diff --git a/UI/MailPartViewers/UIxMailPartHTMLViewer.m b/UI/MailPartViewers/UIxMailPartHTMLViewer.m
index a5155125f..9f5176593 100644
--- a/UI/MailPartViewers/UIxMailPartHTMLViewer.m
+++ b/UI/MailPartViewers/UIxMailPartHTMLViewer.m
@@ -299,7 +299,7 @@ _xmlCharsetForCharset (NSString *charset)
attributes: (id ) _attributes
{
unsigned int count, max;
- NSString *name, *value, *cid, *lowerName;
+ NSString *name, *value, *cid, *lowerName, *lowerValue;
NSMutableString *resultPart;
BOOL skipAttribute;
@@ -371,13 +371,19 @@ _xmlCharsetForCharset (NSString *charset)
name = [NSString stringWithFormat: @"unsafe-%@", name];
}
else if ([name isEqualToString: @"href"]
- || [name isEqualToString: @"action"])
+ || [name isEqualToString: @"action"]
+ || [name isEqualToString: @"formaction"])
{
value = [_attributes valueAtIndex: count];
- skipAttribute = ([value rangeOfString: @"://"].location
- == NSNotFound
- && ![value hasPrefix: @"mailto:"]
- && ![value hasPrefix: @"#"]);
+ lowerValue = [[value lowercaseString] stringByReplacingString: @"\""
+ withString: @""];
+ skipAttribute =
+ ([lowerValue rangeOfString: @"://"].location == NSNotFound
+ && ![lowerValue hasPrefix: @"mailto:"]
+ && ![lowerValue hasPrefix: @"#"])
+ || [lowerValue rangeOfString: @"javascript:"].location != NSNotFound;
+ if (!skipAttribute)
+ [resultPart appendString: @" rel=\"noopener\""];
}
// Avoid:
else if ([name isEqualToString: @"style"])