eric/mailpit
1
0
Fork 0
mirror of https://github.com/axllent/mailpit.git synced 2026-04-18 12:09:30 +00:00
Code Issues Packages Projects Releases Wiki Activity

Security: Escape ContentID in HTML replacement to prevent regex injection

Browse Source
This commit is contained in:
Ralph Slooten
2026-03-10 11:27:47 +13:00
parent 3073ef9afe
commit f40911c580
1 changed files with 4 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
server/ui-src/views/MessageView.vue
View File

@@ -151,8 +151,9 @@ export default {
for (const i in d.Inline) {
const a = d.Inline[i];
if (a.ContentID !== "") {
const escapedCID = a.ContentID.replace(/[.*+?^${}()|[\]\\]/g, "\\$&");
d.HTML = d.HTML.replace(
new RegExp("(=[\"']?)(cid:" + a.ContentID + ")([\"|'|\\s|\\/|>|;])", "g"),
new RegExp("(=[\"']?)(cid:" + escapedCID + ")([\"'|\\s|\\/|>|;])", "g"),
"$1" + this.resolve("/api/v1/message/" + d.ID + "/part/" + a.PartID) + "$3",
);
}
@@ -171,8 +172,9 @@ export default {
for (const i in d.Attachments) {
const a = d.Attachments[i];
if (a.ContentID !== "") {
const escapedCID = a.ContentID.replace(/[.*+?^${}()|[\]\\]/g, "\\$&");
d.HTML = d.HTML.replace(
new RegExp("(=[\"']?)(cid:" + a.ContentID + ")([\"|'|\\s|\\/|>|;])", "g"),
new RegExp("(=[\"']?)(cid:" + escapedCID + ")([\"'|\\s|\\/|>|;])", "g"),
"$1" + this.resolve("/api/v1/message/" + d.ID + "/part/" + a.PartID) + "$3",
);
}