the-djmaze/snappymail
1
1
Fork 0
mirror of https://github.com/the-djmaze/snappymail.git synced 2025-10-01 09:24:36 +08:00
Code Issues Projects Releases Packages Wiki Activity

Security fix

Browse source
This commit is contained in:
RainLoop Team 2014-02-13 13:34:31 +04:00 committed by RayMan
parent 85ddad1f1b
commit c9e394c585
1 changed files with 11 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
rainloop/v/0.0.0/app/libraries/MailSo/Base/HtmlUtils.php
View file

@ -507,6 +507,16 @@ class HtmlUtils
@$oElement->removeAttribute('data-bind');
@$oElement->removeAttribute('xmlns');
if ($oElement->hasAttribute('href'))
{
$sHref = \trim($oElement->getAttribute('href'));
if (!\preg_match('/^(http[s]?|ftp|skype|mailto):/i', $sHref))
{
$oElement->setAttribute('data-x-broken-href', $sHref);
$oElement->setAttribute('href', 'javascript:false');
}
}
if ($oElement->hasAttribute('src'))
{
$sSrc = \trim($oElement->getAttribute('src'));