starred/cypht
1
0
Fork 0
mirror of https://github.com/cypht-org/cypht.git synced 2026-04-25 04:56:03 +03:00
Code Issues 137 Projects Releases Packages Wiki Activity

[GH-ISSUE #222] [BUG] Text-Form of a HTML-EMail has trouble with links #185

New issue
Closed
opened 2026-02-25 21:34:22 +03:00 by kerem · 4 comments
kerem commented 2026-02-25 21:34:22 +03:00
Owner
Copy link

Originally created by @ulfgebhardt on GitHub (Aug 25, 2017).
Original GitHub issue: https://github.com/cypht-org/cypht/issues/222

Originally assigned to: @jasonmunro on GitHub.

Hello,
me again - another thing i just noticed
crypht7

The Link contains the closing ">" which makes it invalid.
This applies only to the Text-Form of a HTML EMail. In HTML Form it works correctly.

The Text-Form seems not to be HTML-Escaped. This could be an security risk, even in Text-Form.
See: htmlentities

Grüße Ulf

<3

Originally created by @ulfgebhardt on GitHub (Aug 25, 2017). Original GitHub issue: https://github.com/cypht-org/cypht/issues/222 Originally assigned to: @jasonmunro on GitHub. Hello, me again - another thing i just noticed ![crypht7](https://user-images.githubusercontent.com/1238238/29735164-221d3724-89f7-11e7-98a6-3de681463a0c.png) The Link contains the closing ">" which makes it invalid. This applies only to the Text-Form of a HTML EMail. In HTML Form it works correctly. ~~The Text-Form seems not to be HTML-Escaped. This could be an security risk, even in Text-Form. See: [htmlentities](http://php.net/manual/en/function.htmlentities.php)~~ Grüße Ulf <3
kerem 2026-02-25 21:34:22 +03:00
  • closed this issue
  • added the
    bug
    core
         labels
kerem commented 2026-02-25 21:34:23 +03:00
Author
Owner
Copy link

@jasonmunro commented on GitHub (Aug 26, 2017):

Text messages are escaped, it's actually the reason this bug exists :) URLs that have a trailing > accidentally match our url regex because they have already been changed to an entity. We can't do the regex before we escape the content, because the links we insert would be escaped as well. To solve this I made a change that does the following:

  • escape the content as before
  • insert a space before any html entity
  • replace strings that look like URLs (match our regex) with actual links
  • remove a single space before any html entity

So far it looks like it's working for me. Let me know how it works for you when you can, and again thanks for the feedback!

<!-- gh-comment-id:325151399 --> @jasonmunro commented on GitHub (Aug 26, 2017): Text messages are escaped, it's actually the reason this bug exists :) URLs that have a trailing &gt; accidentally match our url regex because they have already been changed to an entity. We can't do the regex before we escape the content, because the links we insert would be escaped as well. To solve this I made a change that does the following: - escape the content as before - insert a space before any html entity - replace strings that look like URLs (match our regex) with actual links - remove a single space before any html entity So far it looks like it's working for me. Let me know how it works for you when you can, and again thanks for the feedback!
kerem commented 2026-02-25 21:34:23 +03:00
Author
Owner
Copy link

@jasonmunro commented on GitHub (Sep 7, 2017):

Found and fixed a bug with this, but I believe it is now working better

<!-- gh-comment-id:327929012 --> @jasonmunro commented on GitHub (Sep 7, 2017): Found and fixed a bug with this, but I believe it is now working better
kerem commented 2026-02-25 21:34:23 +03:00
Author
Owner
Copy link

@jasonmunro commented on GitHub (Sep 12, 2017):

@ulfgebhardt I would like to close this since I think it's fixed, if you could confirm for me that would be great! Thanks!

<!-- gh-comment-id:328975110 --> @jasonmunro commented on GitHub (Sep 12, 2017): @ulfgebhardt I would like to close this since I think it's fixed, if you could confirm for me that would be great! Thanks!
kerem commented 2026-02-25 21:34:23 +03:00
Author
Owner
Copy link

@ulfgebhardt commented on GitHub (Sep 13, 2017):

Is fixed, please close!

Rev: 26a3870e58

Grüße Ulf

<3

<!-- gh-comment-id:329082533 --> @ulfgebhardt commented on GitHub (Sep 13, 2017): Is fixed, please close! Rev: 26a3870e58702787c0b8356863b8c4108a9bf1d7 Grüße Ulf <3
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
master
2.x
mta-sts-implementation
feat-compose-backspace-delete-recipients
release-2.5.1
add-tls3-support
1.4.x
enforce-coverage
release-2.4.2
strip_dns_prefetch_tags
fix_nightly_build
pr-title-validation-update
review-sent-email
revert-1339-fixed-tags-display
revert-1061-rem-cram-md5
sys-messages-revamp
revert-685-fixed-str-pos-warning-when-no-to
revert-590-empty-settings
release-1.3.0
revert-471-draft-add-warning
revert-454-feature/server-list-by-uniqid
php7.4-support
release-1.2.0
remove-mobile-media-queries
release-1.1.0
release-1.0.0
v2.7.0
v2.6.0
v2.5.1
v2.5.0
v1.4.7
v2.4.2
v2.4.1
v1.4.6
v1.4.5
v2.4.0
v2.3.0
v2.2.0
v1.4.4
v2.1.0
v2.0.1
v1.4.3
v2.0.0
v1.4.2
v1.4.1
v1.4.0
v1.3.0
v1.3.0-rc3
v1.3.0-rc2
v1.3.0-rc1
v1.1.0
v1.1.0-rc4
v1.1.0-rc3
v1.1.0-rc2
v1.1.0-rc1
v1.0.0
v1.0.0-rc8
v1.0.0-rc7
v1.0.0-rc6
v1.0.0-rc5
v1.0.0-rc4
v1.0.0-rc3
v1.0.0-rc2
v1.0.0-rc1
Labels
Clear labels   
2fa

   
I18N

   
PGP

   
Security

   
Security

   
account

   
advanced_search

   
advanced_search

   
announcement

   
api_login

   
authentication

   
awaiting feedback

   
blocker

   
bug

   
bug

   
bug

   
calendar

   
config

   
contacts

   
core

   
core

   
devops

   
docker

   
docs

   
duplicate

   
dynamic_login

   
enhancement

   
epic

   
feature

   
feeds

   
framework

   
github

   
github

   
gmail_contacts

   
good first issue

   
help wanted

   
history

   
history

   
imap

   
imap_folders

   
inline_message

   
installation

   
keyboard_shortcuts

   
keyboard_shortcuts

   
ldap_contacts

   
mobile

   
need-ssh-access

   
new module set

   
nux

   
pop3

   
profiles

   
pull-request

Mirrored from GitHub Pull Request

  
question

   
refactor

   
release

   
research

   
saved_searches

   
smtp

   
strategic

   
tags

   
tests

   
themes

   
website

   
wordpress
No labels
2fa
I18N
PGP
Security
Security
account
advanced_search
advanced_search
announcement
api_login
authentication
awaiting feedback
blocker
bug
bug
bug
calendar
config
contacts
core
core
devops
docker
docs
duplicate
dynamic_login
enhancement
epic
feature
feeds
framework
github
github
gmail_contacts
good first issue
help wanted
history
history
imap
imap_folders
inline_message
installation
keyboard_shortcuts
keyboard_shortcuts
ldap_contacts
mobile
need-ssh-access
new module set
nux
pop3
profiles
pull-request
question
refactor
release
research
saved_searches
smtp
strategic
tags
tests
themes
website
wordpress
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/cypht#185
No description provided.