Opened 6 years ago
Closed 6 years ago
#1484300 closed Bugs (fixed)
[serious] Invalid character in mail address causes javascript error
| Reported by: | seansan | Owned by: | |
|---|---|---|---|
| Priority: | 5 | Milestone: | 0.1-rc1 |
| Component: | Security | Version: | 0.1-beta2 |
| Severity: | major | Keywords: | tick javascrip error spam |
| Cc: |
Description (last modified by thomasb)
Ofcourse this is not common practice (it is spam) - but, when a user sender's address contains a tick (') then the user is confronted with a javascript error in the mainscreen.
The tick (') is a valid part of an email address and should be escaped
</tr>
<tr id="rcmrow399" class="message unread odd">
<td class="icon"><img src="skins/default/images/icons/unread.png" alt="" border="0" /></td>
<td class="subject">Fwd: Pharmacy bulletin<img src="./program/blank.gif" height="5" width="1000" alt="" /></td>
<td class="from"><a href="mailto:deaconess'sreposing@mailsent.net" onclick="return rcmail.command('compose','deaconess'sreposing@mailsent.net',this)" class="rcmContactAddress" title="deaconess'sreposing@mailsent.net">Alonzo Barr</a></td>
<td class="date">Today 13:56</td>
<td class="size">3 KB</td>
<td class="cc"></td>
<td class="icon"></td>
</tr>
The error is here (count and check the ticks) :
rcmail.command('compose','deaconess'sreposing@mailsent.net',this)"
This message has been oploaded to testing.roundcube.net
Change History (2)
comment:1 Changed 6 years ago by seansan
comment:2 Changed 6 years ago by thomasb
- Description modified (diff)
- Resolution set to fixed
- Status changed from new to closed
- Version changed from 0.1-rc1 to 0.1-beta2
Note: See
TracTickets for help on using
tickets.
Your Upload-ID is '20070322_145813_4'