aboutsummaryrefslogtreecommitdiff
path: root/plugins
diff options
context:
space:
mode:
Diffstat (limited to 'plugins')
-rw-r--r--plugins/base/routes.go1
-rw-r--r--plugins/viewhtml/sanitize.go38
2 files changed, 8 insertions, 31 deletions
diff --git a/plugins/base/routes.go b/plugins/base/routes.go
index 9dd110a..ad4d121 100644
--- a/plugins/base/routes.go
+++ b/plugins/base/routes.go
@@ -431,7 +431,6 @@ func handleCompose(ctx *koushin.Context, msg *OutgoingMessage, draft *messagePat
func handleComposeNew(ctx *koushin.Context) error {
// These are common mailto URL query parameters
- // TODO: cc, bcc
return handleCompose(ctx, &OutgoingMessage{
To: strings.Split(ctx.QueryParam("to"), ","),
Subject: ctx.QueryParam("subject"),
diff --git a/plugins/viewhtml/sanitize.go b/plugins/viewhtml/sanitize.go
index f8d6a58..c7de703 100644
--- a/plugins/viewhtml/sanitize.go
+++ b/plugins/viewhtml/sanitize.go
@@ -70,14 +70,6 @@ var allowedStyles = map[string]bool{
"list-style-position": true,
}
-var mailtoParams = []string{
- "subject",
- "cc",
- "bcc",
- "body",
- "in-reply-to",
-}
-
type sanitizer struct {
msg *koushinbase.IMAPMessage
}
@@ -88,31 +80,17 @@ func (san *sanitizer) sanitizeImageURL(src string) string {
return "about:blank"
}
- switch strings.ToLower(u.Scheme) {
- case "mailto":
- mailtoQuery := u.Query()
-
- composeURL := url.URL{Path: "/compose"}
- composeQuery := make(url.Values)
- composeQuery.Set("to", u.Opaque)
- for _, k := range mailtoParams {
- if v := mailtoQuery.Get(k); v != "" {
- composeQuery.Set(k, v)
- }
- }
- composeURL.RawQuery = composeQuery.Encode()
- return composeURL.String()
- case "cid":
- // TODO: mid support?
- part := san.msg.PartByID(u.Opaque)
- if part == nil || !strings.HasPrefix(part.MIMEType, "image/") {
- return "about:blank"
- }
+ // TODO: mid support?
+ if !strings.EqualFold(u.Scheme, "cid") || san.msg == nil {
+ return "about:blank"
+ }
- return part.URL(true).String()
- default:
+ part := san.msg.PartByID(u.Opaque)
+ if part == nil || !strings.HasPrefix(part.MIMEType, "image/") {
return "about:blank"
}
+
+ return part.URL(true).String()
}
func (san *sanitizer) sanitizeCSSDecls(decls []*css.Declaration) []*css.Declaration {