diff options
| author | Thomas Bruederli <thomas@roundcube.net> | 2012-11-09 11:53:29 +0100 |
|---|---|---|
| committer | Thomas Bruederli <thomas@roundcube.net> | 2012-11-09 11:53:29 +0100 |
| commit | 92eb18b46ac9dee2349bcb76b8fc5fea5dc8954f (patch) | |
| tree | 13250f6117ab9e36b9ea77ae48630fcfa07b5cac /program/steps/mail/func.inc | |
| parent | 2cae79a67af88d38476561707f6b9e1796625c40 (diff) | |
| parent | fb53c809a632a0f4122f0ef76cb8958a4ed7f6e1 (diff) | |
Merge branch 'master' of github.com:roundcube/roundcubemail
Diffstat (limited to 'program/steps/mail/func.inc')
| -rw-r--r-- | program/steps/mail/func.inc | 8 |
1 files changed, 6 insertions, 2 deletions
diff --git a/program/steps/mail/func.inc b/program/steps/mail/func.inc index 10829d514..f128a3834 100644 --- a/program/steps/mail/func.inc +++ b/program/steps/mail/func.inc @@ -1294,7 +1294,7 @@ function rcmail_html4inline($body, $container_id, $body_id='', &$attributes=null // modify HTML links to open a new window if clicked $GLOBALS['rcmail_html_container_id'] = $container_id; - $body = preg_replace_callback('/<(a|link)\s+([^>]+)>/Ui', 'rcmail_alter_html_link', $body); + $body = preg_replace_callback('/<(a|link|area)\s+([^>]+)>/Ui', 'rcmail_alter_html_link', $body); unset($GLOBALS['rcmail_html_container_id']); $body = preg_replace(array( @@ -1407,7 +1407,11 @@ function rcmail_alter_html_link($matches) $attrib['target'] = '_blank'; } - return "<$tag" . html::attrib_string($attrib, array('href','name','target','onclick','id','class','style','title','rel','type','media')) . $end; + // allowed attributes for a|link|area tags + $allow = array('href','name','target','onclick','id','class','style','title', + 'rel','type','media','alt','coords','nohref','hreflang','shape'); + + return "<$tag" . html::attrib_string($attrib, $allow) . $end; } |