From f0d158453568771931b18feb1185f02994fd7918 Mon Sep 17 00:00:00 2001
From: ericgaspar <junk.eg@free.fr>
Date: Sun, 24 Apr 2022 22:43:18 +0200
Subject: [PATCH] Create rainloop_xss.patch

---
 sources/rainloop_xss.patch | 21 +++++++++++++++++++++
 1 file changed, 21 insertions(+)
 create mode 100644 sources/rainloop_xss.patch

diff --git a/sources/rainloop_xss.patch b/sources/rainloop_xss.patch
new file mode 100644
index 0000000..ae80e3f
--- /dev/null
+++ b/sources/rainloop_xss.patch
@@ -0,0 +1,21 @@
+--- /tmp/HtmlUtils.php	2022-04-24 22:35:36.000000000 +0200
++++ rainloop/v/0.0.0/app/libraries/MailSo/Base/HtmlUtils.php	2022-04-24 22:36:28.000000000 +0200
+@@ -239,7 +239,8 @@
+ 				$oWrapHtml->setAttribute($sKey, $sValue);
+ 			}
+ 
+-			$oWrapDom = $oDom->createElement('div', '___xxx___');
++			$rand_str = base64_encode(random_bytes(32));
++			$oWrapDom = $oDom->createElement('div', $rand_str);
+ 			$oWrapDom->setAttribute('data-x-div-type', 'body');
+ 			foreach ($aBodylAttrs as $sKey => $sValue)
+ 			{
+@@ -250,7 +251,7 @@
+ 
+ 			$sWrp = $oDom->saveHTML($oWrapHtml);
+ 
+-			$sResult = \str_replace('___xxx___', $sResult, $sWrp);
++			$sResult = \str_replace($rand_str, $sResult, $sWrp);
+ 		}
+ 
+ 		$sResult = \str_replace(\MailSo\Base\HtmlUtils::$KOS, ':', $sResult);