Fix bug where HTML messages with invalid/excessive css styles couldn't be displayed (#1490539)

Technically speaking we remove the whole CSS content when it has more than 5k lines.
pull/299/merge
Aleksander Machniak 9 years ago
parent fe8ff85d7e
commit 92bcb940d4

@ -42,6 +42,7 @@ CHANGELOG Roundcube Webmail
- Fix so database_attachments::cleanup() does not remove attachments from other sessions (#1490542)
- Fix responses list update issue after response name change (#1490555)
- Fix bug where message preview was unintentionally reset on check-recent action (#1490563)
- Fix bug where HTML messages with invalid/excessive css styles couldn't be displayed (#1490539)
RELEASE 1.1.3
-------------

@ -951,6 +951,13 @@ function rcmail_washtml_callback($tagname, $attrib, $content, $washtml)
break;
case 'style':
// Crazy big styles may freeze the browser (#1490539)
// remove content with more than 5k lines
if (substr_count($content, "\n") > 5000) {
$out = '';
break;
}
// decode all escaped entities and reduce to ascii strings
$stripped = preg_replace('/[^a-zA-Z\(:;]/', '', rcube_utils::xss_entity_decode($content));

Loading…
Cancel
Save