diff --git a/SoObjects/SOGo/NSString+Utilities.m b/SoObjects/SOGo/NSString+Utilities.m
index 06a72a686..d5b77c62d 100644
--- a/SoObjects/SOGo/NSString+Utilities.m
+++ b/SoObjects/SOGo/NSString+Utilities.m
@@ -1014,6 +1014,15 @@ static int cssEscapingCount;
options: NSRegularExpressionCaseInsensitive error:&error];
newResult = [regex stringByReplacingMatchesInString:result options:0 range:NSMakeRange(0, [result length]) withTemplate:@"onmouseo***="];
result = [NSString stringWithString: newResult];
+
+ // Remove @import css (in style tags)
+ regex = [NSRegularExpression regularExpressionWithPattern:@"(<[\\s\\u200B
\\\\0]*s[\\s\\u200B
\\\\0]*t[\\s\\u200B
\\\\0]*y[\\s\\u200B
\\\\0]*l[\\s\\u200B
\\\\0]*e.*)([\\s\\u200B
\\\\0]*@[\\s\\u200B
\\\\0]*i[\\s\\u200B
\\\\0]*m[\\s\\u200B
\\\\0]*p[\\s\\u200B
\\\\0]*o[\\s\\u200B
\\\\0]*r[\\s\\u200B
\\\\0]*t)(.*<[\\s\\u200B
\\\\0]*\\/[\\s\\u200B
\\\\0]*s[\\s\\u200B
\\\\0]*t[\\s\\u200B
\\\\0]*y[\\s\\u200B
\\\\0]*l[\\s\\u200B
\\\\0]*e[\\s\\u200B
\\\\0]*>)"
+ options: NSRegularExpressionCaseInsensitive error:&error];
+ newResult = result;
+ while([regex numberOfMatchesInString:newResult options:0 range:NSMakeRange(0, [newResult length])] > 0) {
+ newResult = [regex stringByReplacingMatchesInString:newResult options:0 range:NSMakeRange(0, [newResult length]) withTemplate:@"$1@im****$3"];
+ }
+ result = [NSString stringWithString: newResult];
}
}
NS_HANDLER
diff --git a/Tests/Unit/TestNSString+Utilities.m b/Tests/Unit/TestNSString+Utilities.m
index e0698caaf..d1384932e 100644
--- a/Tests/Unit/TestNSString+Utilities.m
+++ b/Tests/Unit/TestNSString+Utilities.m
@@ -109,6 +109,7 @@
testEquals([[NSString stringWithString:@"foobar "] stringWithoutHTMLInjection: NO], @"foobar bar");
testEquals([[NSString stringWithString:@"foobar ![]()
"] stringWithoutHTMLInjection: NO], @"");
}
- (void) test_stringCleanInvalidHTMLTags