Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

TF-3349 Fix [MU] forwarded message disclaimer and from address #3354

Merged
merged 3 commits into from
Dec 18, 2024
Merged

TF-3349 Fix [MU] forwarded message disclaimer and from address #3354

merged 3 commits into from
Dec 18, 2024

Conversation

dab246
Copy link
Member

@dab246 dab246 commented Dec 16, 2024

Issue

#3349

Root cause

  • We use the characters < and > in the html content so the browser treats them as HTML tags.
Screenshot 2024-12-16 at 15 24 45

Solution

  • Use &lt; and &gt; for the angle brackets to prevent browsers from interpreting them as HTML tags.

Resolved

Screen.Recording.2024-12-16.at.15.35.43.mov

@github-actions GitHub Actions
Copy link

This PR has been deployed to https://linagora.github.io/tmail-flutter/3354.

@hoangdat hoangdat changed the base branch from master to maintenance-v0.14.2 December 16, 2024 10:31
@hoangdat hoangdat dismissed tddang-linagora’s stale review December 16, 2024 10:31

The base branch was changed.

@hoangdat hoangdat changed the base branch from maintenance-v0.14.2 to master December 16, 2024 15:34
@hoangdat
Copy link
Member

  • should we handle HeaderEmailQuoted with transforming email content?

@dab246 dab246 force-pushed the bugfix/tf-3349-forwarded-message-disclaimer-and-from-address branch from 5212986 to 4a893cd Compare December 17, 2024 13:12
@dab246
Copy link
Member Author

dab246 commented Dec 17, 2024

  • should we handle HeaderEmailQuoted with transforming email content?

Done

Screen.Recording.2024-12-17.at.20.09.58.mov

@dab246 dab246 requested a review from hoangdat December 17, 2024 13:13
@chibenwa
Copy link
Member

Rather no: the email subject displayed should be <script>alert('abc def')</script> ghi klm (correctly escaped)

@dab246
Copy link
Member Author

dab246 commented Dec 17, 2024

Rather no: the email subject displayed should be <script>alert('abc def')</script> ghi klm (correctly escaped)

Good catch. We will use escape html to fix this.

Screen.Recording.2024-12-17.at.22.09.24.mov

@dab246
Copy link
Member Author

dab246 commented Dec 17, 2024

  • Also sanitize email subject when Print email
Screen.Recording.2024-12-17.at.22.50.10.mov

@dab246 dab246 force-pushed the bugfix/tf-3349-forwarded-message-disclaimer-and-from-address branch from f039823 to 89e6f1e Compare December 18, 2024 03:27
@dab246 dab246 requested a review from hoangdat December 18, 2024 03:27
@hoangdat
Copy link
Member

please also cherry pick to maintenance-v0.11.4003

@dab246 dab246 changed the base branch from master to maintenance-v0.14.2 December 18, 2024 04:46
@dab246 dab246 force-pushed the bugfix/tf-3349-forwarded-message-disclaimer-and-from-address branch from 89e6f1e to 92472e7 Compare December 18, 2024 05:11
@dab246 dab246 mentioned this pull request Dec 18, 2024
Merged
@dab246
Copy link
Member Author

dab246 commented Dec 18, 2024

please also cherry pick to maintenance-v0.11.4003

Implemented at #3360

@hoangdat hoangdat force-pushed the maintenance-v0.14.2 branch from 6494db9 to 617dbe0 Compare December 18, 2024 10:14
@hoangdat hoangdat merged commit 0b3f106 into maintenance-v0.14.2 Dec 18, 2024
22 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@tddang-linagora tddang-linagora tddang-linagora approved these changes

@hoangdat hoangdat hoangdat approved these changes

Assignees
No one assigned
Labels
customer
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@dab246 @hoangdat @chibenwa @tddang-linagora