Index: program/steps/mail/func.inc
===================================================================
--- program/steps/mail/func.inc	(revision 2bca6e1da0e46f93297a7f60ff449b6c6ebac239)
+++ program/steps/mail/func.inc	(revision ee883ad73d64639eb994a71e15b1a37c07ff3cb9)
@@ -740,5 +740,5 @@
                                '/<script.+<\/script>/Umis');
 
-      $remote_replaces = array('<img \\1src=\\2./program/blank.gif\\4',
+      $remote_replaces = array('<img \\1src=\\2./program/blocked.gif\\4',
                                '',
                                '',
@@ -1211,5 +1211,6 @@
 
   // replace event handlers on any object
-  $body = preg_replace('/\s(on[a-z]+)=/im', ' __removed=', $body);  
+  $body = preg_replace('/\s(on[^=]+)=/im', ' __removed=', $body);  
+  $body = preg_replace('/\shref=["\']?(javascript:)/im', 'null:', $body);
 
   // resolve <base href>
@@ -1252,5 +1253,5 @@
     $attrib['onclick'] = sprintf("return %s.command('compose','%s',this)",
                                  $GLOBALS['JS_OBJECT_NAME'],
-                                 substr($attrib['href'], 7));
+                                 JQ(substr($attrib['href'], 7)));
   else if (!empty($attrib['href']) && $attrib['href']{0}!='#')
     $attrib['target'] = '_blank';