fix(mail(html)): ban "javascript:" prefix in href, action and formaction

Alinto · Dec 1, 2021 · 8afc80d · 8afc80d
1 parent 426b28e
commit 8afc80d
Showing 1 changed file with 5 additions and 4 deletions.
diff --git a/UI/MailPartViewers/UIxMailPartHTMLViewer.m b/UI/MailPartViewers/UIxMailPartHTMLViewer.m
@@ -520,10 +520,11 @@ - (void) startElement: (NSString *) _localName
                 {
                   value = [_attributes valueAtIndex: count];
                   lowerValue = [value lowercaseString];
-                  skipAttribute = ([lowerValue rangeOfString: @"://"].location == NSNotFound
-                                   && ![lowerValue hasPrefix: @"mailto:"]
-                                   && ![lowerValue hasPrefix: @"#"]) ||
-                    [lowerValue hasPrefix: @"javascript:"];
+                  skipAttribute =
+                    ([lowerValue rangeOfString: @"://"].location == NSNotFound
+                     && ![lowerValue hasPrefix: @"mailto:"]
+                     && ![lowerValue hasPrefix: @"#"])
+                    || [lowerValue rangeOfString: @"javascript:"].location != NSNotFound;
                   if (!skipAttribute)
                     [resultPart appendString: @" rel=\"noopener\""];
                 }