search

Raikia / FiercePhish

FiercePhish is a full-fledged phishing framework to manage all phishing engagements. It allows you to track separate phishing campaigns, schedule sending of emails, and much more.
https://github.com/Raikia/FiercePhish/wiki
GNU General Public License v3.0
1.31k stars 249 forks source link

Allow editing of raw HTML templates #45

Closed ad0nis closed 7 years ago

ad0nis commented 7 years ago

If you paste raw HTML source into the template editor's source view, much of the CSS, font size, color, and other formatting information is thrown away by the editor when the template is saved. Please allow raw HTML editing of email templates.

ad0nis commented 7 years ago

I have to update this bug, as it appears that I was at least partially wrong. My initial bug was due to mistakes in my HTML, however while attempting to fix it, I found more problems. When I pasted in my fixed html into the source and saved it, the template render section showed it properly, however upon navigating to another tab and back again, the proper formatting was lost, so I still feel that this bug is valid. If we're going to use HTML email templates, we need to be able to edit the raw HTML, and know that it will remain intact.

Raikia commented 7 years ago

I agree that this sounds like a bug and probably can be fixed with a simple edit of the ckeditor configuration (the wysiwyg text area library that is used). Do you have an example input you were using for me to test with? I can probably patch this pretty quickly for you

ad0nis commented 7 years ago

Threw an example in the following gist: https://gist.github.com/ad0nis/72c18bddad940107223a531397b0fb4e

Raikia commented 7 years ago

Yeah, as I suspected, its a simple change of the CKEditor library I'm using. That said, there are very strict limitations on what some email providers allow, so you should be aware that that email will not be accepted (or if accepted, it wont be shown properly) by many providers.

More references: https://css-tricks.com/using-css-in-html-emails-the-real-story/ http://groundwire.org/labs/email-publishing/using-css-and-html-in-email-newsletters/

I would say this is definitely an enhancement over a bug, since right now the WYSIWYG editor shows you a subset of exactly what an email client would allow. I agree it is much more limited than it should be (with respect to styles and attributes). I will work on this and release as v1.2.2 so it hits before v1.3.0.

Raikia commented 7 years ago

A fix has been published and released as v1.2.2. Please update your FiercePhish install and you will be good to go! Your template now works and the editor now allows full styling