amorfo77/sogo
1
0
Fork 0
mirror of https://github.com/inverse-inc/sogo.git synced 2026-02-26 03:36:23 +00:00
Code Issues Projects Releases Wiki Activity

Monotone-Parent: 8b85752325ab90167923684643ea6fe0374ee7a1

Browse Source 
Monotone-Revision: 29fffc5b150efb565af943e7fd8387e446ceb042

Monotone-Author: flachapelle@inverse.ca
Monotone-Date: 2012-02-07T23:47:25
This commit is contained in:
Francis Lachapelle
2012-02-07 23:47:25 +00:00
parent b7077e74de
commit 34cc7a27dc
1 changed files with 41 additions and 42 deletions
Download Patch File Download Diff File Expand all files Collapse all files

83
UI/MailPartViewers/UIxMailPartHTMLViewer.m
View File

@@ -430,58 +430,57 @@ static NSData* _sanitizeContent(NSData *theData)
ignoreTag = [lowerName copy];
ignoredContent++;
}
else
max = [_attributes count];
for (count = 0; count < max; count++)
{
max = [_attributes count];
for (count = 0; count < max; count++)
skipAttribute = NO;
name = [[_attributes nameAtIndex: count] lowercaseString];
if ([name hasPrefix: @"ON"])
skipAttribute = YES;
else if ([name isEqualToString: @"src"])
{
skipAttribute = NO;
name = [[_attributes nameAtIndex: count] lowercaseString];
if ([name hasPrefix: @"ON"])
skipAttribute = YES;
else if ([name isEqualToString: @"src"])
value = [_attributes valueAtIndex: count];
if ([value hasPrefix: @"cid:"])
{
value = [_attributes valueAtIndex: count];
if ([value hasPrefix: @"cid:"])
{
cid = [NSString stringWithFormat: @"<%@>",
[value substringFromIndex: 4]];
value = [attachmentIds objectForKey: cid];
skipAttribute = (value == nil);
}
else if ([lowerName isEqualToString: @"img"])
{
/* [resultPart appendString:
@"src=\"/SOGo.woa/WebServerResources/empty.gif\""]; */
name = @"unsafe-src";
}
else
skipAttribute = YES;
cid = [NSString stringWithFormat: @"<%@>",
[value substringFromIndex: 4]];
value = [attachmentIds objectForKey: cid];
skipAttribute = (value == nil);
}
else if (([name isEqualToString: @"data"]
|| [name isEqualToString: @"classid"])
&& [lowerName isEqualToString: @"object"])
else if ([lowerName isEqualToString: @"img"])
{
value = [_attributes valueAtIndex: count];
name = [NSString stringWithFormat: @"unsafe-%@", name];
}
else if ([name isEqualToString: @"href"]
|| [name isEqualToString: @"action"])
{
value = [_attributes valueAtIndex: count];
skipAttribute = ([value rangeOfString: @"://"].location
== NSNotFound
&& ![value hasPrefix: @"#"]);
/* [resultPart appendString:
@"src=\"/SOGo.woa/WebServerResources/empty.gif\""]; */
name = @"unsafe-src";
}
else
value = [_attributes valueAtIndex: count];
if (!skipAttribute)
[resultPart appendFormat: @" %@=\"%@\"",
name, [value stringByReplacingString: @"\""
withString: @"\\\""]];
skipAttribute = YES;
}
else if (([name isEqualToString: @"data"]
|| [name isEqualToString: @"classid"])
&& [lowerName isEqualToString: @"object"])
{
value = [_attributes valueAtIndex: count];
name = [NSString stringWithFormat: @"unsafe-%@", name];
}
else if ([name isEqualToString: @"href"]
|| [name isEqualToString: @"action"])
{
value = [_attributes valueAtIndex: count];
skipAttribute = ([value rangeOfString: @"://"].location
== NSNotFound
&& ![value hasPrefix: @"#"]);
}
else
value = [_attributes valueAtIndex: count];
if (!skipAttribute)
[resultPart appendFormat: @" %@=\"%@\"",
name, [value stringByReplacingString: @"\""
withString: @"\\\""]];
}
if ([VoidTags containsObject: lowerName])
[resultPart appendString: @"/"];
[resultPart appendString: @">"];
[result appendString: resultPart];
}