From a5c315fd1735c9370bc135bdd088efe6900a906d Mon Sep 17 00:00:00 2001
From: Francis Lachapelle <flachapelle@inverse.ca>
Date: Mon, 8 Nov 2021 13:06:02 -0500
Subject: [PATCH] fix(mail(js)): ban all "on*" events attributes from HTML tags

---
 UI/MailPartViewers/UIxMailPartHTMLViewer.m | 56 +---------------------
 1 file changed, 2 insertions(+), 54 deletions(-)

diff --git a/UI/MailPartViewers/UIxMailPartHTMLViewer.m b/UI/MailPartViewers/UIxMailPartHTMLViewer.m
index d8d6f46cf..244128b44 100644
--- a/UI/MailPartViewers/UIxMailPartHTMLViewer.m
+++ b/UI/MailPartViewers/UIxMailPartHTMLViewer.m
@@ -534,61 +534,9 @@ _xmlCharsetForCharset (NSString *charset)
                   if ([value rangeOfString: @"url" options: NSCaseInsensitiveSearch].location != NSNotFound)
                     name = [NSString stringWithFormat: @"unsafe-%@", name];
                 }
-	      else if (
-		       // Mouse Events
-		       [name isEqualToString: @"onclick"] ||
-		       [name isEqualToString: @"ondblclick"] ||
-		       [name isEqualToString: @"onmousedown"] ||
-		       [name isEqualToString: @"onmousemove"] ||
-		       [name isEqualToString: @"onmouseout"] ||
-		       [name isEqualToString: @"onmouseup"] ||
-		       [name isEqualToString: @"onmouseover"] ||
-                       [name isEqualToString: @"onpointerrawupdate"] ||
-
-		       // Keyboard Events
-		       [name isEqualToString: @"onkeydown"] ||
-		       [name isEqualToString: @"onkeypress"] ||
-		       [name isEqualToString: @"onkeyup"] ||
-
-		       // Frame/Object Events
-		       [name isEqualToString: @"onabort"] ||
-		       [name isEqualToString: @"onerror"] ||
-		       [name isEqualToString: @"onload"] ||
-		       [name isEqualToString: @"onresize"] ||
-		       [name isEqualToString: @"onscroll"]  ||
-		       [name isEqualToString: @"onunload"] ||
-
-		       // Form Events
-		       [name isEqualToString: @"onblur"] ||
-		       [name isEqualToString: @"onchange"] ||
-		       [name isEqualToString: @"onfocus"] ||
-		       [name isEqualToString: @"onreset"] ||
-		       [name isEqualToString: @"onselect"] ||
-		       [name isEqualToString: @"onsubmit"] ||
-
-                       // Media Events
-                       [name isEqualToString: @"oncanplay"] ||
-                       [name isEqualToString: @"oncanplaythrough"] ||
-                       [name isEqualToString: @"oncuechange"] ||
-                       [name isEqualToString: @"ondurationchange"] ||
-                       [name isEqualToString: @"onemptied"] ||
-                       [name isEqualToString: @"onended"] ||
-                       [name isEqualToString: @"onloadeddata"] ||
-                       [name isEqualToString: @"onloadedmetadata"] ||
-                       [name isEqualToString: @"onloadstart"] ||
-                       [name isEqualToString: @"onpause"] ||
-                       [name isEqualToString: @"onplay"] ||
-                       [name isEqualToString: @"onplaying"] ||
-                       [name isEqualToString: @"onprogress"] ||
-                       [name isEqualToString: @"onratechange"] ||
-                       [name isEqualToString: @"onseeked"] ||
-                       [name isEqualToString: @"onseeking"] ||
-                       [name isEqualToString: @"onstalled"] ||
-                       [name isEqualToString: @"onsuspend"] ||
-                       [name isEqualToString: @"ontimeupdate"] ||
-                       [name isEqualToString: @"onvolumechange"] ||
-                       [name isEqualToString: @"onwaiting"])
+	      else if ([name hasPrefix: @"on"])
 		{
+                  // on Events
 		  skipAttribute = YES;
 		}
               else