diff options
| author | estadtherr <estadtherr@208e9e7b-5314-0410-a742-e7e81cd9613c> | 2008-02-13 02:51:05 +0000 |
|---|---|---|
| committer | estadtherr <estadtherr@208e9e7b-5314-0410-a742-e7e81cd9613c> | 2008-02-13 02:51:05 +0000 |
| commit | 8e3cb8606e219e19b8c1619ab172f4d1dec121ed (patch) | |
| tree | 086eb61f57d939fa5d282559f51b3c4f5f0ed012 /roundcubemail/program/steps | |
| parent | 12e0612d935a87e48128bd9952826716d9844178 (diff) | |
condense TinyMCE toolbar down to one line, removing table buttons (#1484747)
fix image removal in message display when message HTML includes JS event handlers
git-svn-id: https://svn.roundcube.net/trunk@1059 208e9e7b-5314-0410-a742-e7e81cd9613c
Diffstat (limited to 'roundcubemail/program/steps')
| -rw-r--r-- | roundcubemail/program/steps/mail/func.inc | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/roundcubemail/program/steps/mail/func.inc b/roundcubemail/program/steps/mail/func.inc index 2563ec26b..b0d641778 100644 --- a/roundcubemail/program/steps/mail/func.inc +++ b/roundcubemail/program/steps/mail/func.inc @@ -988,7 +988,7 @@ function rcmail_sanitize_html($body, $container_id) while ($body != $prev_body) { $prev_body = $body; - $body = preg_replace('/(<[^!][^>]*\s)(on[^=>]+)=([^>]+>)/im', '$1__removed=$3', $body); + $body = preg_replace('/(<[^!][^>]*\s)on(?:load|unload|click|dblclick|mousedown|mouseup|mouseover|mousemove|mouseout|focus|blur|keypress|keydown|keyup|submit|reset|select|change)=([^>]+>)/im', '$1__removed=$2', $body); $body = preg_replace('/(<[^!][^>]*\shref=["\']?)(javascript:)([^>]*?>)/im', '$1null:$3', $body); } |