Fix for bug #2721
parent
49363cfe36
commit
619cb2c0ec
1
NEWS
1
NEWS
|
@ -20,6 +20,7 @@ Bug fixes
|
|||
- fixed wrong generation of weekly repetitive events with ActiveSync (#2654)
|
||||
- fixed incorrect XML data conversion with ActiveSync (#2695)
|
||||
- fixed display of events having a category with HTML entities (#2703)
|
||||
- fixed display of images in CSS background (#2437)
|
||||
|
||||
2.2.3 (2014-04-03)
|
||||
------------------
|
||||
|
|
|
@ -559,6 +559,13 @@ static NSData* _sanitizeContent(NSData *theData)
|
|||
&& ![value hasPrefix: @"mailto:"]
|
||||
&& ![value hasPrefix: @"#"]);
|
||||
}
|
||||
// Avoid: <div style="background:url('http://www.sogo.nu/fileadmin/sogo/logos/sogo.bts.png' ); width: 200px; height: 200px;" title="ssss">
|
||||
else if ([name isEqualToString: @"style"])
|
||||
{
|
||||
value = [_attributes valueAtIndex: count];
|
||||
if ([value rangeOfString: @"url" options: NSCaseInsensitiveSearch].location != NSNotFound)
|
||||
name = [NSString stringWithFormat: @"unsafe-%@", name];
|
||||
}
|
||||
else if (
|
||||
// Mouse Events
|
||||
[name isEqualToString: @"onclick"] ||
|
||||
|
@ -594,6 +601,7 @@ static NSData* _sanitizeContent(NSData *theData)
|
|||
}
|
||||
else
|
||||
value = [_attributes valueAtIndex: count];
|
||||
|
||||
if (!skipAttribute)
|
||||
[resultPart appendFormat: @" %@=\"%@\"",
|
||||
name, [value stringByReplacingString: @"\""
|
||||
|
@ -686,16 +694,16 @@ static NSData* _sanitizeContent(NSData *theData)
|
|||
[self _appendStyle: _chars length: _len];
|
||||
else if (inBody)
|
||||
{
|
||||
NSString *tmpString;
|
||||
NSString *s;
|
||||
|
||||
tmpString = [NSString stringWithCharacters: _chars length: _len];
|
||||
s = [NSString stringWithCharacters: _chars length: _len];
|
||||
|
||||
// HACK: This is to avoid appending the useless junk in the <html> tag
|
||||
// that Outlook adds. It seems to confuse the XML parser for
|
||||
// forwarded messages as we get this in the _body_ of the email
|
||||
// while we really aren't in it!
|
||||
if (![tmpString hasPrefix: @" xmlns:v=\"urn:schemas-microsoft-com:vml\""])
|
||||
[result appendString: [tmpString stringByEscapingHTMLString]];
|
||||
if (![s hasPrefix: @" xmlns:v=\"urn:schemas-microsoft-com:vml\""])
|
||||
[result appendString: [s stringByEscapingHTMLString]];
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -1260,7 +1260,7 @@ function configureLoadImagesButton() {
|
|||
return;
|
||||
}
|
||||
var content = $("messageContent");
|
||||
var unsafeElements = content.select('[unsafe-src], [unsafe-data], [unsafe-classid], [unsafe-background]');
|
||||
var unsafeElements = content.select('[unsafe-src], [unsafe-data], [unsafe-classid], [unsafe-background], [unsafe-style]');
|
||||
if (unsafeElements.length == 0) {
|
||||
loadImagesButton.setStyle({ display: 'none' });
|
||||
}
|
||||
|
@ -1560,7 +1560,7 @@ function loadRemoteImages() {
|
|||
var content = $("messageContent");
|
||||
if (content.hiddenElements) {
|
||||
$(content.hiddenElements).each(function(element) {
|
||||
['src', 'data', 'classid', 'background'].each(function(attr) {
|
||||
['src', 'data', 'classid', 'background', 'style'].each(function(attr) {
|
||||
var unsafeAttr = element.readAttribute('unsafe-' + attr);
|
||||
if (unsafeAttr) {
|
||||
log ('unsafe ' + attr + ': ' + unsafeAttr);
|
||||
|
|
Loading…
Reference in New Issue