After updating to SOGo 5.12.8 some users started to report that their changes are silently discarded when they try to save their preferences. The server log indicates that there is a problem parsing the JSON string:

May 18 09:54:07 sogod [1177678]: [ERROR] <0x0x55855f287ab0[GSUInlineString]> json parser: Expected value while parsing array, attempting once more after unescaping...
May 18 09:54:07 sogod [1177678]: [ERROR] <0x0x55855f287ab0[GSUInlineString]> total failure. Original string is: { […] "signature":" […] <meta http-equiv=\"content-type\" con***="" charset=UTF-8\"> […] }
May 18 09:54:07 sogod [1177678]: x.x.x.x "POST /SOGo/so/user/Preferences/save HTTP/1.1" 200 0/15323 0.022 - - 0 - 17

The substring <meta http-equiv=\"content-type\" content=\"text/html; charset=UTF-8\">, which is part of the user's HTML email signature, is mangled into <meta http-equiv= \"content-type\" con***="" charset=UTF-8\">. This is a regression caused by commit 67ce01ec2a1a7854d8e9f615dd65afb949043e86 ("fix(mail): sanitise mail with ics (invitation to event)"). The revised regular expression incorrectly matches other HTML attribute names, such as content, instead of the intended event handler attributes. The string replacement performed in stringWithoutHTMLInjection is inappropriate when called by saveAction in UIxPreferences.m, as it removes the escape characters in the JSON string. In addition, the code path lacks proper error handling, as it returns an HTTP 200 status code and does not indicate any error to the user.