amorfo77/sogo
1
0
Fork 0
mirror of https://github.com/inverse-inc/sogo.git synced 2026-05-09 05:25:26 +00:00
Code Issues Projects Releases Wiki Activity

fix(mail): sanitise mail with ics (invitation to event)

Browse Source
This commit is contained in:
Hivert Quentin
2026-05-03 15:08:15 +02:00
parent 6119d6cf23
commit 67ce01ec2a
2 changed files with 27 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files
SoObjects/SOGo/NSString+Utilities.m
+19 -9
View File
@@ -1031,16 +1031,26 @@ static int cssEscapingCount;
newResult = [regex stringByReplacingMatchesInString:result options:0 range:NSMakeRange(0, [result length]) withTemplate:@"</for*"];
result = [NSString stringWithString: newResult];
// Remove onload
regex = [NSRegularExpression regularExpressionWithPattern:@"onload="
options: NSRegularExpressionCaseInsensitive error:&error];
newResult = [regex stringByReplacingMatchesInString:result options:0 range:NSMakeRange(0, [result length]) withTemplate:@"onl***="];
result = [NSString stringWithString: newResult];
// // Remove onload
// regex = [NSRegularExpression regularExpressionWithPattern:@"onload="
// options: NSRegularExpressionCaseInsensitive error:&error];
// newResult = [regex stringByReplacingMatchesInString:result options:0 range:NSMakeRange(0, [result length]) withTemplate:@"onl***="];
// result = [NSString stringWithString: newResult];
// Remove onmouseover
regex = [NSRegularExpression regularExpressionWithPattern:@"onmouseover="
options: NSRegularExpressionCaseInsensitive error:&error];
newResult = [regex stringByReplacingMatchesInString:result options:0 range:NSMakeRange(0, [result length]) withTemplate:@"onmouseo***="];
// // Remove onmouseover
// regex = [NSRegularExpression regularExpressionWithPattern:@"onmouseover="
// options: NSRegularExpressionCaseInsensitive error:&error];
// newResult = [regex stringByReplacingMatchesInString:result options:0 range:NSMakeRange(0, [result length]) withTemplate:@"onmouseo***="];
// result = [NSString stringWithString: newResult];
// regex = [NSRegularExpression regularExpressionWithPattern:@"onrepeat="
// options: NSRegularExpressionCaseInsensitive error:&error];
// newResult = [regex stringByReplacingMatchesInString:result options:0 range:NSMakeRange(0, [result length]) withTemplate:@"onrep***="];
// result = [NSString stringWithString: newResult];
regex = [NSRegularExpression regularExpressionWithPattern: @"(on\\w+)\\s*=\\s*([\"'][^\"']*[\"']|[^\\s>]+)"
options: NSRegularExpressionCaseInsensitive error: &error];
newResult = [regex stringByReplacingMatchesInString: result options: 0 range: NSMakeRange(0, [result length]) withTemplate: @"on***=\"\""];
result = [NSString stringWithString: newResult];
// Remove @import css (in style tags)
UI/MailPartViewers/UIxMailPartICalViewer.m
+8 -3
View File
@@ -44,6 +44,7 @@
#import <SOGo/SOGoUserFolder.h>
#import <SOGo/SOGoUserDefaults.h>
#import <SOGo/SOGoUserManager.h>
#import <SOGo/NSString+Utilities.h>
#import <Appointments/iCalEntityObject+SOGo.h>
#import <Appointments/SOGoAppointmentFolder.h>
#import <Appointments/SOGoAppointmentFolders.h>
@@ -81,8 +82,7 @@
{
if (!inCalendar)
{
inCalendar
= [iCalCalendar parseSingleFromSource: [self flatContentAsString]];
inCalendar = [iCalCalendar parseSingleFromSource: [self flatContentAsString]];
[inCalendar retain];
}
@@ -583,7 +583,12 @@
[[person partStatWithDefault] lowercaseString], @"partstat", nil]];
}
[d setObject: a forKey: @"participants"];
[d setObject: a forKey: @"participants"];
//Sanitise the html content
if([d objectForKey:@"content"]){
[d setObject: [[d objectForKey:@"content"] stringWithoutHTMLInjection: NO] forKey: @"content"];
}
return d;
}