From f9fdad251da20617430e1626a72c574221215ff1 Mon Sep 17 00:00:00 2001
From: smizrahi <seb.mizrahi@gmail.com>
Date: Wed, 7 Jun 2023 14:42:21 +0200
Subject: [PATCH] fix(mail): Removed invalid HTML tags in mail body. Fixes
 #5755

---
 SoObjects/SOGo/NSString+Utilities.h        |  3 +++
 SoObjects/SOGo/NSString+Utilities.m        | 11 +++++++++++
 Tests/Unit/TestNSString+Utilities.m        |  6 ++++++
 UI/MailPartViewers/UIxMailPartHTMLViewer.m |  2 +-
 4 files changed, 21 insertions(+), 1 deletion(-)

diff --git a/SoObjects/SOGo/NSString+Utilities.h b/SoObjects/SOGo/NSString+Utilities.h
index 2164b2bd3..cdec73f75 100644
--- a/SoObjects/SOGo/NSString+Utilities.h
+++ b/SoObjects/SOGo/NSString+Utilities.h
@@ -92,6 +92,9 @@
 - (NSString *) encryptWithKey: (NSString *) theKey;
 - (NSString *) decryptWithKey: (NSString *) theKey;
 
+/* HTML */
+- (NSString *) cleanInvalidHTMLTags;
+
 @end
 
 #endif /* NSSTRING_URL_H */
diff --git a/SoObjects/SOGo/NSString+Utilities.m b/SoObjects/SOGo/NSString+Utilities.m
index fb888fb0f..682be7e71 100644
--- a/SoObjects/SOGo/NSString+Utilities.m
+++ b/SoObjects/SOGo/NSString+Utilities.m
@@ -1001,4 +1001,15 @@ static int cssEscapingCount;
   return result;
 }
 
+- (NSString *) cleanInvalidHTMLTags {
+  // Clean HTML invalid tags as reported in https://bugs.sogo.nu/view.php?id=5755
+  NSString *s;
+  
+  s = [NSString stringWithString: self];
+  s = [s stringByReplacingOccurrencesOfString:@"<!-->" withString:@""];
+  s = [s stringByReplacingOccurrencesOfString:@"<!--<!" withString:@"<!--"];
+
+  return s;
+}
+
 @end
diff --git a/Tests/Unit/TestNSString+Utilities.m b/Tests/Unit/TestNSString+Utilities.m
index 32e86de74..caf244c67 100644
--- a/Tests/Unit/TestNSString+Utilities.m
+++ b/Tests/Unit/TestNSString+Utilities.m
@@ -110,5 +110,11 @@
   testEquals([[NSString stringWithString:@"foobar <img onmouseover=foo bar"] stringWithoutHTMLInjection: NO], @"foobar <img onmouseo***=foo bar");
 }
 
+- (void) test_stringCleanInvalidHTMLTags
+{
+  testEquals([[NSString stringWithString:@"<div>Test<!--></div>"] cleanInvalidHTMLTags], @"<div>Test</div>");
+  testEquals([[NSString stringWithString:@"<div><!--[if !mso]><span>Test</span><!--<![endif]--></div>"] cleanInvalidHTMLTags], @"<div><!--[if !mso]><span>Test</span><!--[endif]--></div>");
+}
+
 
 @end
diff --git a/UI/MailPartViewers/UIxMailPartHTMLViewer.m b/UI/MailPartViewers/UIxMailPartHTMLViewer.m
index be794fa67..b4eff9f03 100644
--- a/UI/MailPartViewers/UIxMailPartHTMLViewer.m
+++ b/UI/MailPartViewers/UIxMailPartHTMLViewer.m
@@ -845,7 +845,7 @@ _xmlCharsetForCharset (NSString *charset)
       if (!s)
         s = [[NSString alloc] initWithData: preparsedContent  encoding: NSISOLatin1StringEncoding];
 
-      preparsedContent = [[s safeString] dataUsingEncoding: NSUTF8StringEncoding];
+      preparsedContent = [[[s cleanInvalidHTMLTags] safeString] dataUsingEncoding: NSUTF8StringEncoding];
       RELEASE(s);
     }