Changeset 4461 in subversion
- Timestamp:
- Jan 28, 2011 10:19:38 AM (2 years ago)
- Location:
- trunk/roundcubemail/program
- Files:
-
- 2 edited
-
include/main.inc (modified) (1 diff)
-
steps/mail/func.inc (modified) (1 diff)
Legend:
- Unmodified
- Added
- Removed
-
trunk/roundcubemail/program/include/main.inc
r4452 r4461 873 873 874 874 // ignore the whole block if evil styles are detected 875 $stripped = preg_replace('/[^a-z\(: ]/', '', rcmail_xss_entity_decode($source));876 if (preg_match('/expression|behavior|url\(|import /', $stripped))875 $stripped = preg_replace('/[^a-z\(:;]/', '', rcmail_xss_entity_decode($source)); 876 if (preg_match('/expression|behavior|url\(|import[^a]/', $stripped)) 877 877 return '/* evil! */'; 878 878 -
trunk/roundcubemail/program/steps/mail/func.inc
r4455 r4461 830 830 case 'style': 831 831 // decode all escaped entities and reduce to ascii strings 832 $stripped = preg_replace('/[^a-zA-Z\(: ]/', '', rcmail_xss_entity_decode($content));832 $stripped = preg_replace('/[^a-zA-Z\(:;]/', '', rcmail_xss_entity_decode($content)); 833 833 834 834 // now check for evil strings like expression, behavior or url() 835 if (!preg_match('/expression|behavior|url\(|import /', $stripped)) {835 if (!preg_match('/expression|behavior|url\(|import[^a]/', $stripped)) { 836 836 $out = html::tag('style', array('type' => 'text/css'), $content); 837 837 break;
Note: See TracChangeset
for help on using the changeset viewer.
