Fix XSS issue in handling of a style tag inside of an svg element

9 years ago · 9b5eee2946
2 changed files with 2 additions and 0 deletions
--- a/1
+++ b/1
@ -6,6 +6,7 @@ CHANGELOG Roundcube Webmail
 - Fix so group/addressbook selection is retained on page refresh
 - Fix bug where signature couldn't be added above the quote in Firefox 51 (#5628)
 - Fix so microseconds macro (u) in log_date_format works (#1490446)
+- Fix XSS issue in handling of a style tag inside of an svg element

 RELEASE 1.1.7
 -------------
--- a/program/lib/Roundcube/rcube_utils.php
+++ b/program/lib/Roundcube/rcube_utils.php
@ -540,6 +540,7 @@ class rcube_utils
    public static function xss_entity_decode($content)
    {
        $out = html_entity_decode(html_entity_decode($content));
+        $out = strip_tags($out);
        $out = preg_replace_callback('/\\\([0-9a-f]{4})/i',
            array(self, 'xss_entity_decode_callback'), $out);
        $out = preg_replace('#/\*.*\*/#Ums', '', $out);