banananetwork
/
roundcubemail
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Fix XSS issue in handling of CDATA in HTML messages

Browse Source
release-1.2
Aleksander Machniak 5 years ago committed by Thomas Bruederli
parent d3f2759a6b
commit 4312dc4efe
1 changed files with 0 additions and 3 deletions
Show Stats Download Patch File Download Diff File

3
program/lib/Roundcube/rcube_washtml.php
Unescape Escape View File

@ -472,9 +472,6 @@ class rcube_washtml
break; break;
case XML_CDATA_SECTION_NODE: case XML_CDATA_SECTION_NODE:
$dump .= $node->nodeValue;
break;
case XML_TEXT_NODE: case XML_TEXT_NODE:
$dump .= htmlspecialchars($node->nodeValue); $dump .= htmlspecialchars($node->nodeValue);
break; break;

Write Preview
Loading…
Cancel
Save