Open pabzm opened 2 months ago
I think it's harder than you think, not mentioning it's a big BC break. Performance wise also might be not great.
I know it's ambitious, but it would solve or help so many issues. No scripting issues from HTML messages anymore! Way less room for redressing attacks! :)
I've come around to reduce the attempt to one-iframe-per-part, without loading-data-as-json, which is in branch https://github.com/pabzm/roundcubemail/tree/message-render-iframe and contains even less changes.
Performance wise also might be not great.
Why do you think so? Because more HTTP requests are necessary? I'd still consider the security advantage a win over that.
@alecpl Which things would you expect to be the biggest problems? I made the iframed rendering work with HTML-emails, that contain remote objects, and with signed/encrypted emails, too. In both cases the necessary hints and buttons are displayed and are working, even though they are not rendered inside the iframe.
I'd like to change how Roundcube renders messages: Let's fetch message- and mime-part-headers as JSON, render their details from Javascript, and insert an iframe for each message part that is to be shown, which then fetches its rendered contents individually.
This would:
I know this sounds like a big change, but I built a simple proof-of-concept that doesn't even muddle up too much existing code, so I think it's doable (if you're curious: https://github.com/pabzm/roundcubemail/tree/message-render-json-iframe). It's still probably much work due to a lot of edge cases with "interesting" messages, but I'd like to tackle it.
Of course the edge case handling currently implemented in
show.php
would need to be moved, but that'd be good for testing anyway.This is an itch that bugs me since quite a while, and I think it would be a huge step forward.
@roundcube/webmail-developers What do you think?