Commit Graph

266 Commits (40967393226ba41e4e0cc4a1ce9022d3fcb99a3f)

Author SHA1 Message Date
Aleksander Machniak 21ebf3ff5a Fix bug where it was possible to bypass href URI check with data:application/xhtml+xml URIs (#6896) 5 years ago
Aleksander Machniak 63730cf842 Fix security issue where it was possible to bypass the CSS jail in HTML messages using :root pseudo-class (#6897) 5 years ago
Aleksander Machniak 057fb69bb9 Fix bug where some strict remote URIs in url() style were unintentionally blocked (#6899) 5 years ago
Aleksander Machniak 7bf868767e Fix security issue where it was possible to bypass the position:fixed CSS check in received messages (#6898) 5 years ago
Aleksander Machniak e88e0c16c9 Move rcmail (and future rcmail_*) class tests to tests/Rcmail directory 5 years ago
Aleksander Machniak bfe2bc17d7 Fix css styles leak from replied/forwarded message to the rest of the composed text (#6831)
Generally do the same with styles what we do on message preview.

This also fixes small bugs in handling styles:
- fix so <style> tag on the start of the HTML content is not ignored
- fix so body's background/bgcolor attributes are applied to the container (regression)
5 years ago
Aleksander Machniak 0a0ad2c9b7 Switch to IDNA2008 variant (#6806)
After switching IDNA_NONTRANSITIONAL_TO_ASCII on, switch to
IDNA2008 variant in Net_LDAP2. Add test, update changelog.
6 years ago
Aleksander Machniak ce52b04051 Update changelog, add some tests for rcube_utils::parse_host() 6 years ago
Aleksander Machniak 7c8ce07e8c Fix bug where bold/strong text was converted to upper-case on html-to-text conversion (6758) 6 years ago
Aleksander Machniak 55cca61134 Workaround more invalid HTML cases parsed incorrectly by Mastermind/HTML5 (#6713) 6 years ago
Aleksander Machniak 57c67db029 Remove year(s) from copyright headers + some cleanup 6 years ago
Aleksander Machniak 92ed0154d5 Followup fix on handling HTML content w/o html/head/body tag (#6713) 6 years ago
Aleksander Machniak 03d56926d8 Fix bug in HTML parser that could cause missing text fragments when there was no head/body tag (#6713) 6 years ago
dsoares 00cc13a1b9 Fix bug where HTML messages with a xml:namespace tag were not rendered. 6 years ago
Aleksander Machniak 881b344fba Fix regression in vcard parser 6 years ago
Aleksander Machniak 7a49b48dc1 Fix handling of empty entries in vCard import (#6564) 6 years ago
Aleksander Machniak 36485dfc34 Prevent from using deprecated timezone names from jsTimezoneDetect
For better interoperability of plugins such as Calendar, for example
issue see: https://git.kolab.org/T2666.
6 years ago
Aleksander Machniak 0a0ac045fe Fix bug where valid content between HTML comments could have been skipped in some cases (#6464) 6 years ago
Aleksander Machniak 0dee528adb Add test for #6410 6 years ago
Aleksander Machniak 086e781b8f Fix bug where some HTML comments could have been malformed by HTML parser (#6333) 7 years ago
Aleksander Machniak 3d0b2cd3ce Pass PEAR errors to rcube::raise_error(), small CS improvements 7 years ago
Aleksander Machniak 0716d499bc Fix bug where some escape sequences in html styles could bypass security checks 7 years ago
Aleksander Machniak 63d3ad11fb Use Masterminds/HTML5 parser for HTML5 support (#5761) 7 years ago
Aleksander Machniak b2bebe531a Fix bug where usernames without domain part could be malformed or converted to lower-case on logon (#6224) 7 years ago
Aleksander Machniak f36e23b778 Fix parsing date strings (e.g. from a Date: mail header) with comments (#6216) 7 years ago
Aleksander Machniak 0f3ad342f7 Fix bug where some unix timestamps were not handled correctly by rcube_utils::anytodatetime() (#6212) 7 years ago
Aleksander Machniak 1058924e21 Move some framework classes to sub-directories 7 years ago
Aleksander Machniak d07b032bcd Refactor cache code with separate engine-specific classes 7 years ago
Aleksander Machniak 9d2b303b51 Fix bug in remote content blocking on HTML image and style tags (#6178) 7 years ago
Daniel Kesselberg a8d5547163 Update idn convertion methods (#6115)
* Add more test cases
* Update phpdoc
7 years ago
Aleksander Machniak 63a7d2313f Improve SMTPUTF8 support and fix relaxed email validation issues 7 years ago
Daniel Kesselberg a3504cb3b8 Add unit test for IDN (#6114) 7 years ago
Aleksander Machniak a0374f3c45 Fix mangled non-ASCII characters in links in HTML messages (#6028) 7 years ago
Aleksander Machniak 5e08a6ac59 Handle remote stylesheets the same as remote images, ask the user to allow them (#5994)
Fixes the issue where remote stylesheet could have been blocked
if the message contained no remote images and user have no way to
allow that content.
7 years ago
Aleksander Machniak 3196d656db Fix css conflicts in user interface and e-mail content (#5891)
... by adding prefix to element/class identifiers
Also cleaned up some code and removed global variable use.
7 years ago
Aleksander Machniak 5d16751ed8 Fix (again) bug where image data URIs in css style were treated as evil/remote in mail preview (#5580) 7 years ago
Filippo Tessarotto e5e37928d4 Add Travis CI 7 years ago
Thomas Bruederli 1cfc024036 Modify links in html messages during Washtml DOM traversal
This is a more safe approach than using regex and mitigates
possible vulnerabilities using malformed html markup.
7 years ago
Thomas Bruederli 919338d4ba Escape textarea contents in Washtml 7 years ago
Aleksander Machniak 21e7d873ce Fix so links over images are not removed in plain text signatures converted from HTML (#4473) 8 years ago
Aleksander Machniak 1fcf7bfab3 Fix bug where HTML messages with @media styles could moddify style of page body (#5811) 8 years ago
Aleksander Machniak 8f22c3287d Fix bug where comment notation within style tag would cause the whole style to be ignored (#5747) 8 years ago
Aleksander Machniak ce61c8210e Added test for rcube_db::parse_dsn() 8 years ago
dfukagaw28 89a4134064 Add support for DelSp=Yes messages (#5702) 8 years ago
Thomas Bruederli 522565b400 Add tests for XSS vulnerabilities in style tags 8 years ago
Shin Kojima 0b385dc946 Skip iconv for problematic ISO-2022-JP strings (#5668)
We sometimes get broken character encodings such as:
Subject: =?iso-2022-jp?B?GyRCLWo7M3l1OSk2SBsoQgo=?=
This actually is not a strict ISO-2022-JP string, but a CP50220 string
that is a variant of ISO-2022-JP with extended characters proposed by
Microsoft. Iconv can not handle these encodings well.
8 years ago
Aleksander Machniak e08f22ef28 Fix bug where external content in src attribute of input/video tags was not secured (#5583) 8 years ago
Aleksander Machniak 7340360e79 Fix bug where image data URIs in css style were treated as evil/remote in mail preview (#5580) 8 years ago
Aleksander Machniak bbab6a6db7 Identicon plugin
https://kolabian.wordpress.com/2016/12/02/contact-identicons/
8 years ago
JohnDoh dd714b33a8 replace old trac links (#5514) 8 years ago