the-djmaze/snappymail
1
1
Fork 0
mirror of https://github.com/the-djmaze/snappymail.git synced 2024-09-21 08:05:56 +08:00
Code Issues Packages Projects Releases Wiki Activity

Prepare \MailSo\Base\HtmlUtils::ClearHtml for improvements

Browse source
This commit is contained in:
djmaze 2020-12-18 11:11:54 +01:00
parent 9f9685b4eb
commit 1cf7344ef5
2 changed files with 10 additions and 10 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

14
snappymail/v/0.0.0/app/libraries/MailSo/Base/HtmlUtils.php
View file

@ -680,11 +680,11 @@ abstract class HtmlUtils
if ($sAttrName && $oAttr)
{
$sAttrNameLower = \trim(\strtolower($sAttrName));
if ($aHtmlAllowedAttributes && !\in_array($sAttrNameLower, $aHtmlAllowedAttributes))
{
$sAttrsForRemove[] = $sAttrName;
}
else if ('on' === \substr($sAttrNameLower, 0, 2) || in_array($sAttrNameLower, array(
if (($aHtmlAllowedAttributes && !\in_array($sAttrNameLower, $aHtmlAllowedAttributes))
|| 'on' === \substr($sAttrNameLower, 0, 2)
// || 'data-' === \substr($sAttrNameLower, 0, 5)
// || \strpos($sAttrNameLower, ':')
|| \in_array($sAttrNameLower, array(
'id', 'class', 'contenteditable', 'designmode', 'formaction', 'manifest', 'action',
'data-bind', 'data-reactid', 'xmlns', 'srcset', 'data-x-skip-style',
'fscommand', 'seeksegmenttime'
@ -756,8 +756,8 @@ abstract class HtmlUtils
$sH = $oElement->hasAttribute('height')
? \trim($oElement->getAttribute('height')) : '';
// $sW = $oElement->hasAttribute('width')
// ? \trim($oElement->getAttribute('width')) : '';
// $sW = $oElement->hasAttribute('width')
// ? \trim($oElement->getAttribute('width')) : '';
$sStyles = $oElement->hasAttribute('style')
? \preg_replace('/[\s]+/', '', \trim(\trim(\trim($oElement->getAttribute('style')), ';'))) : '';

6
snappymail/v/0.0.0/app/libraries/RainLoop/Api.php
View file

@ -112,8 +112,6 @@ class Api
if (static::Config()->Get('labs', 'strict_html_parser', true))
{
\MailSo\Config::$HtmlStrictAllowedAttributes = array(
// rainloop
'data-wrp',
// defaults
'name',
'dir', 'lang', 'style', 'title',
@ -148,8 +146,10 @@ class Api
'selected', 'label',
// table
'cols', 'rows', 'frame', 'rules', 'summary', 'cellpadding', 'cellspacing',
// th
'abbr', 'scope',
// td
'abbr', 'axis', 'colspan', 'rowspan', 'headers', 'nowrap'
'axis', 'colspan', 'rowspan', 'headers', 'nowrap'
);
}
}