Skip to content

Commit

Permalink
[mms] SECURITY: Fix XSS in displaying user-defined flags in dynamic m…
Browse files Browse the repository at this point in the history 
…ailbox view (João Machado <geral@jpaulo.eu>).
  • Loading branch information
@slusarz
slusarz committed Mar 18, 2014
1 parent 6774485 commit 578ff07
Show file tree
Hide file tree
Showing 3 changed files with 5 additions and 1 deletion.
2 changes: 2 additions & 0 deletions imp/docs/CHANGES
View file
Expand Up @@ -2,6 +2,8 @@
v6.1.8-git
----------

[mms] SECURITY: Fix XSS in displaying user-defined flags in dynamic mailbox
view (João Machado <geral@jpaulo.eu>).
[mms] SECURITY: Fix XSS in displaying mailbox name in dynamic mailbox view
(João Machado <geral@jpaulo.eu>).

Expand Down
2 changes: 1 addition & 1 deletion imp/js/dimpbase.js
View file
Expand Up @@ -477,7 +477,7 @@ var DimpBase = {
/* Until text-overflow is supported on all
* browsers, need to truncate label text
* ourselves. */
ptr.elt = '<span class="' + ptr.c + '" title="' + ptr.l.escapeHTML() + '" style="background:' + ((ptr.b) ? ptr.b.escapeHTML() : '') + ';color:' + ptr.f.escapeHTML() + '">' + ptr.l.truncate(10).escapeHTML() + '</span>';
ptr.elt = '<span class="' + ptr.c + '" title="' + ptr.l.escapeHTML().gsub('"', '&quot;') + '" style="background:' + ((ptr.b) ? ptr.b.escapeHTML().gsub('"', '&quot;') : '') + ';color:' + ptr.f.escapeHTML().gsub('"', '&quot') + '">' + ptr.l.truncate(10).escapeHTML() + '</span>';
}
r.subjectdata += ptr.elt;
} else {
Expand Down
2 changes: 2 additions & 0 deletions imp/package.xml
View file
Expand Up @@ -33,6 +33,7 @@
</stability>
<license uri="http://www.horde.org/licenses/gpl">GPL-2.0</license>
<notes>
* [mms] SECURITY: Fix XSS in displaying user-defined flags in dynamic mailbox view (João Machado &lt;geral@jpaulo.eu&gt;).
* [mms] SECURITY: Fix XSS in displaying mailbox name in dynamic mailbox view (João Machado &lt;geral@jpaulo.eu&gt;).
</notes>
<contents>
Expand Down Expand Up @@ -3343,6 +3344,7 @@
<date>2014-03-07</date>
<license uri="http://www.horde.org/licenses/gpl">GPL-2.0</license>
<notes>
* [mms] SECURITY: Fix XSS in displaying user-defined flags in dynamic mailbox view (João Machado &lt;geral@jpaulo.eu&gt;).
* [mms] SECURITY: Fix XSS in displaying mailbox name in dynamic mailbox view (João Machado &lt;geral@jpaulo.eu&gt;).
</notes>
</release>
Expand Down

0 comments on commit 578ff07

Please sign in to comment.