projects
/
odoo
/
odoo.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
| inline |
side by side
(parent:
87a26bd
)
[FIX]tools/mail: fix regex when sanitizing html containing mail address
author
Cedric Snauwaert
<csn@openerp.com>
Fri, 8 Mar 2013 10:48:50 +0000
(11:48 +0100)
committer
Cedric Snauwaert
<csn@openerp.com>
Fri, 8 Mar 2013 10:48:50 +0000
(11:48 +0100)
bzr revid: csn@openerp.com-
20130308104850
-02nfuaxdr91bo0nx
openerp/tools/mail.py
patch
|
blob
|
history
diff --git
a/openerp/tools/mail.py
b/openerp/tools/mail.py
index
7ca9dd7
..
933c892
100644
(file)
--- a/
openerp/tools/mail.py
+++ b/
openerp/tools/mail.py
@@
-50,7
+50,7
@@
def html_sanitize(src):
src = ustr(src, errors='replace')
# html encode email tags
- part = re.compile(r"(<[^<>]+@[^<>]+>)", re.IGNORECASE | re.DOTALL)
+ part = re.compile(r"(<(([^a<>]|a[^<>\s])[^<>]*)@[^<>]+>)", re.IGNORECASE | re.DOTALL)
src = part.sub(lambda m: cgi.escape(m.group(1)), src)
# some corner cases make the parser crash (such as <SCRIPT/XSS SRC=\"http://ha.ckers.org/xss.js\"></SCRIPT> in test_mail)