Fwd: Re: [dev] [PATCH] CSS Code is displayed on top of HTML messages
Chuck Hagenbuch
chuck at horde.org
Fri May 28 09:36:29 PDT 2004
----- Forwarded message from ich at malte.de -----
Date: Fri, 28 May 2004 18:09:39 +0200
From: Malte Wedel <ich at malte.de>
Reply-To: Malte Wedel <ich at malte.de>
Subject: Re: [dev] [PATCH] CSS Code is displayed on top of HTML messages
To: Chuck Hagenbuch <chuck at horde.org>
Hi Chuck,
because there is no style-tag any more, that can be found by the regular
expression that tries to comment out the style content, when it is converted to
"<cleaned_tag>" first.
If you want to display the CSS-code in the HTML mail as plain text (which is not
very useful in my opinion), than you can delete the code, that tries to comment
out the style tag.
If you do not want to remove the style-tag from the malicious tags, you may also
put the "Comment out style/link tags."-section before the "Malicious
Tags"-section.
Regards,
Malte
Quoting Chuck Hagenbuch <chuck at horde.org>:
> Quoting Malte Wedel <ich at malte.de>:
>
> > I found a little bug in imp/lib/MIME/Viewer/html.php (RELENG). The code
> that
> > trys to comment out style-tags runs after the code, that converts
> malicious
> > tags to "<cleaned_tag>", where the style-tag is included. I did not look
> into
> > HEAD, but I assume it is the same there.
> >
> > This is my patch. It just removes the style-tag from the malicious tags:
>
> Why do you assume this is an error?
>
> -chuck
>
> --
> "Regard my poor demoralized mule!" - Juan Valdez
>
> --
> Horde developers mailing list - Join the hunt: http://horde.org/bounties/
> Frequently Asked Questions: http://horde.org/faq/
> To unsubscribe, mail: dev-unsubscribe at lists.horde.org
>
--
"MySql ist doch eher ein Flatfile auf Drogen als ne richtige Datenbank."
----- End forwarded message -----
-chuck
--
"Regard my poor demoralized mule!" - Juan Valdez
More information about the dev
mailing list