Fwd: [dev] [PATCH] CSS Code is displayed on top of HTML messages
Malte Wedel
ich at malte.de
Mon May 31 05:26:02 PDT 2004
Hello again,
I looked into the HEAD-revision, and there the code is already changed,
exactly the way I described. In RELENG the problem still exists. Please
someone take a short moment of time and change this. I can understand,
that you don't see this topic on high priority, but for end-users this
is really annoying.
Thanks,
Malte
Begin forwarded message:
> From: Malte Wedel <ich at malte.de>
> Date: Fr Mai 28, 2004 2:00:59 Uhr Europe/Berlin
> To: dev at lists.horde.org
> Subject: [dev] [PATCH] CSS Code is displayed on top of HTML messages
>
> Hello,
>
> I found a little bug in imp/lib/MIME/Viewer/html.php (RELENG). The
> code that
> trys to comment out style-tags runs after the code, that converts
> malicious
> tags to "<cleaned_tag>", where the style-tag is included. I did not
> look into
> HEAD, but I assume it is the same there.
>
> This is my patch. It just removes the style-tag from the malicious
> tags:
>
> --- html.php.orig Fri May 28 13:35:41 2004
> +++ html.php Fri May 28 13:53:40 2004
> @@ -101,8 +101,7 @@
> '|<([^>]*)meta|i',
> '|<([^>]*)j\sa\sv\sa|i',
> '|<([^>]*)object|i',
> - '|<([^>]*)iframe|i',
> - '|<(\s*)style|i');
> + '|<([^>]*)iframe|i');
> $data = preg_replace($malicious, '<cleaned_tag', $data);
>
> /* Comment out style/link tags. */
>
> Regards,
> Malte
-------------- next part --------------
A non-text attachment was scrubbed...
Name: html.php.patch
Type: application/text
Size: 528 bytes
Desc: not available
Url : http://lists.horde.org/archives/dev/attachments/20040531/6a4b5ac8/html.php.bin
-------------- next part --------------
>
> --
> Horde developers mailing list - Join the hunt:
> http://horde.org/bounties/
> Frequently Asked Questions: http://horde.org/faq/
> To unsubscribe, mail: dev-unsubscribe at lists.horde.org
More information about the dev
mailing list