fix(mail(js)): ban all "on*" events attributes from HTML tags

2026-02-21 17:36:24 +00:00 · 2021-11-08 13:06:02 -05:00
parent d43b28ca73
commit a5c315fd17
1 changed files with 2 additions and 54 deletions
--- a/UI/MailPartViewers/UIxMailPartHTMLViewer.m
+++ b/UI/MailPartViewers/UIxMailPartHTMLViewer.m
@@ -534,61 +534,9 @@ _xmlCharsetForCharset (NSString *charset)
                  if ([value rangeOfString: @"url" options: NSCaseInsensitiveSearch].location != NSNotFound)
                    name = [NSString stringWithFormat: @"unsafe-%@", name];
                }
-	      else if (
-		       // Mouse Events
-		       [name isEqualToString: @"onclick"] ||
-		       [name isEqualToString: @"ondblclick"] ||
-		       [name isEqualToString: @"onmousedown"] ||
-		       [name isEqualToString: @"onmousemove"] ||
-		       [name isEqualToString: @"onmouseout"] ||
-		       [name isEqualToString: @"onmouseup"] ||
-		       [name isEqualToString: @"onmouseover"] ||
-                       [name isEqualToString: @"onpointerrawupdate"] ||
-
-		       // Keyboard Events
-		       [name isEqualToString: @"onkeydown"] ||
-		       [name isEqualToString: @"onkeypress"] ||
-		       [name isEqualToString: @"onkeyup"] ||
-
-		       // Frame/Object Events
-		       [name isEqualToString: @"onabort"] ||
-		       [name isEqualToString: @"onerror"] ||
-		       [name isEqualToString: @"onload"] ||
-		       [name isEqualToString: @"onresize"] ||
-		       [name isEqualToString: @"onscroll"]  ||
-		       [name isEqualToString: @"onunload"] ||
-
-		       // Form Events
-		       [name isEqualToString: @"onblur"] ||
-		       [name isEqualToString: @"onchange"] ||
-		       [name isEqualToString: @"onfocus"] ||
-		       [name isEqualToString: @"onreset"] ||
-		       [name isEqualToString: @"onselect"] ||
-		       [name isEqualToString: @"onsubmit"] ||
-
-                       // Media Events
-                       [name isEqualToString: @"oncanplay"] ||
-                       [name isEqualToString: @"oncanplaythrough"] ||
-                       [name isEqualToString: @"oncuechange"] ||
-                       [name isEqualToString: @"ondurationchange"] ||
-                       [name isEqualToString: @"onemptied"] ||
-                       [name isEqualToString: @"onended"] ||
-                       [name isEqualToString: @"onloadeddata"] ||
-                       [name isEqualToString: @"onloadedmetadata"] ||
-                       [name isEqualToString: @"onloadstart"] ||
-                       [name isEqualToString: @"onpause"] ||
-                       [name isEqualToString: @"onplay"] ||
-                       [name isEqualToString: @"onplaying"] ||
-                       [name isEqualToString: @"onprogress"] ||
-                       [name isEqualToString: @"onratechange"] ||
-                       [name isEqualToString: @"onseeked"] ||
-                       [name isEqualToString: @"onseeking"] ||
-                       [name isEqualToString: @"onstalled"] ||
-                       [name isEqualToString: @"onsuspend"] ||
-                       [name isEqualToString: @"ontimeupdate"] ||
-                       [name isEqualToString: @"onvolumechange"] ||
-                       [name isEqualToString: @"onwaiting"])
+	      else if ([name hasPrefix: @"on"])
 		{
+                  // on Events
 		  skipAttribute = YES;
 		}
              else