diff options
author | Richard Steinmetz <richard@steinmetz.cloud> | 2020-10-28 15:44:28 +0300 |
---|---|---|
committer | Richard Steinmetz <richard@steinmetz.cloud> | 2020-11-06 15:22:02 +0300 |
commit | 237ce80d4a8bd3b338913b28d75ad9c30c2a8571 (patch) | |
tree | 61a1be07c7feda059da342f69fc1c66f2b83133b /lib | |
parent | 6828335e4a3f8c533c25f03d2e067a20c7cb5be2 (diff) |
Responsive mail iframe
Signed-off-by: Richard Steinmetz <richard@steinmetz.cloud>
Diffstat (limited to 'lib')
-rwxr-xr-x | lib/Controller/MessagesController.php | 6 | ||||
-rw-r--r-- | lib/Http/HtmlResponse.php | 27 |
2 files changed, 23 insertions, 10 deletions
diff --git a/lib/Controller/MessagesController.php b/lib/Controller/MessagesController.php index b9882970b..9c4dbb62c 100755 --- a/lib/Controller/MessagesController.php +++ b/lib/Controller/MessagesController.php @@ -336,12 +336,13 @@ class MessagesController extends Controller { * @TrapError * * @param int $id + * @param bool $plain do not inject scripts if true (default=false) * * @return HtmlResponse|TemplateResponse * * @throws ClientException */ - public function getHtmlBody(int $id): Response { + public function getHtmlBody(int $id, bool $plain=false): Response { try { try { $message = $this->mailManager->getMessage($this->currentUserId, $id); @@ -364,7 +365,8 @@ class MessagesController extends Controller { true )->getHtmlBody( $id - ) + ), + $plain ); // Harden the default security policy diff --git a/lib/Http/HtmlResponse.php b/lib/Http/HtmlResponse.php index 9fbc6cdc3..5918dc16a 100644 --- a/lib/Http/HtmlResponse.php +++ b/lib/Http/HtmlResponse.php @@ -25,6 +25,7 @@ declare(strict_types=1); namespace OCA\Mail\Http; +use OCP\Util; use OCP\AppFramework\Http\Response; class HtmlResponse extends Response { @@ -32,22 +33,32 @@ class HtmlResponse extends Response { /** @var string */ private $content; - private $injectedStyles = <<<EOF -* { font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, Oxygen-Sans, Cantarell, Ubuntu, 'Helvetica Neue', Arial, 'Noto Color Emoji', sans-serif, 'Apple Color Emoji', 'Segoe UI Emoji', 'Segoe UI Symbol'; } -EOF; + /** @var bool */ + private $plain; - - public function __construct(string $content) { + /** + * @param string $content message html content + * @param bool $plain do not inject scripts if true (default=false) + */ + public function __construct(string $content, bool $plain=false) { parent::__construct(); $this->content = $content; + $this->plain = $plain; } /** - * Simply sets the headers and returns the file contents + * Inject scripts if not plain and return message html content. * - * @return string the file contents + * @return string message html content */ public function render(): string { - return '<style>' . $this->injectedStyles . '</style>' . $this->content; + if ($this->plain) { + return $this->content; + } + + $nonce = \OC::$server->getContentSecurityPolicyNonceManager()->getNonce(); + $scriptSrc = Util::linkToAbsolute('mail', 'js/htmlresponse.js'); + return '<script nonce="' . $nonce. '" src="' . $scriptSrc . '"></script>' + . $this->content; } } |