From 92bcb940d4a1be34ee9ea232741d18dd273dfea3 Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Thu, 15 Oct 2015 03:09:31 -0400
Subject: [PATCH] Fix bug where HTML messages with invalid/excessive css styles couldn't be displayed (#1490539)

---
 program/steps/mail/func.inc |    7 +++++++
 1 files changed, 7 insertions(+), 0 deletions(-)

diff --git a/program/steps/mail/func.inc b/program/steps/mail/func.inc
index 80b618c..e7b6940 100644
--- a/program/steps/mail/func.inc
+++ b/program/steps/mail/func.inc
@@ -951,6 +951,13 @@
         break;
 
     case 'style':
+        // Crazy big styles may freeze the browser (#1490539)
+        // remove content with more than 5k lines
+        if (substr_count($content, "\n") > 5000) {
+            $out = '';
+            break;
+        }
+
         // decode all escaped entities and reduce to ascii strings
         $stripped = preg_replace('/[^a-zA-Z\(:;]/', '', rcube_utils::xss_entity_decode($content));
 

--
Gitblit v1.9.1