diff options
Diffstat (limited to 'program/steps')
-rw-r--r-- | program/steps/mail/compose.inc | 15 |
1 files changed, 10 insertions, 5 deletions
diff --git a/program/steps/mail/compose.inc b/program/steps/mail/compose.inc index 9bf36d225..af84619f2 100644 --- a/program/steps/mail/compose.inc +++ b/program/steps/mail/compose.inc @@ -1005,12 +1005,17 @@ function rcmail_create_draft_body($body, $bodyIsHtml) $cid_map = rcmail_write_compose_attachments($MESSAGE, $bodyIsHtml); } - // clean up html tags - XSS prevention (#1489251) - $body = rcmail_wash_html($body, array('safe' => 1), $cid_map); + // clean up HTML tags - XSS prevention (#1489251) + if ($bodyIsHtml) { + $body = rcmail_wash_html($body, array('safe' => 1), $cid_map); - // replace cid with href in inline images links - if ($cid_map) { - $body = str_replace(array_keys($cid_map), array_values($cid_map), $body); + // remove comments (produced by washtml) + $body = preg_replace('/<!--[^>]+-->/', '', $body); + + // replace cid with href in inline images links + if (!empty($cid_map)) { + $body = str_replace(array_keys($cid_map), array_values($cid_map), $body); + } } return $body; |