githubFork/roundcubemail.git

Roundcubemail devel

parent: 85c972a4 | patch | commit | show whitespace

Fix handling link href attribute value with (valid) newline characters (#14...

Aleksander Machniak

2013-02-01 43aeb195c159cac8352f1eeb5148c060ff0b81b6

Fix handling link href attribute value with (valid) newline characters (#1488940)

2 files modified

	program/lib/Roundcube/rcube_washtml.php	3 ●●●●● patch \| view \| raw \| blame \| history
	tests/Framework/Washtml.php	14 ●●●●● patch \| view \| raw \| blame \| history

 program/lib/Roundcube/rcube_washtml.php

@@ -240,7 +240,8 @@
            $value = $node->getAttribute($key);

            if (isset($this->_html_attribs[$key]) ||
                ($key == 'href' && !preg_match('!^(javascript|vbscript|data:text)!i', $value)
                ($key == 'href' && ($value = trim($value))
                    && !preg_match('!^(javascript|vbscript|data:text)!i', $value)
                    && preg_match('!^([a-z][a-z0-9.+-]+:|//|#).+!i', $value))
            ) {
                $t .= ' ' . $key . '="' . htmlspecialchars($value, ENT_QUOTES) . '"';

 tests/Framework/Washtml.php

@@ -25,4 +25,18 @@
        $this->assertNotRegExp('/vbscript:/', $washed, "Remove vbscript: links");
    }

    /**
     * Test fixing of invalid href (#1488940)
     */
    function test_href()
    {
        $html = "<p><a href=\"\nhttp://test.com\n\">Firefox</a>";

        $washer = new rcube_washtml;

        $washed = $washer->wash($html);

        $this->assertRegExp('|href="http://test.com">|', $washed, "Link href with newlines (#1488940)");
    }

}

			@@ -240,7 +240,8 @@
			$value = $node->getAttribute($key);

			if (isset($this->_html_attribs[$key]) \|\|
			($key == 'href' && !preg_match('!^(javascript\|vbscript\|data:text)!i', $value)
			($key == 'href' && ($value = trim($value))
			&& !preg_match('!^(javascript\|vbscript\|data:text)!i', $value)
			&& preg_match('!^([a-z][a-z0-9.+-]+:\|//\|#).+!i', $value))
			) {
			$t .= ' ' . $key . '="' . htmlspecialchars($value, ENT_QUOTES) . '"';

			@@ -25,4 +25,18 @@
			$this->assertNotRegExp('/vbscript:/', $washed, "Remove vbscript: links");
			}

			/**
			* Test fixing of invalid href (#1488940)
			*/
			function test_href()
			{
			$html = "<p><a href=\"\nhttp://test.com\n\">Firefox</a>";

			$washer = new rcube_washtml;

			$washed = $washer->wash($html);

			$this->assertRegExp('\|href="http://test.com">\|', $washed, "Link href with newlines (#1488940)");
			}

			}