From a3e5b42e0debc9a31133c78e8e4f71169484e4a0 Mon Sep 17 00:00:00 2001
From: thomascube <thomas@roundcube.net>
Date: Wed, 02 Apr 2008 08:08:12 -0400
Subject: [PATCH] Remove evil css styles like expression() in HTML messages

---
 program/include/main.inc |    7 ++++++-
 1 files changed, 6 insertions(+), 1 deletions(-)

diff --git a/program/include/main.inc b/program/include/main.inc
index cb25fbd..4596486 100644
--- a/program/include/main.inc
+++ b/program/include/main.inc
@@ -1377,6 +1377,7 @@
 
 /**
  * Replace all css definitions with #container [def]
+ * and remove css-inlined scripting
  *
  * @param string CSS source code
  * @param string Container ID to use as prefix
@@ -1386,6 +1387,10 @@
   {
   $a_css_values = array();
   $last_pos = 0;
+  
+  // ignore the whole block if evil styles are detected
+  if (stristr($source, 'expression') || stristr($source, 'behavior'))
+    return '';
 
   // cut out all contents between { and }
   while (($pos = strpos($source, '{', $last_pos)) && ($pos2 = strpos($source, '}', $pos)))
@@ -1396,7 +1401,7 @@
     $last_pos = $pos+2;
   }
 
-  // remove html commends and add #container to each tag selector.
+  // remove html comments and add #container to each tag selector.
   // also replace body definition because we also stripped off the <body> tag
   $styles = preg_replace(
     array(

--
Gitblit v1.9.1