diff options
Diffstat (limited to 'plugins')
-rw-r--r-- | plugins/base/routes.go | 1 | ||||
-rw-r--r-- | plugins/viewhtml/sanitize.go | 38 |
2 files changed, 8 insertions, 31 deletions
diff --git a/plugins/base/routes.go b/plugins/base/routes.go index 9dd110a..ad4d121 100644 --- a/plugins/base/routes.go +++ b/plugins/base/routes.go @@ -431,7 +431,6 @@ func handleCompose(ctx *koushin.Context, msg *OutgoingMessage, draft *messagePat func handleComposeNew(ctx *koushin.Context) error { // These are common mailto URL query parameters - // TODO: cc, bcc return handleCompose(ctx, &OutgoingMessage{ To: strings.Split(ctx.QueryParam("to"), ","), Subject: ctx.QueryParam("subject"), diff --git a/plugins/viewhtml/sanitize.go b/plugins/viewhtml/sanitize.go index f8d6a58..c7de703 100644 --- a/plugins/viewhtml/sanitize.go +++ b/plugins/viewhtml/sanitize.go @@ -70,14 +70,6 @@ var allowedStyles = map[string]bool{ "list-style-position": true, } -var mailtoParams = []string{ - "subject", - "cc", - "bcc", - "body", - "in-reply-to", -} - type sanitizer struct { msg *koushinbase.IMAPMessage } @@ -88,31 +80,17 @@ func (san *sanitizer) sanitizeImageURL(src string) string { return "about:blank" } - switch strings.ToLower(u.Scheme) { - case "mailto": - mailtoQuery := u.Query() - - composeURL := url.URL{Path: "/compose"} - composeQuery := make(url.Values) - composeQuery.Set("to", u.Opaque) - for _, k := range mailtoParams { - if v := mailtoQuery.Get(k); v != "" { - composeQuery.Set(k, v) - } - } - composeURL.RawQuery = composeQuery.Encode() - return composeURL.String() - case "cid": - // TODO: mid support? - part := san.msg.PartByID(u.Opaque) - if part == nil || !strings.HasPrefix(part.MIMEType, "image/") { - return "about:blank" - } + // TODO: mid support? + if !strings.EqualFold(u.Scheme, "cid") || san.msg == nil { + return "about:blank" + } - return part.URL(true).String() - default: + part := san.msg.PartByID(u.Opaque) + if part == nil || !strings.HasPrefix(part.MIMEType, "image/") { return "about:blank" } + + return part.URL(true).String() } func (san *sanitizer) sanitizeCSSDecls(decls []*css.Declaration) []*css.Declaration { |