From b377de6b86f5cf6f7a2731fcce0c1010559d3662 Mon Sep 17 00:00:00 2001
From: Klaus Leithoff <kl@stylite.de>
Date: Mon, 18 Aug 2008 11:53:16 +0000
Subject: [PATCH] -handling HTML comments before doing the kses parse. this
 fixes a problem with displaying HTML emails, showing some leftovers from
 comments in style definitions, which are used as browser switch.

---
 felamimail/inc/class.uidisplay.inc.php | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/felamimail/inc/class.uidisplay.inc.php b/felamimail/inc/class.uidisplay.inc.php
index 97302d4824..6fdf74ee96 100644
--- a/felamimail/inc/class.uidisplay.inc.php
+++ b/felamimail/inc/class.uidisplay.inc.php
@@ -1003,6 +1003,13 @@
 				}
 				else
 				{
+					// no scripts allowed
+					// clean out comments
+					$search = array('@<script[^>]*?>.*?</script>@si',  // Strip out javascript
+						'@<![\s\S]*?--[ \t\n\r]*>@'         // Strip multi-line comments including CDATA
+					);
+					$newBody = preg_replace($search,"",$newBody);
+					
 					$newBody	= $singleBodyPart['body'];
 					$newBody	= $this->highlightQuotes($newBody);
 					$newBody 	= $this->kses->Parse($newBody);