diff options
| author | thomascube <thomas@roundcube.net> | 2011-11-29 10:16:42 +0000 |
|---|---|---|
| committer | thomascube <thomas@roundcube.net> | 2011-11-29 10:16:42 +0000 |
| commit | 57486f6e58d602413b58f780bf3a94ad6d2af8ce (patch) | |
| tree | 9f538706c8b5e86cce4f00e9d3b25c343210760c /program/steps/mail/show.inc | |
| parent | 6bddd9ba44e4dcb69e8d22fcaf21ec017d78e0fc (diff) | |
Content filter for embedded attachments to protect from XSS on IE<=8 (#1487895)
Diffstat (limited to 'program/steps/mail/show.inc')
| -rw-r--r-- | program/steps/mail/show.inc | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/program/steps/mail/show.inc b/program/steps/mail/show.inc index 8976e863a..d928cfd68 100644 --- a/program/steps/mail/show.inc +++ b/program/steps/mail/show.inc @@ -132,7 +132,7 @@ function rcmail_message_attachments($attrib) $ol .= html::tag('li', null, html::a(array( - 'href' => $MESSAGE->get_part_url($attach_prop->mime_id), + 'href' => $MESSAGE->get_part_url($attach_prop->mime_id, false), 'onclick' => sprintf( 'return %s.command(\'load-attachment\',{part:\'%s\', mimetype:\'%s\'},this)', JS_OBJECT_NAME, |