HTML Cleanup for onclick/onchange/etc causes problems

Brian Devendorf developer at infointegrated.com
Sat Dec 23 18:34:02 CET 2006


I identified a problem in the /program/steps/mail/func.inc regexp for  
cleaning html code. To summarize, the cleanup code looks for the word  
'on' followed by a number of non-equal characters. This should  
identify onchange, onclick, etc... the problem is the code fails when  
the word 'on' is outside of an html tag and a tag with an equal sign  
(eg. html link) follows it in the email. I saw the problem on order  
confirmation emails from Amazon.com.

I created a ticket in trac that contains a patch for this regexp to  
verify that the word on is contained inside a tag. The patch is a  
unified diff, and I also attached a testcase.
View the ticket here: http://trac.roundcube.net/trac.cgi/ticket/1484183

As my first post to this list, I must acknowledge what a truly  
fantastic product RoundCube is.

Thanks,
Brian




More information about the Dev mailing list