[MU][Option 2] Email content not displayed due to sanitize html #4188
Conversation
|
This PR has been deployed to https://linagora.github.io/tmail-flutter/4188. |
dab246
force-pushed
the
mu-missing-email-content
branch
from
8880a57 to
6df4cd6
Compare
|
So we are considering switching to a whitekist strategy to a black list one? Sorry I do not buy it. I cannot trust us to know every possible unsafe html tag or attribute. What's wrong with option 1 Cc @Crash-- |
We will continue using the whitelist, which includes the originally allowed tags. However, for tags that are not on the whitelist, we will no longer remove their entire content or child nodes as in the previous logic. Instead, we will remove only the disallowed tag itself and continue sanitizing its inner elements.
That is obvious, but we always maintain a broader set of safe tags (based on HTML standards and Google’s recommendations). We also do not need to enforce overly strict constraints on this matter.
Option 1 is not incorrect, but its limitation is that whenever a new tag appears that is not included in the whitelist, it will be removed entirely (both the tag itself and all elements it contains). This affects how emails are rendered and makes maintenance more difficult and time-consuming. |
|
Thanks for the clarification |
|
See the document at linagora/dart-neats@c02d138#diff-608d87b363f587deb3bb659db286a66fc82b0ea1ead0d33e22a9ca9230b4ad44 to better understand this improvement. |
Descriptions
This is the second proposed solution to address the issue where email content fails to display after applying the HTML sanitization process. This solution focuses on strengthening the
sanitize_htmllibrary, ensuring that the sanitizer removes or ignores only unsafe tags and attributes without stripping valid email content.Dependency
Related
#4184