Escape textarea contents in Washtml

pull/5899/merge
Thomas Bruederli 7 years ago
parent 3918cb1d32
commit 919338d4ba

@ -471,6 +471,9 @@ class rcube_washtml
}
}
}
else if ($tagName == 'textarea' && strpos($content, '<') !== false) {
$content = htmlspecialchars($content, ENT_QUOTES);
}
$dump .= $this->wash_attribs($node);

@ -358,4 +358,15 @@ class Framework_Washtml extends PHPUnit_Framework_TestCase
$this->assertTrue($washer->extlinks);
$this->assertNotContains('TRACKING', $washed, "Src attribute of <video> tag (#5583)");
}
function test_textarea_content_escaping()
{
$html = '<textarea><p style="x:</textarea><img src=x onerror=alert(1)>">';
$washer = new rcube_washtml;
$washed = $washer->wash($html);
$this->assertNotContains('onerror=alert(1)>', $washed);
$this->assertContains('&lt;p style=&quot;x:', $washed);
}
}

Loading…
Cancel
Save