LupusNobilis
/
sogo
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

fix(mail(js)): avoid using the DOM when sanitizing incoming html 

Fixes #5369
feature/ms-tnef
Francis Lachapelle 2021-08-02 17:33:45 -04:00
parent 54dff23682
commit 8947f29c09
1 changed files with 10 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
UI/WebServerResources/js/Mailer/Message.service.js
View File

@ -737,13 +737,16 @@
data.encrypt = true;
}
if (data.isHTML) {
// Sanitize HTML replies to properly display quoted content in CKEditor
var html = angular.element('<div>' + data.text + '</div>');
html.find('meta').remove();
html.find('link').remove();
html.find('base').remove();
html.find('title').remove();
data.text = html.html();
// Sanitize HTML replies to properly display quoted content in CKEditor.
// Don't use the DOM to avoid triggering any event.
var html = data.text;
html = html.replace(/<\/?html[^>]*>/g, '');
html = html.replace(/<\/?body[^>]*>/g, '');
html = html.replace(/<meta[^>]*>.*<\/meta>/g, '');
html = html.replace(/<link[^>]*>.*<\/link>/g, '');
html = html.replace(/<base[^>]*>.*<\/base>/g, '');
html = html.replace(/<title[^>]*>.*<\/title>/g, '');
data.text = html;
}
angular.extend(message.editable, data);