Commit 07a00cd7 authored by Fabio Stegmeyer's avatar Fabio Stegmeyer
Browse files

[TASK] Display preview in sandbox iframe

parent 89cffb6b
......@@ -187,45 +187,11 @@ class QueueController extends ActionController {
*
* @param int $uid
*/
public function previewAction($uid) {
public function previewAction($uid): void {
$mailService = new MailTemplateService();
$mailToPreview = $mailService->getMailObjectByUid($uid);
$mailBody = $mailToPreview->getMailBody();
// Unsafe HTML tags and attributes
$unsafeTags = [
'/<iframe(.*?)<\/iframe>/is',
'/<title(.*?)<\/title>/is',
'/<pre(.*?)<\/pre>/is',
'/<frame(.*?)<\/frame>/is',
'/<frameset(.*?)<\/frameset>/is',
'/<object(.*?)<\/object>/is',
'/<script(.*?)<\/script>/is',
'/<embed(.*?)<\/embed>/is',
'/<applet(.*?)<\/applet>/is',
'/<meta(.*?)>/is',
'/<!doctype(.*?)>/is',
'/<link(.*?)>/is',
'/<body(.*?)>/is',
'/<\/body>/is',
'/<head(.*?)>/is',
'/<\/head>/is',
'/onclick="(.*?)"/is',
'/onClick="(.*?)"/is',
'/onload="(.*?)"/is',
'/onLoad="(.*?)"/is',
'/onunload="(.*?)"/is',
'/onUnload="(.*?)"/is',
'/<html(.*?)>/is',
'/<\/html>/is'
];
// parse out unsafe tags and attributes
$parsedMailBody = preg_replace($unsafeTags, "", $mailBody);
$this->view->assign('mail', $mailToPreview);
$this->view->assign('parsedMailBody', $parsedMailBody);
}
/**
......@@ -271,9 +237,8 @@ class QueueController extends ActionController {
// save the Template filter to the session
if (!isset($_SESSION[$this->session->getSessionKey()]['filterTemplate'])
|| (isset($_POST['filterTemplate']) && $this->session->getDataByKey(
'filterTemplate'
) !== $_POST['filterTemplate'])) {
|| (isset($_POST['filterTemplate'])
&& $this->session->getDataByKey('filterTemplate') !== $_POST['filterTemplate'])) {
$this->session->setDataByKey('filterTemplate', $_POST['filterTemplate']);
}
......
......@@ -69,8 +69,6 @@
</div>
<div class="mail-body">
<f:format.stripTags allowedTags="<title><table><tr><th><td><tbody><a><style><img><p><span><br><div><h1><h2><h3><h4><h5><h6><i><b>">
{parsedMailBody}
</f:format.stripTags>
<iframe class="mail-body-iframe" srcdoc="{mail.mailBody}" sandbox></iframe>
</div>
</f:section>
......@@ -30,5 +30,11 @@ body {
}
.mail-body {
padding: 15px;
padding: 10px;
}
.mail-body-iframe{
border: none;
width:100vw;
height:100vh;
}
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment