From 62660f8d1d24d8d03d6032b87366ed0e5fd0be41 Mon Sep 17 00:00:00 2001 From: Simon Ser Date: Tue, 25 Feb 2020 10:47:38 +0100 Subject: plugins/viewhtml: add support for inline Content-Id images Closes: https://todo.sr.ht/~sircmpwn/koushin/33 --- plugins/viewhtml/sanitize.go | 22 +++++++++++++++++++--- 1 file changed, 19 insertions(+), 3 deletions(-) (limited to 'plugins') diff --git a/plugins/viewhtml/sanitize.go b/plugins/viewhtml/sanitize.go index d5c94a7..c7de703 100644 --- a/plugins/viewhtml/sanitize.go +++ b/plugins/viewhtml/sanitize.go @@ -3,6 +3,7 @@ package koushinviewhtml import ( "bytes" "fmt" + "net/url" "regexp" "strings" @@ -73,8 +74,23 @@ type sanitizer struct { msg *koushinbase.IMAPMessage } -func (san *sanitizer) sanitizeResourceURL(src string) string { - return "about:blank" +func (san *sanitizer) sanitizeImageURL(src string) string { + u, err := url.Parse(src) + if err != nil { + return "about:blank" + } + + // TODO: mid support? + if !strings.EqualFold(u.Scheme, "cid") || san.msg == nil { + return "about:blank" + } + + part := san.msg.PartByID(u.Opaque) + if part == nil || !strings.HasPrefix(part.MIMEType, "image/") { + return "about:blank" + } + + return part.URL(true).String() } func (san *sanitizer) sanitizeCSSDecls(decls []*css.Declaration) []*css.Declaration { @@ -114,7 +130,7 @@ func (san *sanitizer) sanitizeNode(n *html.Node) { for i := range n.Attr { attr := &n.Attr[i] if strings.EqualFold(attr.Key, "src") { - attr.Val = san.sanitizeResourceURL(attr.Val) + attr.Val = san.sanitizeImageURL(attr.Val) } } } else if strings.EqualFold(n.Data, "style") { -- cgit v1.2.3