diff --git a/CHANGELOG b/CHANGELOG
index 1abd7af61..00b3eb032 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -9,6 +9,7 @@ CHANGELOG Roundcube Webmail
- Fix some advanced search issues with multiple addressbooks (#5572)
- Fix so group/addressbook selection is retained on page refresh
- Fix bug where image data URIs in css style were treated as evil/remote in mail preview (#5580)
+- Fix bug where external content in src attribute of input/video tags was not secured (#5583)
RELEASE 1.2.3
-------------
diff --git a/program/lib/Roundcube/rcube_washtml.php b/program/lib/Roundcube/rcube_washtml.php
index 21e28bb59..46b699874 100644
--- a/program/lib/Roundcube/rcube_washtml.php
+++ b/program/lib/Roundcube/rcube_washtml.php
@@ -386,7 +386,7 @@ class rcube_washtml
return $attr == 'background'
|| $attr == 'color-profile' // SVG
|| ($attr == 'poster' && $tag == 'video')
- || ($attr == 'src' && preg_match('/^(img|source)$/i', $tag))
+ || ($attr == 'src' && preg_match('/^(img|source|input|video|audio)$/i', $tag))
|| ($tag == 'image' && $attr == 'href'); // SVG
}
diff --git a/tests/Framework/Washtml.php b/tests/Framework/Washtml.php
index 50454cd4e..dcc8f883e 100644
--- a/tests/Framework/Washtml.php
+++ b/tests/Framework/Washtml.php
@@ -283,4 +283,26 @@ class Framework_Washtml extends PHPUnit_Framework_TestCase
$this->assertTrue(strpos($washed, $exp) !== false, "Position:fixed (#5264)");
}
+
+ /**
+ * Test external links in src of input/video elements (#5583)
+ */
+ function test_src_wash()
+ {
+ $html = "";
+
+ $washer = new rcube_washtml;
+ $washed = $washer->wash($html);
+
+ $this->assertTrue($washer->extlinks);
+ $this->assertNotContains('TRACKING', $washed, "Src attribute of tag (#5583)");
+
+ $html = "