Consider 'background' attribute as unsafe
When loading a message, background attributes will be disabled if the user as chosen to not automatically load external images. Fixes #2437pull/17/head
parent
d51e1da57f
commit
d603a8672e
2
NEWS
2
NEWS
|
@ -17,7 +17,7 @@ Enhancements
|
|||
- format time in attendees invitation window according to the user's locale
|
||||
|
||||
Bug fixes
|
||||
-
|
||||
- don't load 'background' attribute (#2437)
|
||||
|
||||
2.1.1b (2013-12-04)
|
||||
-------------------
|
||||
|
|
|
@ -542,7 +542,8 @@ static NSData* _sanitizeContent(NSData *theData)
|
|||
else
|
||||
skipAttribute = YES;
|
||||
}
|
||||
else if (([name isEqualToString: @"data"]
|
||||
else if ([name isEqualToString: @"background"] ||
|
||||
([name isEqualToString: @"data"]
|
||||
|| [name isEqualToString: @"classid"])
|
||||
&& [lowerName isEqualToString: @"object"])
|
||||
{
|
||||
|
|
|
@ -1249,37 +1249,23 @@ function loadMessage(msguid) {
|
|||
return seenStateHasChanged;
|
||||
}
|
||||
|
||||
/**
|
||||
* Hide the "Load Images" button when there's no unsafe content
|
||||
*/
|
||||
function configureLoadImagesButton() {
|
||||
// We show/hide the "Load Images" button
|
||||
var loadImagesButton = $("loadImagesButton");
|
||||
var content = $("messageContent");
|
||||
var hiddenImgs = [];
|
||||
var imgs = content.select("IMG");
|
||||
$(imgs).each(function(img) {
|
||||
var unsafeSrc = img.getAttribute("unsafe-src");
|
||||
if (unsafeSrc) {
|
||||
hiddenImgs.push(img);
|
||||
}
|
||||
});
|
||||
content.hiddenImgs = hiddenImgs;
|
||||
|
||||
var hiddenObjects = [];
|
||||
var objects = content.select("OBJECT");
|
||||
$(objects).each(function(obj) {
|
||||
if (obj.getAttribute("unsafe-data")
|
||||
|| obj.getAttribute("unsafe-classid")) {
|
||||
hiddenObjects.push(obj);
|
||||
}
|
||||
});
|
||||
content.hiddenObjects = hiddenObjects;
|
||||
|
||||
if (typeof(loadImagesButton) == "undefined" ||
|
||||
loadImagesButton == null ) {
|
||||
return;
|
||||
}
|
||||
if ((hiddenImgs.length + hiddenObjects.length) == 0) {
|
||||
var content = $("messageContent");
|
||||
var unsafeElements = content.select('[unsafe-src], [unsafe-data], [unsafe-classid], [unsafe-background]');
|
||||
if (unsafeElements.length == 0) {
|
||||
loadImagesButton.setStyle({ display: 'none' });
|
||||
}
|
||||
else {
|
||||
content.hiddenElements = unsafeElements;
|
||||
}
|
||||
}
|
||||
|
||||
function configureSignatureFlagImage() {
|
||||
|
@ -1586,24 +1572,18 @@ function onMessageLoadImages(event) {
|
|||
|
||||
function loadRemoteImages() {
|
||||
var content = $("messageContent");
|
||||
$(content.hiddenImgs).each(function(img) {
|
||||
var unSafeSrc = img.getAttribute("unsafe-src");
|
||||
log ("unsafesrc: " + unSafeSrc);
|
||||
img.src = img.getAttribute("unsafe-src");
|
||||
if (content.hiddenElements) {
|
||||
$(content.hiddenElements).each(function(element) {
|
||||
['src', 'data', 'classid', 'background'].each(function(attr) {
|
||||
var unsafeAttr = element.readAttribute('unsafe-' + attr);
|
||||
if (unsafeAttr) {
|
||||
log ('unsafe ' + attr + ': ' + unsafeAttr);
|
||||
element.writeAttribute(attr, unsafeAttr);
|
||||
}
|
||||
});
|
||||
});
|
||||
content.hiddenImgs = null;
|
||||
$(content.hiddenObjects).each(function(obj) {
|
||||
var unSafeData = obj.getAttribute("unsafe-data");
|
||||
if (unSafeData) {
|
||||
obj.setAttribute("data", unSafeData);
|
||||
}
|
||||
var unSafeClassId = obj.getAttribute("unsafe-classid");
|
||||
if (unSafeClassId) {
|
||||
obj.setAttribute("classid", unSafeClassId);
|
||||
}
|
||||
});
|
||||
content.hiddenObjects = null;
|
||||
|
||||
content.hiddenElements = null;
|
||||
}
|
||||
var loadImagesButton = $("loadImagesButton");
|
||||
if (loadImagesButton)
|
||||
loadImagesButton.setStyle({ display: 'none' });
|
||||
|
@ -2831,8 +2811,6 @@ function getMenus() {
|
|||
"-", null,
|
||||
onMenuSharing ],
|
||||
addressMenu: [ newContactFromEmail, newEmailTo ],
|
||||
moveMailboxMenu: mailAccounts.collect(function (account) { return account.asCSSIdentifier() }),
|
||||
copyMailboxMenu: mailAccounts.collect(function (account) { return account.asCSSIdentifier() }),
|
||||
messageListMenu: [ onMenuOpenMessage, "-",
|
||||
onMenuReplyToSender,
|
||||
onMenuReplyToAll,
|
||||
|
@ -2872,6 +2850,12 @@ function getMenus() {
|
|||
setSearchCriteria ]
|
||||
};
|
||||
|
||||
|
||||
if (typeof mailAccounts != 'undefined') {
|
||||
menus['moveMailboxMenu'] = mailAccounts.collect(function (account) { return account.asCSSIdentifier() });
|
||||
menus['copyMailboxMenu'] = mailAccounts.collect(function (account) { return account.asCSSIdentifier() });
|
||||
}
|
||||
|
||||
var labelMenu = $("label-menu");
|
||||
if (labelMenu) {
|
||||
labelMenu.prepareVisibility = onLabelMenuPrepareVisibility;
|
||||
|
|
Loading…
Reference in New Issue