[TASK] Display preview in sandbox iframe

07a00cd7 · Fabio Stegmeyer · 89cffb6b · 07a00cd7 · 07a00cd7 · 07a00cd7
Commit 07a00cd7 authored Dec 18, 2020 by Fabio Stegmeyer
3 changed files
--- a/Classes/Controller/QueueController.php
+++ b/Classes/Controller/QueueController.php
@@ -187,45 +187,11 @@ class QueueController extends ActionController {
 	 *
 	 * @param int $uid
 	 */
-	public function previewAction($uid) {
+	public function previewAction($uid): void {
 		$mailService = new MailTemplateService();
 		$mailToPreview = $mailService->getMailObjectByUid($uid);

-		$mailBody = $mailToPreview->getMailBody();
-
-		// Unsafe HTML tags and attributes
-		$unsafeTags = [
-			'/<iframe(.*?)<\/iframe>/is',
-			'/<title(.*?)<\/title>/is',
-			'/<pre(.*?)<\/pre>/is',
-			'/<frame(.*?)<\/frame>/is',
-			'/<frameset(.*?)<\/frameset>/is',
-			'/<object(.*?)<\/object>/is',
-			'/<script(.*?)<\/script>/is',
-			'/<embed(.*?)<\/embed>/is',
-			'/<applet(.*?)<\/applet>/is',
-			'/<meta(.*?)>/is',
-			'/<!doctype(.*?)>/is',
-			'/<link(.*?)>/is',
-			'/<body(.*?)>/is',
-			'/<\/body>/is',
-			'/<head(.*?)>/is',
-			'/<\/head>/is',
-			'/onclick="(.*?)"/is',
-			'/onClick="(.*?)"/is',
-			'/onload="(.*?)"/is',
-			'/onLoad="(.*?)"/is',
-			'/onunload="(.*?)"/is',
-			'/onUnload="(.*?)"/is',
-			'/<html(.*?)>/is',
-			'/<\/html>/is'
-		];
-
-		// parse out unsafe tags and attributes
-		$parsedMailBody = preg_replace($unsafeTags, "", $mailBody);
-
 		$this->view->assign('mail', $mailToPreview);
-		$this->view->assign('parsedMailBody', $parsedMailBody);
 	}

 	/**
@@ -271,9 +237,8 @@ class QueueController extends ActionController {

 		// save the Template filter to the session
 		if (!isset($_SESSION[$this->session->getSessionKey()]['filterTemplate'])
-			|| (isset($_POST['filterTemplate']) && $this->session->getDataByKey(
-					'filterTemplate'
-				) !== $_POST['filterTemplate'])) {
+			|| (isset($_POST['filterTemplate'])
+				&& $this->session->getDataByKey('filterTemplate') !== $_POST['filterTemplate'])) {
 			$this->session->setDataByKey('filterTemplate', $_POST['filterTemplate']);
 		}


--- a/Resources/Private/Templates/Queue/Preview.html
+++ b/Resources/Private/Templates/Queue/Preview.html
@@ -69,8 +69,6 @@
 	</div>

 	<div class="mail-body">
-		<f:format.stripTags allowedTags="<title><table><tr><th><td><tbody><a><style><img><p><span><br><div><h1><h2><h3><h4><h5><h6><i><b>">
-			{parsedMailBody}
-		</f:format.stripTags>
+		<iframe class="mail-body-iframe" srcdoc="{mail.mailBody}" sandbox></iframe>
 	</div>
 </f:section>
--- a/Resources/Public/StyleSheets/preview.css
+++ b/Resources/Public/StyleSheets/preview.css
@@ -30,5 +30,11 @@ body {
 }

 .mail-body {
-	padding: 15px;
+	padding: 10px;
+}
+
+.mail-body-iframe{
+	border: none;
+	width:100vw;
+	height:100vh;
 }