Aleksander Machniak
21ebf3ff5a
Fix bug where it was possible to bypass href URI check with data:application/xhtml+xml URIs ( #6896 )
5 years ago
Aleksander Machniak
63730cf842
Fix security issue where it was possible to bypass the CSS jail in HTML messages using :root pseudo-class ( #6897 )
5 years ago
Aleksander Machniak
057fb69bb9
Fix bug where some strict remote URIs in url() style were unintentionally blocked ( #6899 )
5 years ago
Aleksander Machniak
7bf868767e
Fix security issue where it was possible to bypass the position:fixed CSS check in received messages ( #6898 )
5 years ago
Aleksander Machniak
e88e0c16c9
Move rcmail (and future rcmail_*) class tests to tests/Rcmail directory
5 years ago
Aleksander Machniak
bfe2bc17d7
Fix css styles leak from replied/forwarded message to the rest of the composed text ( #6831 )
...
Generally do the same with styles what we do on message preview.
This also fixes small bugs in handling styles:
- fix so <style> tag on the start of the HTML content is not ignored
- fix so body's background/bgcolor attributes are applied to the container (regression)
5 years ago
Aleksander Machniak
0a0ad2c9b7
Switch to IDNA2008 variant ( #6806 )
...
After switching IDNA_NONTRANSITIONAL_TO_ASCII on, switch to
IDNA2008 variant in Net_LDAP2. Add test, update changelog.
6 years ago
Aleksander Machniak
ce52b04051
Update changelog, add some tests for rcube_utils::parse_host()
6 years ago
Aleksander Machniak
7c8ce07e8c
Fix bug where bold/strong text was converted to upper-case on html-to-text conversion (6758)
6 years ago
Aleksander Machniak
55cca61134
Workaround more invalid HTML cases parsed incorrectly by Mastermind/HTML5 ( #6713 )
6 years ago
Aleksander Machniak
57c67db029
Remove year(s) from copyright headers + some cleanup
6 years ago
Aleksander Machniak
92ed0154d5
Followup fix on handling HTML content w/o html/head/body tag ( #6713 )
6 years ago
Aleksander Machniak
03d56926d8
Fix bug in HTML parser that could cause missing text fragments when there was no head/body tag ( #6713 )
6 years ago
dsoares
00cc13a1b9
Fix bug where HTML messages with a xml:namespace tag were not rendered.
6 years ago
Aleksander Machniak
881b344fba
Fix regression in vcard parser
6 years ago
Aleksander Machniak
7a49b48dc1
Fix handling of empty entries in vCard import ( #6564 )
6 years ago
Aleksander Machniak
36485dfc34
Prevent from using deprecated timezone names from jsTimezoneDetect
...
For better interoperability of plugins such as Calendar, for example
issue see: https://git.kolab.org/T2666 .
6 years ago
Aleksander Machniak
0a0ac045fe
Fix bug where valid content between HTML comments could have been skipped in some cases ( #6464 )
6 years ago
Aleksander Machniak
0dee528adb
Add test for #6410
6 years ago
Aleksander Machniak
086e781b8f
Fix bug where some HTML comments could have been malformed by HTML parser ( #6333 )
7 years ago
Aleksander Machniak
3d0b2cd3ce
Pass PEAR errors to rcube::raise_error(), small CS improvements
7 years ago
Aleksander Machniak
0716d499bc
Fix bug where some escape sequences in html styles could bypass security checks
7 years ago
Aleksander Machniak
63d3ad11fb
Use Masterminds/HTML5 parser for HTML5 support ( #5761 )
7 years ago
Aleksander Machniak
b2bebe531a
Fix bug where usernames without domain part could be malformed or converted to lower-case on logon ( #6224 )
7 years ago
Aleksander Machniak
f36e23b778
Fix parsing date strings (e.g. from a Date: mail header) with comments ( #6216 )
7 years ago
Aleksander Machniak
0f3ad342f7
Fix bug where some unix timestamps were not handled correctly by rcube_utils::anytodatetime() ( #6212 )
7 years ago
Aleksander Machniak
1058924e21
Move some framework classes to sub-directories
7 years ago
Aleksander Machniak
d07b032bcd
Refactor cache code with separate engine-specific classes
7 years ago
Aleksander Machniak
9d2b303b51
Fix bug in remote content blocking on HTML image and style tags ( #6178 )
7 years ago
Daniel Kesselberg
a8d5547163
Update idn convertion methods ( #6115 )
...
* Add more test cases
* Update phpdoc
7 years ago
Aleksander Machniak
63a7d2313f
Improve SMTPUTF8 support and fix relaxed email validation issues
7 years ago
Daniel Kesselberg
a3504cb3b8
Add unit test for IDN ( #6114 )
7 years ago
Aleksander Machniak
a0374f3c45
Fix mangled non-ASCII characters in links in HTML messages ( #6028 )
7 years ago
Aleksander Machniak
5e08a6ac59
Handle remote stylesheets the same as remote images, ask the user to allow them ( #5994 )
...
Fixes the issue where remote stylesheet could have been blocked
if the message contained no remote images and user have no way to
allow that content.
7 years ago
Aleksander Machniak
3196d656db
Fix css conflicts in user interface and e-mail content ( #5891 )
...
... by adding prefix to element/class identifiers
Also cleaned up some code and removed global variable use.
7 years ago
Aleksander Machniak
5d16751ed8
Fix (again) bug where image data URIs in css style were treated as evil/remote in mail preview ( #5580 )
7 years ago
Filippo Tessarotto
e5e37928d4
Add Travis CI
7 years ago
Thomas Bruederli
1cfc024036
Modify links in html messages during Washtml DOM traversal
...
This is a more safe approach than using regex and mitigates
possible vulnerabilities using malformed html markup.
7 years ago
Thomas Bruederli
919338d4ba
Escape textarea contents in Washtml
7 years ago
Aleksander Machniak
21e7d873ce
Fix so links over images are not removed in plain text signatures converted from HTML ( #4473 )
8 years ago
Aleksander Machniak
1fcf7bfab3
Fix bug where HTML messages with @media styles could moddify style of page body ( #5811 )
8 years ago
Aleksander Machniak
8f22c3287d
Fix bug where comment notation within style tag would cause the whole style to be ignored ( #5747 )
8 years ago
Aleksander Machniak
ce61c8210e
Added test for rcube_db::parse_dsn()
8 years ago
dfukagaw28
89a4134064
Add support for DelSp=Yes messages ( #5702 )
8 years ago
Thomas Bruederli
522565b400
Add tests for XSS vulnerabilities in style tags
8 years ago
Shin Kojima
0b385dc946
Skip iconv for problematic ISO-2022-JP strings ( #5668 )
...
We sometimes get broken character encodings such as:
Subject: =?iso-2022-jp?B?GyRCLWo7M3l1OSk2SBsoQgo=?=
This actually is not a strict ISO-2022-JP string, but a CP50220 string
that is a variant of ISO-2022-JP with extended characters proposed by
Microsoft. Iconv can not handle these encodings well.
8 years ago
Aleksander Machniak
e08f22ef28
Fix bug where external content in src attribute of input/video tags was not secured ( #5583 )
8 years ago
Aleksander Machniak
7340360e79
Fix bug where image data URIs in css style were treated as evil/remote in mail preview ( #5580 )
8 years ago
Aleksander Machniak
bbab6a6db7
Identicon plugin
...
https://kolabian.wordpress.com/2016/12/02/contact-identicons/
8 years ago
JohnDoh
dd714b33a8
replace old trac links ( #5514 )
8 years ago