| CHANGELOG | ●●●●● patch | view | raw | blame | history | |
| program/lib/Roundcube/rcube_washtml.php | ●●●●● patch | view | raw | blame | history | |
| tests/Framework/Washtml.php | ●●●●● patch | view | raw | blame | history |
CHANGELOG
@@ -7,6 +7,7 @@ - Fix bug where contact search menu fields where always unchecked in Larry skin - Fix autoloading of 'html' class - Fix bug where Encrypt button appears when switching editor to HTML (#5235) - Fix XSS issue in href attribute on area tag (#5240) RELEASE 1.2-rc -------------- program/lib/Roundcube/rcube_washtml.php
@@ -370,7 +370,7 @@ */ private function is_link_attribute($tag, $attr) { return $tag == 'a' && $attr == 'href'; return ($tag == 'a' || $tag == 'area') && $attr == 'href'; } /** tests/Framework/Washtml.php
@@ -38,6 +38,23 @@ } /** * Test XSS in area's href (#5240) */ function test_href_area() { $html = '<p><area href="data:text/html,<script>alert(document.cookie)</script>">' . '<area href="vbscript:alert(document.cookie)">Internet Explorer</p>' . '<area href="javascript:alert(document.domain)" shape=default>'; $washer = new rcube_washtml; $washed = $washer->wash($html); $this->assertNotRegExp('/data:text/', $washed, "data:text/html in area href"); $this->assertNotRegExp('/vbscript:/', $washed, "vbscript: in area href"); $this->assertNotRegExp('/javascript:/', $washed, "javascript: in area href"); } /** * Test handling HTML comments */ function test_comments()
