResources/MailerUI.js @@ -1260,7 +1260,7 @@ function configureLoadImagesButton() { return; } var content = $("messageContent"); - var unsafeElements = content.select('[unsafe-src], [unsafe-data], [unsafe-classid], [unsafe-background]'); + var unsafeElements = content.select('[unsafe-src], [unsafe-data], [unsafe-classid], [unsafe-background], [unsafe-style]'); if (unsafeElements.length == 0) { loadImagesButton.setStyle({ display: 'none' }); } @@ -1560,7 +1560,7 @@ function loadRemoteImages() { var content = $("messageContent"); if (content.hiddenElements) { $(content.hiddenElements).each(function(element) { - ['src', 'data', 'classid', 'background'].each(function(attr) { + ['src', 'data', 'classid', 'background', 'style'].each(function(attr) { var unsafeAttr = element.readAttribute('unsafe-' + attr); if (unsafeAttr) { log ('unsafe ' + attr + ': ' + unsafeAttr);