Fix XSS issue in handling of CDATA in HTML messages

release-1.3
Aleksander Machniak 5 years ago committed by Thomas Bruederli
parent 25c4861542
commit 23c06159ae

@ -497,9 +497,6 @@ class rcube_washtml
break; break;
case XML_CDATA_SECTION_NODE: case XML_CDATA_SECTION_NODE:
$dump .= $node->nodeValue;
break;
case XML_TEXT_NODE: case XML_TEXT_NODE:
$dump .= htmlspecialchars($node->nodeValue); $dump .= htmlspecialchars($node->nodeValue);
break; break;

Loading…
Cancel
Save