Fix bug where comment notation within style tag would cause the whole style to be ignored (#5747)

pull/5750/merge
Aleksander Machniak 8 years ago
parent 715e8bf8bd
commit 8f22c3287d

@ -5,6 +5,7 @@ CHANGELOG Roundcube Webmail
- Fix bug where invalid recipients could be silently discarded (#5739)
- Fix conflict with _gid cookie of Google Analytics (#5748)
- Print error from CLI scripts when system/exec function is disabled (#5744)
- Fix bug where comment notation within style tag would cause the whole style to be ignored (#5747)
RELEASE 1.3-rc
--------------

@ -489,6 +489,7 @@ class rcube_utils
$callback = function($matches) { return chr(hexdec($matches[1])); };
$out = html_entity_decode(html_entity_decode($content));
$out = trim(preg_replace('/(^<!--|-->$)/', '', trim($out)));
$out = preg_replace_callback('/\\\([0-9a-f]{4})/i', $callback, $out);
$out = preg_replace('#/\*.*\*/#Ums', '', $out);
$out = strip_tags($out);

@ -227,6 +227,10 @@ class Framework_Utils extends PHPUnit_Framework_TestCase
$mod = rcube_utils::xss_entity_decode('#foo:after{content:"\003Cimg/src=x onerror=alert(2)>";}');
$this->assertNotContains('<img', $mod, "Strip (encoded) tags from content property");
// #5747
$mod = rcube_utils::xss_entity_decode('<!-- #foo { content:css; } -->');
$this->assertContains('#foo', $mod, "Strip HTML comments from content, but not the content");
}
/**

Loading…
Cancel
Save