diff options
| author | Aleksander Machniak <alec@alec.pl> | 2018-09-27 17:00:54 +0300 |
|---|---|---|
| committer | Aleksander Machniak <alec@alec.pl> | 2018-09-27 17:05:56 +0300 |
| commit | c22c177e53a33d8cb89f1aae991dd452fa4135b2 (patch) | |
| tree | 1c3f072ec48f31d327ac28a8e5d283ef51c117be /program | |
| parent | d310ee5bf4a02853445d794ae4da06819b9df3e7 (diff) | |
Fix bug where valid content between HTML comments could have been skipped in some cases (#6464)
Diffstat (limited to 'program')
| -rw-r--r-- | program/lib/Roundcube/rcube_washtml.php | 11 |
1 files changed, 10 insertions, 1 deletions
diff --git a/program/lib/Roundcube/rcube_washtml.php b/program/lib/Roundcube/rcube_washtml.php index ddffe62b7..5234f8995 100644 --- a/program/lib/Roundcube/rcube_washtml.php +++ b/program/lib/Roundcube/rcube_washtml.php @@ -632,6 +632,9 @@ class rcube_washtml return ''; } + // FIXME: HTML comments handling could be better. The code below can break comments (#6464), + // we should probably do not modify content inside comments at all. + // fix (unknown/malformed) HTML tags before "wash" $html = preg_replace_callback('/(<(?!\!)[\/]*)([^\s>]+)([^>]*)/', array($this, 'html_tag_callback'), $html); @@ -654,9 +657,15 @@ class rcube_washtml */ public static function html_tag_callback($matches) { + // It might be an ending of a comment, ignore (#6464) + if (substr($matches[3], -2) == '--') { + $matches[0] = ''; + return implode('', $matches); + } + $tagname = $matches[2]; $tagname = preg_replace(array( - '/:.*$/', // Microsoft's Smart Tags <st1:xxxx> + '/:.*$/', // Microsoft's Smart Tags <st1:xxxx> '/[^a-z0-9_\[\]\!?-]/i', // forbidden characters ), '', $tagname); |