From 22a018d082ba7ce4f88a44bb473180b5dd58277a Mon Sep 17 00:00:00 2001 From: Aleksander Machniak <alec@alec.pl> Date: Mon, 18 Jan 2016 03:47:52 -0500 Subject: [PATCH] Merge branch 'dev-svg' --- program/steps/mail/get.inc | 20 ++++++++++++++------ 1 files changed, 14 insertions(+), 6 deletions(-) diff --git a/program/steps/mail/get.inc b/program/steps/mail/get.inc index 96cdd77..6a70315 100644 --- a/program/steps/mail/get.inc +++ b/program/steps/mail/get.inc @@ -515,12 +515,20 @@ */ function rcmail_svg_filter($body) { - $dom = new DOMDocument; - $dom->loadXML($body); + // clean SVG with washhtml + $wash_opts = array( + 'show_washed' => false, + 'allow_remote' => false, + 'charset' => RCUBE_CHARSET, + 'html_elements' => array('title'), +// 'blocked_src' => 'program/resources/blocked.gif', + ); - foreach ($dom->getElementsByTagName('script') as $node) { - $node->parentNode->removeChild($node); - } + // initialize HTML washer + $washer = new rcube_washtml($wash_opts); - return $dom->saveXML() ?: ''; + // allow CSS styles, will be sanitized by rcmail_washtml_callback() + $washer->add_callback('style', 'rcmail_washtml_callback'); + + return $washer->wash($body); } -- Gitblit v1.9.1