From 1f8201565206fc9dd41bd28b929329641164fde7 Mon Sep 17 00:00:00 2001
From: M66B <M66B@users.noreply.github.com>
Date: Fri, 25 Jan 2019 06:44:41 +0000
Subject: [PATCH] Sanitize shared html

---
 app/src/main/java/eu/faircode/email/ActivityCompose.java | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/app/src/main/java/eu/faircode/email/ActivityCompose.java b/app/src/main/java/eu/faircode/email/ActivityCompose.java
index 6a86a15bec..5fb5ab8af9 100644
--- a/app/src/main/java/eu/faircode/email/ActivityCompose.java
+++ b/app/src/main/java/eu/faircode/email/ActivityCompose.java
@@ -25,6 +25,9 @@ import android.os.Bundle;
 import android.text.TextUtils;
 import android.view.MenuItem;
 
+import org.jsoup.Jsoup;
+import org.jsoup.safety.Whitelist;
+
 import java.util.ArrayList;
 
 import javax.mail.internet.AddressException;
@@ -117,7 +120,7 @@ public class ActivityCompose extends ActivityBilling implements FragmentManager.
                 if (intent.hasExtra(Intent.EXTRA_HTML_TEXT)) {
                     String html = intent.getStringExtra(Intent.EXTRA_HTML_TEXT);
                     if (html != null)
-                        args.putString("body", html);
+                        args.putString("body", Jsoup.clean(html, Whitelist.relaxed()));
                 } else if (intent.hasExtra(Intent.EXTRA_TEXT)) {
                     String body = intent.getStringExtra(Intent.EXTRA_TEXT);
                     if (body != null)