[imp] html stripping in imp/lib/MIME/Viewer/html.php
Mathieu Legare
legare at uqtr.ca
Wed Dec 11 10:58:10 PST 2002
Hi,
using IMP 3.1 and horde 2.1
I noticed some kind of weird behavior (maybe not). When reading a
message with a text/html content included (displayed inline), if there
is a link like this :
http://foo.bar/description.php
it is not highlighted or clickable. I think it's because there is the
keyword 'script' in the URL. So to be sure, I changed this in
imp/lib/MIME/Viewer/html.php (line 128):
$malicious = array(
#$malicious = array('|<([^>]*)s\s*c\s*r\s*i\s*p\s*t|i',
'|<([^>]*)embed|i',
'|<([^>]*)meta|i',
'|<([^>]*)j\sa\sv\sa|i',
'|<([^>]*)object|i',
'|<([^>]*)iframe|i',
'|<(\s*)style|i');
And reloaded the message again and now the link is clickable. Of course
I put back the original code right after my test.
Is it a bug ? Because I thought the code should have caught only
text with '<' an '>' around the 'script' keyword and it is not the
case here.
Thanks and have a nice day,
--
Mathieu Legare, analyste en informatique (reseau/systeme/webmestre)
Service de soutien pedagogique et technologique
Universite du Quebec a Trois-Rivieres
Email : legare@uqtr.ca
More information about the imp
mailing list