Foundry376/Mailspring
1
1
Fork 0
mirror of https://github.com/Foundry376/Mailspring.git synced 2025-10-06 11:16:10 +08:00
Code Issues Projects Releases Packages Wiki Activity

Fix escaping of subject and participant names in the print modal

Browse source
This commit is contained in:
Ben Gotow 2024-01-01 11:49:18 -06:00
parent 8a0a82ea18
commit 1ebaa3d46c
1 changed files with 12 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

19
app/internal_packages/print/lib/print-window.ts
View file

@ -2,6 +2,7 @@ import path from 'path';
import fs from 'fs'; import fs from 'fs';
import { localized } from 'mailspring-exports'; import { localized } from 'mailspring-exports';
import { escapeHTML } from 'underscore.string';
const { app, BrowserWindow, dialog } = require('@electron/remote'); const { app, BrowserWindow, dialog } = require('@electron/remote');
@ -21,7 +22,9 @@ export default class PrintWindow {
const stylesPath = path.join(__dirname, '..', 'static', 'print-styles.css'); const stylesPath = path.join(__dirname, '..', 'static', 'print-styles.css');
const participantsHtml = participants const participantsHtml = participants
.map(part => { .map(part => {
return `<li class="participant"><span>${part.name || ''} &lt;${part.email}&gt;</span></li>`; return `<li class="participant"><span>
${escapeHTML(part.name || '')} &lt;${escapeHTML(part.email)}&gt;
</span></li>`;
}) })
.join(''); .join('');
@ -29,7 +32,7 @@ export default class PrintWindow {
<!DOCTYPE html> <!DOCTYPE html>
<html> <html>
<head> <head>
<meta http-equiv="Content-Security-Policy" content="default-src * mailspring:; script-src 'self' chrome-extension://react-developer-tools; style-src * 'unsafe-inline' mailspring:; img-src * data: mailspring: file:; object-src none; media-src none; manifest-src none;"> <meta http-equiv="Content-Security-Policy" content="default-src * mailspring:; frame-src 'none'; script-src 'self' chrome-extension://react-developer-tools; style-src * 'unsafe-inline' mailspring:; img-src * data: mailspring: file:; object-src none; media-src none; manifest-src none;">
<meta charset="utf-8"> <meta charset="utf-8">
${styleTags} ${styleTags}
<link rel="stylesheet" type="text/css" href="${stylesPath}"> <link rel="stylesheet" type="text/css" href="${stylesPath}">
@ -42,21 +45,23 @@ export default class PrintWindow {
</div> </div>
<div style="padding: 10px 14px;"> <div style="padding: 10px 14px;">
<div id="close-button"> <div id="close-button">
${localized('Close')} ${escapeHTML(localized('Close'))}
</div> </div>
<div id="print-button"> <div id="print-button">
${localized('Print')} ${escapeHTML(localized('Print'))}
</div> </div>
<div id="print-pdf-button"> <div id="print-pdf-button">
${localized('Save as PDF')} ${escapeHTML(localized('Save as PDF'))}
</div> </div>
<div class="logo-wrapper"> <div class="logo-wrapper">
<span class="account">${account.name} &lt;${account.email}&gt;</span> <span class="account">${escapeHTML(account.name)} &lt;${escapeHTML(
account.email
)}&gt;</span>
</div> </div>
</div> </div>
</div> </div>
<div id="print-header-spacing"></div> <div id="print-header-spacing"></div>
<h1 class="print-subject">${subject}</h1> <h1 class="print-subject">${escapeHTML(subject)}</h1>
<div class="print-participants"> <div class="print-participants">
<ul> <ul>
${participantsHtml} ${participantsHtml}