Context Navigation

r1518702	r36c236e
34	34
35	35	public static $common_attrib = array('id','class','style','title','align');
36		public static $containers = array('div','span','p','h1','h2','h3','form','textarea','table','tr','th','td');
	36	public static $containers = array('div','span','p','h1','h2','h3','form','textarea','table','tr','th','td','style');
37	37	public static $lc_tags = true;
38	38

program/steps/mail/func.inc

-                      r109314c
+                      r36c236e
+    }
-    // allow CSS styles, will be sanitized by rcmail_washtml_callback()
-    if ($p['safe']) {
-      $wash_opts['html_elements'][] = 'style';
+    }
     $washer = new washtml($wash_opts);
     $washer->add_callback('form', 'rcmail_washtml_callback');
+    $washer->add_callback('style', 'rcmail_washtml_callback');
+    if ($p['safe']) {  // allow CSS styles, will be sanitized by rcmail_washtml_callback()
+      $washer->add_callback('style', 'rcmail_washtml_callback');
+    }
     $body = $washer->wash($html);
     $REMOTE_OBJECTS = $washer->extlinks;
 …
     case 'style':
       // decode all escaped entities and reduce to ascii strings
       $stripped = preg_replace('/[^a-zA-Z\(:]/', '', rcmail_xss_entitiy_decode($source));
+      $stripped = preg_replace('/[^a-zA-Z\(:]/', '', rcmail_xss_entitiy_decode($content));
       // now check for evli strings like expression, behavior or url()
       if (!preg_match('/expression|behavior|url\(|import/', $css)) {
+      // now check for evil strings like expression, behavior or url()
+      if (!preg_match('/expression|behavior|url\(|import/', $stripped)) {
         $out = html::tag('style', array('type' => 'text/css'), $content);
         break;

Note: See TracChangeset for help on using the changeset viewer.