In some cases SquirrelMail address book error message
buffer can be used to store errors with html tags and
in some cases tags are sanitized. Such behavior makes
it hard to decide when address book backend can use
html formating and when formating can't be used. It
also does not allow use of multiline error messages.
Suggestion: error buffer should always store plain text
messages and new lines are added with ASCII line feeds.
SquirrelMail should display address book errors
sanitized with htmlspecialchars and convert line feeds
to html line breaks (<br />). Backend should not care
about message formating.
Log in to post a comment.