From 12b7d5f1b5a8be70a34844685993843456db5f46 Mon Sep 17 00:00:00 2001 From: Aleksander Machniak <alec@alec.pl> Date: Fri, 06 May 2016 02:30:33 -0400 Subject: [PATCH] Fix XSS issue in href attribute on area tag (#5240, #5241) --- program/lib/Roundcube/rcube_washtml.php | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-) diff --git a/program/lib/Roundcube/rcube_washtml.php b/program/lib/Roundcube/rcube_washtml.php index 5938d9b..d03f04a 100644 --- a/program/lib/Roundcube/rcube_washtml.php +++ b/program/lib/Roundcube/rcube_washtml.php @@ -370,7 +370,7 @@ */ private function is_link_attribute($tag, $attr) { - return $tag == 'a' && $attr == 'href'; + return ($tag == 'a' || $tag == 'area') && $attr == 'href'; } /** -- Gitblit v1.9.1