diff options
-rw-r--r-- | program/steps/mail/func.inc | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/program/steps/mail/func.inc b/program/steps/mail/func.inc index e947a27c4..702625cea 100644 --- a/program/steps/mail/func.inc +++ b/program/steps/mail/func.inc @@ -707,6 +707,7 @@ function rcmail_wash_html($html, $p = array(), $cid_replaces) } $washer = new washtml($wash_opts); + $washer->add_callback('a', 'rcmail_washtml_callback'); $washer->add_callback('form', 'rcmail_washtml_callback'); if ($p['safe']) { // allow CSS styles, will be sanitized by rcmail_washtml_callback() @@ -819,6 +820,11 @@ function rcmail_washtml_callback($tagname, $attrib, $content) $out = html::div('form', $content); break; + case 'a': + if ($attrib) $attrib .= ' target="_blank"'; + $out = '<a'.$attrib.'>' . $content . '</a>'; + break; + case 'style': // decode all escaped entities and reduce to ascii strings $stripped = preg_replace('/[^a-zA-Z\(:]/', '', rcmail_xss_entitiy_decode($content)); |