From f38eded701fff37f570c91a2c5c62075a0ebe439 Mon Sep 17 00:00:00 2001
From: Francis Lachapelle <flachapelle@inverse.ca>
Date: Mon, 4 Apr 2022 16:02:32 -0400
Subject: [PATCH] fix(mail(js)): ban all "on*" events attributes from HTML tags

---
 UI/MailPartViewers/UIxMailPartHTMLViewer.m | 36 ++--------------------
 1 file changed, 2 insertions(+), 34 deletions(-)

diff --git a/UI/MailPartViewers/UIxMailPartHTMLViewer.m b/UI/MailPartViewers/UIxMailPartHTMLViewer.m
index 076c74ae4..a5155125f 100644
--- a/UI/MailPartViewers/UIxMailPartHTMLViewer.m
+++ b/UI/MailPartViewers/UIxMailPartHTMLViewer.m
@@ -340,7 +340,8 @@ _xmlCharsetForCharset (NSString *charset)
             {
               skipAttribute = NO;
               name = [[_attributes nameAtIndex: count] lowercaseString];
-              if ([name hasPrefix: @"ON"])
+              if ([name hasPrefix: @"on"])
+                // on Events
                 skipAttribute = YES;
               else if ([name isEqualToString: @"src"])
                 {
@@ -385,39 +386,6 @@ _xmlCharsetForCharset (NSString *charset)
                   if ([value rangeOfString: @"url" options: NSCaseInsensitiveSearch].location != NSNotFound)
                     name = [NSString stringWithFormat: @"unsafe-%@", name];
                 }
-	      else if (
-		       // Mouse Events
-		       [name isEqualToString: @"onclick"] ||
-		       [name isEqualToString: @"ondblclick"] ||
-		       [name isEqualToString: @"onmousedown"] ||
-		       [name isEqualToString: @"onmousemove"] ||
-		       [name isEqualToString: @"onmouseout"] ||
-		       [name isEqualToString: @"onmouseup"] ||
-		       [name isEqualToString: @"onmouseover"] ||
-
-		       // Keyboard Events
-		       [name isEqualToString: @"onkeydown"] ||
-		       [name isEqualToString: @"onkeypress"] ||
-		       [name isEqualToString: @"onkeyup"] ||
-
-		       // Frame/Object Events
-		       [name isEqualToString: @"onabort"] ||
-		       [name isEqualToString: @"onerror"] ||
-		       [name isEqualToString: @"onload"] ||
-		       [name isEqualToString: @"onresize"] ||
-		       [name isEqualToString: @"onscroll"]  ||
-		       [name isEqualToString: @"onunload"] ||
-
-		       // Form Events
-		       [name isEqualToString: @"onblur"] ||
-		       [name isEqualToString: @"onchange"] ||
-		       [name isEqualToString: @"onfocus"] ||
-		       [name isEqualToString: @"onreset"] ||
-		       [name isEqualToString: @"onselect"] ||
-		       [name isEqualToString: @"onsubmit"]) 
-		{
-		  skipAttribute = YES;
-		}
               else
                 value = [_attributes valueAtIndex: count];