summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--program/include/main.inc4
-rw-r--r--program/steps/mail/func.inc4
2 files changed, 4 insertions, 4 deletions
diff --git a/program/include/main.inc b/program/include/main.inc
index d79ba2ca4..7f4945692 100644
--- a/program/include/main.inc
+++ b/program/include/main.inc
@@ -872,8 +872,8 @@ function rcmail_mod_css_styles($source, $container_id)
$replacements = new rcube_string_replacer;
// ignore the whole block if evil styles are detected
- $stripped = preg_replace('/[^a-z\(:]/', '', rcmail_xss_entity_decode($source));
- if (preg_match('/expression|behavior|url\(|import/', $stripped))
+ $stripped = preg_replace('/[^a-z\(:;]/', '', rcmail_xss_entity_decode($source));
+ if (preg_match('/expression|behavior|url\(|import[^a]/', $stripped))
return '/* evil! */';
// remove css comments (sometimes used for some ugly hacks)
diff --git a/program/steps/mail/func.inc b/program/steps/mail/func.inc
index 99f792f79..131a5aa87 100644
--- a/program/steps/mail/func.inc
+++ b/program/steps/mail/func.inc
@@ -829,10 +829,10 @@ function rcmail_washtml_callback($tagname, $attrib, $content)
case 'style':
// decode all escaped entities and reduce to ascii strings
- $stripped = preg_replace('/[^a-zA-Z\(:]/', '', rcmail_xss_entity_decode($content));
+ $stripped = preg_replace('/[^a-zA-Z\(:;]/', '', rcmail_xss_entity_decode($content));
// now check for evil strings like expression, behavior or url()
- if (!preg_match('/expression|behavior|url\(|import/', $stripped)) {
+ if (!preg_match('/expression|behavior|url\(|import[^a]/', $stripped)) {
$out = html::tag('style', array('type' => 'text/css'), $content);
break;
}