1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
|
package alpsviewhtml
import (
"bytes"
"fmt"
"html/template"
"io/ioutil"
"strings"
"git.sr.ht/~emersion/alps"
alpsbase "git.sr.ht/~emersion/alps/plugins/base"
"github.com/emersion/go-message"
)
const tplSrc = `
<!-- allow-same-origin is required to resize the frame with its content -->
<!-- allow-popups is required for target="_blank" links -->
<iframe id="email-frame" srcdoc="{{.}}" sandbox="allow-same-origin allow-popups"></iframe>
<script src="/plugins/viewhtml/assets/script.js"></script>
<link rel="stylesheet" href="/plugins/viewhtml/assets/style.css">
`
var tpl = template.Must(template.New("view-html.html").Parse(tplSrc))
type viewer struct{}
func (viewer) ViewMessagePart(ctx *alps.Context, msg *alpsbase.IMAPMessage, part *message.Entity) (interface{}, error) {
allowRemoteResources := ctx.QueryParam("allow-remote-resources") == "1"
mimeType, _, err := part.Header.ContentType()
if err != nil {
return nil, err
}
if !strings.EqualFold(mimeType, "text/html") {
return nil, alpsbase.ErrViewUnsupported
}
body, err := ioutil.ReadAll(part.Body)
if err != nil {
return nil, fmt.Errorf("failed to read part body: %v", err)
}
san := sanitizer{
msg: msg,
allowRemoteResources: allowRemoteResources,
}
body, err = san.sanitizeHTML(body)
if err != nil {
return nil, fmt.Errorf("failed to sanitize HTML part: %v", err)
}
ctx.Set("viewhtml.hasRemoteResources", san.hasRemoteResources)
var buf bytes.Buffer
err = tpl.Execute(&buf, string(body))
if err != nil {
return nil, err
}
return template.HTML(buf.String()), nil
}
func init() {
alpsbase.RegisterViewer(viewer{})
}
|