diff options
| author | thomasb <thomasb@208e9e7b-5314-0410-a742-e7e81cd9613c> | 2011-01-28 15:19:38 +0000 |
|---|---|---|
| committer | thomasb <thomasb@208e9e7b-5314-0410-a742-e7e81cd9613c> | 2011-01-28 15:19:38 +0000 |
| commit | 90715ee8ba42084908f7c452522d9202b45cfc37 (patch) | |
| tree | e4aae6959f142fd4fa731b5a02638d5b4cffca37 /roundcubemail/program/steps | |
| parent | c5ac6a83517632a1aa5ddd27b2b249961a915eab (diff) | |
Don't block CSS styles having important keywords
git-svn-id: https://svn.roundcube.net/trunk@4461 208e9e7b-5314-0410-a742-e7e81cd9613c
Diffstat (limited to 'roundcubemail/program/steps')
| -rw-r--r-- | roundcubemail/program/steps/mail/func.inc | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/roundcubemail/program/steps/mail/func.inc b/roundcubemail/program/steps/mail/func.inc index 99f792f79..131a5aa87 100644 --- a/roundcubemail/program/steps/mail/func.inc +++ b/roundcubemail/program/steps/mail/func.inc @@ -829,10 +829,10 @@ function rcmail_washtml_callback($tagname, $attrib, $content) case 'style': // decode all escaped entities and reduce to ascii strings - $stripped = preg_replace('/[^a-zA-Z\(:]/', '', rcmail_xss_entity_decode($content)); + $stripped = preg_replace('/[^a-zA-Z\(:;]/', '', rcmail_xss_entity_decode($content)); // now check for evil strings like expression, behavior or url() - if (!preg_match('/expression|behavior|url\(|import/', $stripped)) { + if (!preg_match('/expression|behavior|url\(|import[^a]/', $stripped)) { $out = html::tag('style', array('type' => 'text/css'), $content); break; } |