[dev] [PATCH] CSS Code is displayed on top of HTML messages
Malte Wedel
ich at malte.de
Fri May 28 05:00:59 PDT 2004
Hello,
I found a little bug in imp/lib/MIME/Viewer/html.php (RELENG). The code that
trys to comment out style-tags runs after the code, that converts malicious
tags to "<cleaned_tag>", where the style-tag is included. I did not look into
HEAD, but I assume it is the same there.
This is my patch. It just removes the style-tag from the malicious tags:
--- html.php.orig Fri May 28 13:35:41 2004
+++ html.php Fri May 28 13:53:40 2004
@@ -101,8 +101,7 @@
'|<([^>]*)meta|i',
'|<([^>]*)j\sa\sv\sa|i',
'|<([^>]*)object|i',
- '|<([^>]*)iframe|i',
- '|<(\s*)style|i');
+ '|<([^>]*)iframe|i');
$data = preg_replace($malicious, '<cleaned_tag', $data);
/* Comment out style/link tags. */
Regards,
Malte
-------------- next part --------------
--- html.php.orig Fri May 28 13:35:41 2004
+++ html.php Fri May 28 13:53:40 2004
@@ -101,8 +101,7 @@
'|<([^>]*)meta|i',
'|<([^>]*)j\sa\sv\sa|i',
'|<([^>]*)object|i',
- '|<([^>]*)iframe|i',
- '|<(\s*)style|i');
+ '|<([^>]*)iframe|i');
$data = preg_replace($malicious, '<cleaned_tag', $data);
/* Comment out style/link tags. */
More information about the dev
mailing list