amorfo77/sogo
1
0
Fork 0
mirror of https://github.com/inverse-inc/sogo.git synced 2026-03-05 23:26:24 +00:00
Code Issues Projects Releases Wiki Activity

fix(mail): don't lowercase href/action/formaction attribute value

Browse Source 
Fixes #5434
This commit is contained in:
Francis Lachapelle
2021-11-26 08:34:45 -05:00
parent d484c2b8bd
commit c4bb0de11e
1 changed files with 7 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
UI/MailPartViewers/UIxMailPartHTMLViewer.m
View File

@@ -446,7 +446,7 @@ _xmlCharsetForCharset (NSString *charset)
attributes: (id <SaxAttributes>) _attributes
{
unsigned int count, max;
NSString *name, *value, *cid, *lowerName;
NSString *name, *value, *cid, *lowerName, *lowerValue;
NSMutableString *resultPart;
BOOL skipAttribute;
@@ -518,11 +518,12 @@ _xmlCharsetForCharset (NSString *charset)
|| [name isEqualToString: @"action"]
|| [name isEqualToString: @"formaction"])
{
value = [[_attributes valueAtIndex: count] lowercaseString];
skipAttribute = ([value rangeOfString: @"://"].location == NSNotFound
&& ![value hasPrefix: @"mailto:"]
&& ![value hasPrefix: @"#"]) ||
[value hasPrefix: @"javascript:"];
value = [_attributes valueAtIndex: count];
lowerValue = [value lowercaseString];
skipAttribute = ([lowerValue rangeOfString: @"://"].location == NSNotFound
&& ![lowerValue hasPrefix: @"mailto:"]
&& ![lowerValue hasPrefix: @"#"]) ||
[lowerValue hasPrefix: @"javascript:"];
if (!skipAttribute)
[resultPart appendString: @" rel=\"noopener\""];
}