From acf633c73bc8df9a5036bc52d7568f4213ab73c7 Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Fri, 06 May 2016 02:32:01 -0400
Subject: [PATCH] Fix XSS issue in href attribute on area tag (#5240, #5241)

---
 program/lib/Roundcube/html.php |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/program/lib/Roundcube/html.php b/program/lib/Roundcube/html.php
index f47ef29..31bacbf 100644
--- a/program/lib/Roundcube/html.php
+++ b/program/lib/Roundcube/html.php
@@ -153,7 +153,7 @@
             $attr = array('src' => $attr);
         }
         return self::tag('img', $attr + array('alt' => ''), null, array_merge(self::$common_attrib,
-            array('src','alt','width','height','border','usemap','onclick')));
+            array('src','alt','width','height','border','usemap','onclick','onerror')));
     }
 
     /**

--
Gitblit v1.9.1