aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--plugins/base/public/message.html3
-rw-r--r--plugins/base/routes.go1
2 files changed, 3 insertions, 1 deletions
diff --git a/plugins/base/public/message.html b/plugins/base/public/message.html
index cfb0169..343f79e 100644
--- a/plugins/base/public/message.html
+++ b/plugins/base/public/message.html
@@ -115,7 +115,8 @@
{{if .IsHTML}}
<!-- TODO: add a src fallback -->
<!-- allow-same-origin is required to resize the frame with its content -->
- <iframe id="email-frame" srcdoc="{{.Body}}" sandbox="allow-same-origin"></iframe>
+ <!-- allow-popups is required for target="_blank" links -->
+ <iframe id="email-frame" srcdoc="{{.Body}}" sandbox="allow-same-origin allow-popups"></iframe>
{{else}}
<pre>{{.Body}}</pre>
{{end}}
diff --git a/plugins/base/routes.go b/plugins/base/routes.go
index 7b02f11..a5c6c21 100644
--- a/plugins/base/routes.go
+++ b/plugins/base/routes.go
@@ -250,6 +250,7 @@ func handleGetPart(ctx *koushin.Context, raw bool) error {
// TODO: be more strict
p.AllowElements("style")
p.AllowAttrs("style")
+ p.AddTargetBlankToFullyQualifiedLinks(true)
body = p.Sanitize(body)
isHTML = true
}