From 8afc80d82ed6e803b1c213dbbdeac729eadc7f07 Mon Sep 17 00:00:00 2001
From: Francis Lachapelle <flachapelle@inverse.ca>
Date: Wed, 1 Dec 2021 11:34:37 -0500
Subject: [PATCH] fix(mail(html)): ban "javascript:" prefix in href, action and
 formaction

---
 UI/MailPartViewers/UIxMailPartHTMLViewer.m | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/UI/MailPartViewers/UIxMailPartHTMLViewer.m b/UI/MailPartViewers/UIxMailPartHTMLViewer.m
index 2e169d4f9..b3da8a4d0 100644
--- a/UI/MailPartViewers/UIxMailPartHTMLViewer.m
+++ b/UI/MailPartViewers/UIxMailPartHTMLViewer.m
@@ -520,10 +520,11 @@ _xmlCharsetForCharset (NSString *charset)
                 {
                   value = [_attributes valueAtIndex: count];
                   lowerValue = [value lowercaseString];
-                  skipAttribute = ([lowerValue rangeOfString: @"://"].location == NSNotFound
-                                   && ![lowerValue hasPrefix: @"mailto:"]
-                                   && ![lowerValue hasPrefix: @"#"]) ||
-                    [lowerValue hasPrefix: @"javascript:"];
+                  skipAttribute =
+                    ([lowerValue rangeOfString: @"://"].location == NSNotFound
+                     && ![lowerValue hasPrefix: @"mailto:"]
+                     && ![lowerValue hasPrefix: @"#"])
+                    || [lowerValue rangeOfString: @"javascript:"].location != NSNotFound;
                   if (!skipAttribute)
                     [resultPart appendString: @" rel=\"noopener\""];
                 }