aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--plugins/base/public/assets/script.js8
-rw-r--r--plugins/base/public/foot.html1
-rw-r--r--plugins/base/public/message.html3
-rw-r--r--plugins/base/routes.go3
4 files changed, 14 insertions, 1 deletions
diff --git a/plugins/base/public/assets/script.js b/plugins/base/public/assets/script.js
new file mode 100644
index 0000000..84c353e
--- /dev/null
+++ b/plugins/base/public/assets/script.js
@@ -0,0 +1,8 @@
+var emailFrame = document.getElementById("email-frame");
+if (emailFrame) {
+ var resizeFrame = function() {
+ emailFrame.style.height = emailFrame.contentWindow.document.documentElement.scrollHeight + "px";
+ };
+ emailFrame.addEventListener("load", resizeFrame);
+ emailFrame.contentWindow.addEventListener("resize", resizeFrame);
+}
diff --git a/plugins/base/public/foot.html b/plugins/base/public/foot.html
index b605728..284d779 100644
--- a/plugins/base/public/foot.html
+++ b/plugins/base/public/foot.html
@@ -1,2 +1,3 @@
+ <script src="/plugins/base/assets/script.js"></script>
</body>
</html>
diff --git a/plugins/base/public/message.html b/plugins/base/public/message.html
index 6ce633b..cfb0169 100644
--- a/plugins/base/public/message.html
+++ b/plugins/base/public/message.html
@@ -114,7 +114,8 @@
<p><a href="{{.Message.Uid}}/reply?part={{.PartPath}}">Reply</a></p>
{{if .IsHTML}}
<!-- TODO: add a src fallback -->
- <iframe srcdoc="{{.Body}}" sandbox></iframe>
+ <!-- allow-same-origin is required to resize the frame with its content -->
+ <iframe id="email-frame" srcdoc="{{.Body}}" sandbox="allow-same-origin"></iframe>
{{else}}
<pre>{{.Body}}</pre>
{{end}}
diff --git a/plugins/base/routes.go b/plugins/base/routes.go
index 02518cc..7b02f11 100644
--- a/plugins/base/routes.go
+++ b/plugins/base/routes.go
@@ -247,6 +247,9 @@ func handleGetPart(ctx *koushin.Context, raw bool) error {
isHTML := false
if strings.EqualFold(mimeType, "text/html") {
p := bluemonday.UGCPolicy()
+ // TODO: be more strict
+ p.AllowElements("style")
+ p.AllowAttrs("style")
body = p.Sanitize(body)
isHTML = true
}
generated by cgit v1.2.3 (git 2.25.1) at 2024-10-19 03:44:44 +0000