From 3b16cbf3718089157f6b782b1267a9037d653f28 Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Mon, 15 Aug 2022 09:58:56 +0200
Subject: Fix bug where "about:blank" page could trigger "load error" (#8554)

Use javascript:false; instead
---
 CHANGELOG.md                           | 1 +
 program/include/rcmail_output_html.php | 2 +-
 program/js/app.js                      | 4 ++--
 3 files changed, 4 insertions(+), 3 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 0f9303ee4..d3179b0d4 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -16,6 +16,7 @@
 - Fix various PHP 8.2 warnings
 - Fix bug where it wasn't possible to create more than one response record on SQLite and Postgres (#8664)
 - Fix support for ManageSieve over implicit SSL (#8670)
+- Fix bug where "about:blank" page could trigger "load error" (#8554)
 
 ## Release 1.6.0
 
diff --git a/program/include/rcmail_output_html.php b/program/include/rcmail_output_html.php
index 6a2fe247d..1408ac61a 100644
--- a/program/include/rcmail_output_html.php
+++ b/program/include/rcmail_output_html.php
@@ -2182,7 +2182,7 @@ EOF;
         }
 
         $attrib['name'] = $attrib['id'];
-        $attrib['src']  = !empty($attrib['src']) ? $this->abs_url($attrib['src'], true) : 'about:blank';
+        $attrib['src']  = !empty($attrib['src']) ? $this->abs_url($attrib['src'], true) : 'javascript:false;';
 
         // register as 'contentframe' object
         if ($is_contentframe || !empty($attrib['contentframe'])) {
diff --git a/program/js/app.js b/program/js/app.js
index fdcc1249f..69d764906 100644
--- a/program/js/app.js
+++ b/program/js/app.js
@@ -217,7 +217,7 @@ function rcube_webmail()
     this.task = this.env.task;
 
     if (!this.env.blankpage)
-      this.env.blankpage = 'about:blank';
+      this.env.blankpage = 'javascript:false;';
 
     // find all registered gui containers
     for (n in this.gui_containers)
@@ -5121,7 +5121,7 @@ function rcube_webmail()
   this.get_save_target = function(unlock)
   {
     // Removing the frame on load/error to workaround issues with window history
-    this.dummy_iframe('savetarget', 'about:blank')
+    this.dummy_iframe('savetarget', 'javascript:false;')
       .on('load error', function() {
         // catch invalid/error response from server and unlock the UI (#7494, #7488, #7522)
         if (unlock && $(this).contents().find('meta[name="generator"][content="Roundcube"]').length == 0) {
-- 
cgit v1.2.3