diff options
author | Christoph Wurst <christoph@winzerhof-wurst.at> | 2020-11-06 16:48:12 +0300 |
---|---|---|
committer | Christoph Wurst <christoph@winzerhof-wurst.at> | 2020-11-06 17:47:05 +0300 |
commit | 217bac0ab5a9eb7291795557aebd3d44172038a1 (patch) | |
tree | 2cc5858c8ebe190e9be357979f9c199068201e65 /lib/Controller/MessagesController.php | |
parent | f4f4d046de3fbed88ac7081bbfc9545da0267baf (diff) |
Clean up HTML response
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
Diffstat (limited to 'lib/Controller/MessagesController.php')
-rwxr-xr-x | lib/Controller/MessagesController.php | 38 |
1 files changed, 27 insertions, 11 deletions
diff --git a/lib/Controller/MessagesController.php b/lib/Controller/MessagesController.php index 9c4dbb62c..c366fcd34 100755 --- a/lib/Controller/MessagesController.php +++ b/lib/Controller/MessagesController.php @@ -31,6 +31,7 @@ declare(strict_types=1); namespace OCA\Mail\Controller; use Exception; +use OC\Security\CSP\ContentSecurityPolicyNonceManager; use OCA\Mail\Contracts\IMailManager; use OCA\Mail\Contracts\IMailSearch; use OCA\Mail\Exception\ClientException; @@ -87,16 +88,23 @@ class MessagesController extends Controller { /** @var IURLGenerator */ private $urlGenerator; + /** @var ContentSecurityPolicyNonceManager */ + private $nonceManager; + /** * @param string $appName * @param IRequest $request * @param AccountService $accountService + * @param IMailManager $mailManager + * @param IMailSearch $mailSearch + * @param ItineraryService $itineraryService * @param string $UserId * @param $userFolder * @param LoggerInterface $logger * @param IL10N $l10n * @param IMimeTypeDetector $mimeTypeDetector * @param IURLGenerator $urlGenerator + * @param ContentSecurityPolicyNonceManager $nonceManager */ public function __construct(string $appName, IRequest $request, @@ -109,7 +117,8 @@ class MessagesController extends Controller { LoggerInterface $logger, IL10N $l10n, IMimeTypeDetector $mimeTypeDetector, - IURLGenerator $urlGenerator) { + IURLGenerator $urlGenerator, + ContentSecurityPolicyNonceManager $nonceManager) { parent::__construct($appName, $request); $this->accountService = $accountService; @@ -123,6 +132,7 @@ class MessagesController extends Controller { $this->mimeTypeDetector = $mimeTypeDetector; $this->urlGenerator = $urlGenerator; $this->mailManager = $mailManager; + $this->nonceManager = $nonceManager; } /** @@ -357,17 +367,23 @@ class MessagesController extends Controller { ); } - $htmlResponse = new HtmlResponse( - $this->mailManager->getImapMessage( - $account, - $mailbox, - $message->getUid(), - true - )->getHtmlBody( - $id - ), - $plain + $html = $this->mailManager->getImapMessage( + $account, + $mailbox, + $message->getUid(), + true + )->getHtmlBody( + $id ); + $htmlResponse = $plain ? + HtmlResponse::plain($html) : + HtmlResponse::withResizer( + $html, + $this->nonceManager->getNonce(), + $this->urlGenerator->getAbsoluteURL( + $this->urlGenerator->linkTo('mail', 'js/htmlresponse.js') + ) + ); // Harden the default security policy $policy = new ContentSecurityPolicy(); |