From c4bb0de11e5ea4432612c974cf238845600d3601 Mon Sep 17 00:00:00 2001 From: Francis Lachapelle Date: Fri, 26 Nov 2021 08:34:45 -0500 Subject: [PATCH] fix(mail): don't lowercase href/action/formaction attribute value Fixes #5434 --- UI/MailPartViewers/UIxMailPartHTMLViewer.m | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/UI/MailPartViewers/UIxMailPartHTMLViewer.m b/UI/MailPartViewers/UIxMailPartHTMLViewer.m index 6761781b6..2e169d4f9 100644 --- a/UI/MailPartViewers/UIxMailPartHTMLViewer.m +++ b/UI/MailPartViewers/UIxMailPartHTMLViewer.m @@ -446,7 +446,7 @@ _xmlCharsetForCharset (NSString *charset) attributes: (id ) _attributes { unsigned int count, max; - NSString *name, *value, *cid, *lowerName; + NSString *name, *value, *cid, *lowerName, *lowerValue; NSMutableString *resultPart; BOOL skipAttribute; @@ -518,11 +518,12 @@ _xmlCharsetForCharset (NSString *charset) || [name isEqualToString: @"action"] || [name isEqualToString: @"formaction"]) { - value = [[_attributes valueAtIndex: count] lowercaseString]; - skipAttribute = ([value rangeOfString: @"://"].location == NSNotFound - && ![value hasPrefix: @"mailto:"] - && ![value hasPrefix: @"#"]) || - [value hasPrefix: @"javascript:"]; + value = [_attributes valueAtIndex: count]; + lowerValue = [value lowercaseString]; + skipAttribute = ([lowerValue rangeOfString: @"://"].location == NSNotFound + && ![lowerValue hasPrefix: @"mailto:"] + && ![lowerValue hasPrefix: @"#"]) || + [lowerValue hasPrefix: @"javascript:"]; if (!skipAttribute) [resultPart appendString: @" rel=\"noopener\""]; }