- Fix handling HTML comments in HTML messages (#1486189)

CHANGELOG

@@ -1,6 +1,7 @@
 CHANGELOG RoundCube Webmail
 ===========================
 
+- Fix handling HTML comments in HTML messages (#1486189)
 - Fix folder/messagelist controls alignment - icons used (#1486072)
 - Fix LDAP addressbook shows 'Contact not found' error sometimes (#1486178)
 - Fix cache status checking + improve cache operations performance (#1486104)

program/steps/mail/func.inc

@@ -734,7 +734,7 @@ function rcmail_wash_html($html, $p = array(), $cid_replaces)
 
   // allow CSS styles, will be sanitized by rcmail_washtml_callback()
   $washer->add_callback('style', 'rcmail_washtml_callback');
-    
+
   $html = $washer->wash($html);
   $REMOTE_OBJECTS = $washer->extlinks;
   
@@ -892,6 +892,10 @@ function rcmail_html_tag_callback($matches)
 {
   $tagname = $matches[2];
 
+  // html comments (#1486189)
+  if ($matches[1] == '<!')
+    return '<!';
+    
   $tagname = preg_replace(array(
     '/:.*$/',		// Microsoft's Smart Tags <st1:xxxx>
     '/[^a-z0-9_-]/i',	// forbidden characters