From acf633c73bc8df9a5036bc52d7568f4213ab73c7 Mon Sep 17 00:00:00 2001 From: Aleksander Machniak <alec@alec.pl> Date: Fri, 06 May 2016 02:32:01 -0400 Subject: [PATCH] Fix XSS issue in href attribute on area tag (#5240, #5241) --- program/lib/Roundcube/rcube_washtml.php | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-) diff --git a/program/lib/Roundcube/rcube_washtml.php b/program/lib/Roundcube/rcube_washtml.php index 2b31033..f5a48e8 100644 --- a/program/lib/Roundcube/rcube_washtml.php +++ b/program/lib/Roundcube/rcube_washtml.php @@ -366,7 +366,7 @@ */ private function is_link_attribute($tag, $attr) { - return $tag == 'a' && $attr == 'href'; + return ($tag == 'a' || $tag == 'area') && $attr == 'href'; } /** -- Gitblit v1.9.1