extern/egroupware_official
1
0
Fork 0
mirror of https://github.com/EGroupware/egroupware.git synced 2024-11-25 01:13:25 +01:00
Code Issues Packages Projects Releases Wiki Activity

* Mail: remove content of script and style tags from displayed html mail

Browse Source 
only script tags itself, not their content was removed before, and style tags were not completely removed, if regular expression run into an error
This commit is contained in:
ralf 2024-09-24 13:46:44 +02:00
parent b4a7362241
commit 24ccfbf3ab
2 changed files with 24 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
api/src/Html/HtmLawed.php
View File

@ -137,30 +137,28 @@ class HtmLawed
*/ */
static function getStyles(&$html) static function getStyles(&$html)
{ {
$ct=0; if (stripos($html,'<style')!==false)
$newStyle = null;
if (stripos($html,'<style')!==false) $ct = preg_match_all('#<style(?:\s.*)?>(.+)</style>#isU', $html, $newStyle);
if ($ct>0)
{ {
//error_log(__METHOD__.__LINE__.array2string($newStyle[0])); $newStyle = null;
$style2buffer = implode('',$newStyle[0]); preg_match_all('#<style(?:\s.*)?>(.+)</style>#isU', $html, $newStyle);
if (isset($newStyle))
{
$style2buffer = implode("\n", $newStyle[0]);
// only replace what we have found, we use it here, as we use the same routine in Api\Mail\Html::replaceTagsCompletley // only replace what we have found, we use it here, as we use the same routine in Api\Mail\Html::replaceTagsCompletley
// no need to do the extra routine // no need to do the extra routine
$html = str_ireplace($newStyle[0],'',$html); $html = str_ireplace($newStyle[0],'',$html);
} }
if (!empty($style2buffer)) if (!empty($style2buffer))
{ {
//error_log(__METHOD__.__LINE__.array2string($style2buffer));
$test = json_encode($style2buffer); $test = json_encode($style2buffer);
//error_log(__METHOD__.__LINE__.'#'.$test.'# ->'.strlen($style2buffer).' Error:'.json_last_error()); if ($test=="null" && strlen($style2buffer))
//if (json_last_error() != JSON_ERROR_NONE && strlen($style2buffer)>0)
if ($test=="null" && strlen($style2buffer)>0)
{ {
// this should not be needed, unless something fails with charset detection/ wrong charset passed // this should not be needed, unless something fails with charset detection/ wrong charset passed
error_log(__METHOD__.__LINE__.' Found Invalid sequence for utf-8 in CSS:'.$style2buffer.' Carset Detected:'.Api\Translation::detect_encoding($style2buffer)); error_log(__METHOD__.__LINE__.' Found Invalid sequence for utf-8 in CSS:'.$style2buffer.' Carset Detected:'.Api\Translation::detect_encoding($style2buffer));
$style2buffer = utf8_encode($style2buffer); $style2buffer = utf8_encode($style2buffer);
} }
} }
}
$style = $style2buffer ?? ''; $style = $style2buffer ?? '';
// clean out comments and stuff // clean out comments and stuff
$search = array( $search = array(

7
mail/inc/class.mail_ui.inc.php
View File

@ -3584,6 +3584,11 @@ $filter['before']= date("d-M-Y", $cutoffdate2);
{ {
$alreadyHtmlLawed=false; $alreadyHtmlLawed=false;
$newBody = $singleBodyPart['body']; $newBody = $singleBodyPart['body'];
// remove script tags incl. their content, includes e.g. <script type="application/ld+json">
// before HtmLawed below only removes the script-tags but leaves the content
Mail\Html::replaceTagsCompletley($newBody, 'script');
//TODO:$newBody = $this->highlightQuotes($newBody); //TODO:$newBody = $this->highlightQuotes($newBody);
#error_log(print_r($newBody,true)); #error_log(print_r($newBody,true));
if ($useTidy && extension_loaded('tidy')) if ($useTidy && extension_loaded('tidy'))
@ -3599,7 +3604,7 @@ $filter['before']= date("d-M-Y", $cutoffdate2);
{ {
$newBody = $cleaned; $newBody = $cleaned;
} }
// filter only the 'body', as we only want that part, if we throw away the Api\Html // filter only the 'body', as we only want that part, if we throw away the html
if (preg_match('`(<htm.+?<body[^>]*>)(.+?)(</body>.*?</html>)`ims', $newBody, $matches) && !empty($matches[2])) if (preg_match('`(<htm.+?<body[^>]*>)(.+?)(</body>.*?</html>)`ims', $newBody, $matches) && !empty($matches[2]))
{ {
$hasOther = true; $hasOther = true;