Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Roundcube treats images defined as data URIs in CSS as evil #5580

Closed
netesa opened this issue Jan 4, 2017 · 5 comments
Closed

Roundcube treats images defined as data URIs in CSS as evil #5580

netesa opened this issue Jan 4, 2017 · 5 comments
Labels
bug C: Mail view
Milestone
1.3.2

Comments

@netesa
Copy link

netesa commented Jan 4, 2017

I have the following email notification message:
test.zip

I observe two issues in the way Roundcube renders it. First, it is detected as referencing remote images, which is not true:
rc-1

Then, after confirming (clicking "Display images") it also not rendered correctly because png images defined as data URIs in CSS are treated as evil and the whole class definitions are removed:
rc-2

Desktop mail clients diplay this message correctly immediately and without any warnings, for instance Thunderbird:
thunderbird
@alecpl
Copy link
Member

alecpl commented Jan 4, 2017

Confirmed. rcmail_washtml_callback() should accept image data URIs.

@alecpl alecpl added this to the 1.2.4 milestone Jan 4, 2017
alecpl added a commit that referenced this issue Jan 7, 2017
@alecpl
Fix bug where image data URIs in css style were treated as evil/remot…
7340360 
…e in mail preview (#5580)
alecpl added a commit that referenced this issue Jan 7, 2017
@alecpl
Fix bug where image data URIs in css style were treated as evil/remot…
f90f22f 
…e in mail preview (#5580)
@alecpl
Copy link
Member

alecpl commented Jan 7, 2017

Fixed.

@alecpl alecpl closed this as completed Jan 7, 2017
ZiBiS added a commit to ZiBiS/roundcubemail that referenced this issue Jan 9, 2017
@ZiBiS
Merge branch 'master' of https://github.com/roundcube/roundcubemail
a333912 
* 'master' of https://github.com/roundcube/roundcubemail: (48 commits)
  Fix bug where external content in src attribute of input/video tags was not secured (roundcube#5583)
  Avoid closure compiler suspicious code warning (roundcube#5584)
  Add class attribute for preferences sections list
  Remove redundant code
  Fix bug where image data URIs in css style were treated as evil/remote in mail preview (roundcube#5580)
  Fix pdf object visibility
  Hide QR-Code button if PHP-GD is not installed
  Add 1.3-beta milestone + update copyright year
  Small code improvements in PDF capability checker
  Remove old jsdeps.sh script
  Add --delete argument to install-jsdeps.sh
  Fix function name
  Fix required OpenPGP version
  Make it working with wget when curl is not installed, mark --force argument as boolean
  Add --force option + update install insructions (roundcube#5535)
  Install script to fetch javascript dependencies defined in jsdeps.json (roundcube#5535)
  Fix so group/addressbook selection is retained on page refresh
  Fix some advanced search issues with multiple addressbooks (roundcube#5572)
  Fix unsetting template objects
  Nicely handle contact deletion on contact edit (roundcube#5522)
  ...
@netesa
Copy link
Author

netesa commented Sep 30, 2017

This is still not fixed in case where the message contains image data URIs and also references a remote image. Everything is fine until you click "Display images".

A test message: test.zip

@alecpl
Copy link
Member

alecpl commented Oct 1, 2017

Confirmed.

@alecpl alecpl reopened this Oct 1, 2017
@alecpl alecpl modified the milestones: 1.2.4, 1.3.2 Oct 1, 2017
alecpl added a commit that referenced this issue Oct 1, 2017
@alecpl
Fix (again) bug where image data URIs in css style were treated as ev…
5d16751 
…il/remote in mail preview (#5580)
alecpl added a commit that referenced this issue Oct 1, 2017
@alecpl
Fix (again) bug where image data URIs in css style were treated as ev…
972be07 
…il/remote in mail preview (#5580)
alecpl added a commit that referenced this issue Oct 1, 2017
@alecpl
Fix (again) bug where image data URIs in css style were treated as ev…
1fd9ad2 
…il/remote in mail preview (#5580)
@alecpl
Copy link
Member

alecpl commented Oct 1, 2017

Fixed.

@alecpl alecpl closed this as completed Oct 1, 2017
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug C: Mail view
Projects
None yet
Milestone
1.3.2
Development

No branches or pull requests
2 participants
@alecpl @netesa