Fix handling of invalid closing tags in HTML messages (#1489446)
| | |
| | | CHANGELOG Roundcube Webmail |
| | | =========================== |
| | | |
| | | - Fix handling of invalid closing tags in HTML messages (#1489446) |
| | | - Set real content-type for file downloads (#1489439) |
| | | - Update TinyMCE to version 3.5.10 (#1489442) |
| | | - Fix keyboard navigation in list widgets (#1489392) |
| | |
| | | } |
| | | |
| | | // fix (unknown/malformed) HTML tags before "wash" |
| | | $html = preg_replace_callback('/(<(?!\!)[\/]*)([^\s>]+)/', array($this, 'html_tag_callback'), $html); |
| | | $html = preg_replace_callback('/(<(?!\!)[\/]*)([^\s>]+)([^>]*)/', array($this, 'html_tag_callback'), $html); |
| | | |
| | | // Remove invalid HTML comments (#1487759) |
| | | // Don't remove valid conditional comments |
| | |
| | | '/[^a-z0-9_\[\]\!-]/i', // forbidden characters |
| | | ), '', $tagname); |
| | | |
| | | return $matches[1] . $tagname; |
| | | // fix invalid closing tags - remove any attributes (#1489446) |
| | | if ($matches[1] == '</') { |
| | | $matches[3] = ''; |
| | | } |
| | | |
| | | return $matches[1] . $tagname . $matches[3]; |
| | | } |
| | | |
| | | /** |
| | |
| | | $this->assertRegExp('|<textarea>test</textarea>|', $washed, "Self-closing textarea (#1489137)"); |
| | | } |
| | | |
| | | /** |
| | | * Test fixing of invalid closing tags (#1489446) |
| | | */ |
| | | function test_closing_tag_attrs() |
| | | { |
| | | $html = "<a href=\"http://test.com\">test</a href>"; |
| | | |
| | | $washer = new rcube_washtml; |
| | | $washed = $washer->wash($html); |
| | | |
| | | $this->assertRegExp('|</a>|', $washed, "Invalid closing tag (#1489446)"); |
| | | } |
| | | |
| | | } |