diff options
| author | Aleksander Machniak <alec@alec.pl> | 2020-04-26 08:59:47 +0300 |
|---|---|---|
| committer | Thomas Bruederli <thomas@roundcube.net> | 2020-04-26 23:12:24 +0300 |
| commit | 23c06159ae8c6f500336e3075820e648aa6f40a4 (patch) | |
| tree | 1d4aea4c7d867a8072ad7579c94748fcbdc124c9 /program | |
| parent | 25c48615426f11363a50b414e88ed01d164d00e7 (diff) | |
Fix XSS issue in handling of CDATA in HTML messages
Diffstat (limited to 'program')
| -rw-r--r-- | program/lib/Roundcube/rcube_washtml.php | 3 |
1 files changed, 0 insertions, 3 deletions
diff --git a/program/lib/Roundcube/rcube_washtml.php b/program/lib/Roundcube/rcube_washtml.php index cc24f86df..ef777cefc 100644 --- a/program/lib/Roundcube/rcube_washtml.php +++ b/program/lib/Roundcube/rcube_washtml.php @@ -497,9 +497,6 @@ class rcube_washtml break; case XML_CDATA_SECTION_NODE: - $dump .= $node->nodeValue; - break; - case XML_TEXT_NODE: $dump .= htmlspecialchars($node->nodeValue); break; |