Sanitize whitelisted attributes of HTML tags

2026-03-01 13:16:23 +00:00 · 2017-06-05 15:14:48 -04:00
parent 2604e2bf59
commit b3f541b87e
1 changed files with 1 additions and 2 deletions
--- a/UI/MailPartViewers/UIxMailPartHTMLViewer.m
+++ b/UI/MailPartViewers/UIxMailPartHTMLViewer.m
@@ -686,8 +686,7 @@ static NSData* _sanitizeContent(NSData *theData)
              
              if (!skipAttribute)
                [resultPart appendFormat: @" %@=\"%@\"",
-                            name, [value stringByReplacingString: @"\""
-                                                      withString: @"\\\""]];
+                            name, [value safeStringByEscapingXMLString: NO]];
            }
          
          if ([VoidTags containsObject: lowerName])