Created
November 5, 2014 07:15
-
-
Save maxvyaznikov/e282764465f1fead480a to your computer and use it in GitHub Desktop.
Recipies for imapseagull-storage-mongo
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Make html safe for imapseagull-storage-mongo. | |
# Use post_parse_handlers setting to add | |
var sanitizer = require('sanitizer'); # https://github.com/theSmaw/Caja-HTML-Sanitizer | |
var _tagPolicy = sanitizer.makeTagPolicy(), | |
_hrefScript = ['javascript:', 'vbscript:'], | |
_tags = ['img', 'a'], _attrs = ['src', 'href']; # Sanitizer erased all, so it's for exception | |
function sanitizationTagPolicy(storage, mail, tagName, attribs) { | |
if (_tags.indexOf(tagName) >= 0 && attribs.length) { | |
var a, a_name, i; | |
for (i = 0; i < attribs.length; i += 2) { | |
if (_attrs.indexOf(attribs[i]) >= 0) { | |
a_name = attribs[i]; | |
a = attribs[i + 1]; | |
break; | |
} | |
} | |
if (a) { | |
u = url.parse(a); | |
var value = ''; | |
if (tagName == 'img' && a_name == 'src' && u.protocol == 'cid:') { // Attachment is inside of html | |
var attachment; | |
for (i = 0; attachment = mail.attached_files[i]; ++i) { | |
if (attachment.cid.indexOf(u.host) >= 0) { | |
value = storage._cfg.attachment_download_url(attachment); | |
break | |
} | |
} | |
} else if (u && _hrefScript.indexOf(u.protocol) < 0) { | |
// TODO: download online-links and embed as attachments | |
value = url.format(u); | |
} | |
if (value != '') { | |
var attrs = sanitizer.sanitizeAttribs(tagName, attribs); | |
attrs.push(a_name); | |
attrs.push(value); | |
return { attribs: attrs } | |
} | |
} | |
} | |
return _tagPolicy.call(this, tagName, attribs); | |
} | |
/** | |
* @param storage | |
* @param mail (object) results of MongoDecorator.prototype.parse_raw_msg | |
* @param callback | |
*/ | |
function make_html_safe(storage, mail, callback) { | |
mail.html_safe = (mail.html || ''); | |
mail.html_safe = sanitizer.sanitizeWithPolicy(mail.html_safe, async.apply(sanitizationTagPolicy, storage, mail)); | |
callback(); | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment