Even if an email from Groove ends up in the inbox, it's unreadable - Githubissues

lavab / web

AngularJS web client of Lavaboom's email service

https://mail.lavaboom.com

38 stars 21 forks source link

Even if an email from Groove ends up in the inbox, it's unreadable #709

Closed pzduniak closed 9 years ago

pzduniak commented 9 years ago

ticket

You can easily reproduce it yourself + here's the result

https://lavab.slack.com/files/pzduniak/F04SNN5T1/f2ifs3owph6dzvxajzld__1_.html

let4be commented 9 years ago

Because this email is not a valid html @pzduniak - it's malformed We don't deal with malformed html emails...

<span style='font-weight:300;color:#AAA';>schmecklefrecker@lavaboom.com on May 14, 2015 at 7:15pm wrote:</span>

';>

isn't valid

let4be commented 9 years ago

We might consider another ways of sanitizing but there are not so much alternatives available tho, there is: https://github.com/punkave/sanitize-html

let4be commented 9 years ago

hm hm hm on the other hand standard domParser has no problems with parsing this piece of html... so I might just run thru it as a first step, then rebuild the html before feeding it to $sanitize

pzduniak commented 9 years ago

Have you considered using that Google library that I linked? 18 maj 2015 10:56 "let4be" notifications@github.com napisał(a):

hm hm hm on the other hand standard domParser has no problems parsing this piece of html... so I might just run thru it as a first step, then rebuild the html before feeding it to $sanitize

— Reply to this email directly or view it on GitHub https://github.com/lavab/web/issues/709#issuecomment-102980672.

let4be commented 9 years ago

as far as I was able to understood it's not completely client based software https://developers.google.com/caja/docs/gettingstarted/ They are referring to using their JS api i.e. code will be sent to the server.

Even if we manage to host our own server it won't be acceptable as goes against zero knowledge policy we follow.

pzduniak commented 9 years ago

https://code.google.com/p/google-caja/wiki/JsHtmlSanitizer 18 maj 2015 11:20 "let4be" notifications@github.com napisał(a):

as far as I was able to understood it's not completely client based software https://developers.google.com/caja/docs/gettingstarted/ They are referring to using their JS api i.e. code will be sent to the server.

Even if we manage to host our own server it won't be acceptable as goes against zero knowledge policy we follow.

— Reply to this email directly or view it on GitHub https://github.com/lavab/web/issues/709#issuecomment-102988516.

let4be commented 9 years ago

@pzduniak this seems to be an epic library, it works on all malformed html where angular.js sanitizer fails miserable :) nice