Consider 'background' attribute as unsafe

When loading a message, background attributes will be disabled if the user as chosen to not automatically load external images. Fixes #2437
2014-01-09 09:13:11 -05:00 · 2014-01-09 09:13:11 -05:00 · d603a8672e
parent d51e1da57f
commit d603a8672e
3 changed files with 29 additions and 44 deletions
--- a/2
+++ b/2
@ -17,7 +17,7 @@ Enhancements
 - format time in attendees invitation window according to the user's locale

 Bug fixes
- - 
+ - don't load 'background' attribute (#2437)

 2.1.1b (2013-12-04)
 -------------------
--- a/UI/MailPartViewers/UIxMailPartHTMLViewer.m
+++ b/UI/MailPartViewers/UIxMailPartHTMLViewer.m
@ -542,7 +542,8 @@ static NSData* _sanitizeContent(NSData *theData)
                  else
                    skipAttribute = YES;
                }
-              else if (([name isEqualToString: @"data"]
+              else if ([name isEqualToString: @"background"] ||
+                       ([name isEqualToString: @"data"]
                        || [name isEqualToString: @"classid"])
                       && [lowerName isEqualToString: @"object"])
                {
--- a/UI/WebServerResources/MailerUI.js
+++ b/UI/WebServerResources/MailerUI.js
@ -1249,37 +1249,23 @@ function loadMessage(msguid) {
    return seenStateHasChanged;
 }

+/**
+ * Hide the "Load Images" button when there's no unsafe content
+*/
 function configureLoadImagesButton() {
-    // We show/hide the "Load Images" button
    var loadImagesButton = $("loadImagesButton");
-    var content = $("messageContent");
-    var hiddenImgs = [];
-    var imgs = content.select("IMG");
-    $(imgs).each(function(img) {
-            var unsafeSrc = img.getAttribute("unsafe-src");
-            if (unsafeSrc) {
-                hiddenImgs.push(img);
-            }
-        });
-    content.hiddenImgs = hiddenImgs;
-
-    var hiddenObjects = [];
-    var objects = content.select("OBJECT");
-    $(objects).each(function(obj) {
-            if (obj.getAttribute("unsafe-data")
-                || obj.getAttribute("unsafe-classid")) {
-                hiddenObjects.push(obj);
-            }
-        });
-    content.hiddenObjects = hiddenObjects;
-
    if (typeof(loadImagesButton) == "undefined" ||
        loadImagesButton == null ) {
        return;
    }
-    if ((hiddenImgs.length + hiddenObjects.length) == 0) {
+    var content = $("messageContent");
+    var unsafeElements = content.select('[unsafe-src], [unsafe-data], [unsafe-classid], [unsafe-background]');
+    if (unsafeElements.length == 0) {
        loadImagesButton.setStyle({ display: 'none' });
    }
+    else {
+        content.hiddenElements = unsafeElements;
+    }
 }

 function configureSignatureFlagImage() {
@ -1586,24 +1572,18 @@ function onMessageLoadImages(event) {

 function loadRemoteImages() {
    var content = $("messageContent");
-    $(content.hiddenImgs).each(function(img) {
-            var unSafeSrc = img.getAttribute("unsafe-src");
-            log ("unsafesrc: " + unSafeSrc);
-            img.src = img.getAttribute("unsafe-src");
+    if (content.hiddenElements) {
+        $(content.hiddenElements).each(function(element) {
+            ['src', 'data', 'classid', 'background'].each(function(attr) {
+                var unsafeAttr = element.readAttribute('unsafe-' + attr);
+                if (unsafeAttr) {
+                    log ('unsafe ' +  attr + ': ' + unsafeAttr);
+                    element.writeAttribute(attr, unsafeAttr);
+                }
+            });
        });
-    content.hiddenImgs = null;
-    $(content.hiddenObjects).each(function(obj) {
-            var unSafeData = obj.getAttribute("unsafe-data");
-            if (unSafeData) {
-                obj.setAttribute("data", unSafeData);
-            }
-            var unSafeClassId = obj.getAttribute("unsafe-classid");
-            if (unSafeClassId) {
-                obj.setAttribute("classid", unSafeClassId);
-            }
-        });
-    content.hiddenObjects = null;
-
+        content.hiddenElements = null;
+    }
    var loadImagesButton = $("loadImagesButton");
    if (loadImagesButton)
        loadImagesButton.setStyle({ display: 'none' });
@ -2831,8 +2811,6 @@ function getMenus() {
                           "-", null,
                           onMenuSharing ],
        addressMenu: [ newContactFromEmail, newEmailTo ],
-        moveMailboxMenu: mailAccounts.collect(function (account) { return account.asCSSIdentifier() }),
-        copyMailboxMenu: mailAccounts.collect(function (account) { return account.asCSSIdentifier() }),
        messageListMenu: [ onMenuOpenMessage, "-",
                           onMenuReplyToSender,
                           onMenuReplyToAll,
@ -2872,6 +2850,12 @@ function getMenus() {
                      setSearchCriteria ]
    };

+
+    if (typeof mailAccounts != 'undefined') {
+        menus['moveMailboxMenu'] = mailAccounts.collect(function (account) { return account.asCSSIdentifier() });
+        menus['copyMailboxMenu'] = mailAccounts.collect(function (account) { return account.asCSSIdentifier() });
+    }
+
    var labelMenu = $("label-menu");
    if (labelMenu) {
        labelMenu.prepareVisibility = onLabelMenuPrepareVisibility;