Skip to content

Commit

Permalink
Fix XSS issue in handling of CDATA in HTML messages
Browse files Browse the repository at this point in the history
  • Loading branch information
alecpl committed Apr 26, 2020
1 parent 6b5fc8d commit 87e4cd0
Show file tree
Hide file tree
Showing 3 changed files with 14 additions and 3 deletions.
1 change: 1 addition & 0 deletions CHANGELOG
Original file line number Diff line number Diff line change
Expand Up @@ -41,6 +41,7 @@ CHANGELOG Roundcube Webmail
- Make install-jsdeps.sh script working without the 'file' program installed (#7325)
- Fix performance issue of parsing big HTML messages by disabling HTML5 parser for these (#7331)
- Fix so Print button for PDF attachments works on Firefox >= 75 (#5125)
- Security: Fix XSS issue in handling of CDATA in HTML messages

RELEASE 1.4.3
-------------
Expand Down
3 changes: 0 additions & 3 deletions program/lib/Roundcube/rcube_washtml.php
Original file line number Diff line number Diff line change
Expand Up @@ -548,9 +548,6 @@ private function dumpHtml($node, $level = 20)
break;

case XML_CDATA_SECTION_NODE:
$dump .= $node->nodeValue;
break;

case XML_TEXT_NODE:
$dump .= htmlspecialchars($node->nodeValue, ENT_COMPAT | ENT_HTML401 | ENT_SUBSTITUTE, $this->config['charset']);
break;
Expand Down
13 changes: 13 additions & 0 deletions tests/Framework/Washtml.php
Original file line number Diff line number Diff line change
Expand Up @@ -506,4 +506,17 @@ function test_missing_tags()

$this->assertContains('First line', $washed);
}

/**
* Test CDATA cleanup
*/
function test_cdata()
{
$html = '<p><![CDATA[<script>alert(document.cookie)</script>]]></p>';

$washer = new rcube_washtml;
$washed = $washer->wash($html);

$this->assertTrue(strpos($washed, '<script>') === false, "CDATA content");
}
}

0 comments on commit 87e4cd0

Please sign in to comment.