author Ben Bucksch <>
Mon, 21 May 2018 18:44:41 +0200
changeset 23964 96fab4a2b81189101231b12106823748c9a70a94
child 26421 bca950c87a074a65e00c0894937c46b3b644ee5e
permissions -rw-r--r--
Bug 1419417 - Parse HTML to make sure that tags and attributes are properly closed. r=mkmelin,jorgk This fixes the efail <> security bug, which opens a HTML tag or attribute in an HTML MIME part, then puts in a PGP-encrypted part, and then another HTML part with the closing quote or tag. This could be e.g. <img src=' or <form><textarea>, CSS URL or similar features that send out the following text as URL and therefore leak it to the attacker who crafted the email. The PGP part will then be decrypted and leak. The bug was that we just passed HTML through verbatim. The frontend does not have any further precautions, either. The correct solution here is to jail each MIME part into a separate <iframe type="content"> in the UI. However, we don't want one scrollbar for each MIME part, but one scroll for the entire body. <iframe seamless> would allow that, but it was never implemented in Firefox and is now dead. We might later find a workaround, but this is more work and can't be done short term. The fix here in libmime first parses the HTML that we get in the HTML MIME part, and then immediately serialized it again. That ensures that the HTML document is complete, syntactically correct, and all tags and attributes are properly closed, before we start with the next MIME part.

/* -*- Mode: C; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
/* This Source Code Form is subject to the terms of the Mozilla Public
 * License, v. 2.0. If a copy of the MPL was not distributed with this
 * file, You can obtain one at */


#include "mimethtm.h"

typedef struct MimeInlineTextHTMLParsedClass MimeInlineTextHTMLParsedClass;
typedef struct MimeInlineTextHTMLParsed      MimeInlineTextHTMLParsed;

struct MimeInlineTextHTMLParsedClass {
  MimeInlineTextHTMLClass html;

extern MimeInlineTextHTMLParsedClass mimeInlineTextHTMLParsedClass;

struct MimeInlineTextHTMLParsed {
  MimeInlineTextHTML    html;
  nsString             *complete_buffer;  // Gecko parser expects wide strings

#define MimeInlineTextHTMLParsedClassInitializer(ITYPE,CSUPER) \
  { MimeInlineTextHTMLClassInitializer(ITYPE,CSUPER) }