[FIX]tools/mail: fix regex when sanitizing html containing mail address

bzr revid: csn@openerp.com-20130308104850-02nfuaxdr91bo0nx
2013-03-08 11:48:50 +01:00 · 2013-03-08 11:48:50 +01:00 · f05aff8ac9
parent 87a26bde3b
commit f05aff8ac9
1 changed files with 1 additions and 1 deletions
--- a/openerp/tools/mail.py
+++ b/openerp/tools/mail.py
@ -50,7 +50,7 @@ def html_sanitize(src):
    src = ustr(src, errors='replace')

    # html encode email tags
-    part = re.compile(r"(<[^<>]+@[^<>]+>)", re.IGNORECASE | re.DOTALL)
+    part = re.compile(r"(<(([^a<>]|a[^<>\s])[^<>]*)@[^<>]+>)", re.IGNORECASE | re.DOTALL)
    src = part.sub(lambda m: cgi.escape(m.group(1)), src)
    
    # some corner cases make the parser crash (such as <SCRIPT/XSS SRC=\"http://ha.ckers.org/xss.js\"></SCRIPT> in test_mail)