amorfo77/sogo
1
0
Fork 0
mirror of https://github.com/inverse-inc/sogo.git synced 2026-03-05 07:06:25 +00:00
Code Issues Projects Releases Wiki Activity

fix(mail(js)): ban all "on*" events attributes from HTML tags

Browse Source
This commit is contained in:
Francis Lachapelle
2022-04-04 16:02:32 -04:00
parent 0f3d7dc6bc
commit f38eded701
1 changed files with 2 additions and 34 deletions
Download Patch File Download Diff File Expand all files Collapse all files

36
UI/MailPartViewers/UIxMailPartHTMLViewer.m
View File

@@ -340,7 +340,8 @@ _xmlCharsetForCharset (NSString *charset)
{
skipAttribute = NO;
name = [[_attributes nameAtIndex: count] lowercaseString];
if ([name hasPrefix: @"ON"])
if ([name hasPrefix: @"on"])
// on Events
skipAttribute = YES;
else if ([name isEqualToString: @"src"])
{
@@ -385,39 +386,6 @@ _xmlCharsetForCharset (NSString *charset)
if ([value rangeOfString: @"url" options: NSCaseInsensitiveSearch].location != NSNotFound)
name = [NSString stringWithFormat: @"unsafe-%@", name];
}
else if (
// Mouse Events
[name isEqualToString: @"onclick"] ||
[name isEqualToString: @"ondblclick"] ||
[name isEqualToString: @"onmousedown"] ||
[name isEqualToString: @"onmousemove"] ||
[name isEqualToString: @"onmouseout"] ||
[name isEqualToString: @"onmouseup"] ||
[name isEqualToString: @"onmouseover"] ||
// Keyboard Events
[name isEqualToString: @"onkeydown"] ||
[name isEqualToString: @"onkeypress"] ||
[name isEqualToString: @"onkeyup"] ||
// Frame/Object Events
[name isEqualToString: @"onabort"] ||
[name isEqualToString: @"onerror"] ||
[name isEqualToString: @"onload"] ||
[name isEqualToString: @"onresize"] ||
[name isEqualToString: @"onscroll"] ||
[name isEqualToString: @"onunload"] ||
// Form Events
[name isEqualToString: @"onblur"] ||
[name isEqualToString: @"onchange"] ||
[name isEqualToString: @"onfocus"] ||
[name isEqualToString: @"onreset"] ||
[name isEqualToString: @"onselect"] ||
[name isEqualToString: @"onsubmit"])
{
skipAttribute = YES;
}
else
value = [_attributes valueAtIndex: count];