You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@whimsical.apache.org by Sam Ruby <ru...@apache.org> on 2015/12/13 16:14:53 UTC

[whimsy.git] [18/37] Commit 048a8dc: body charset and sanitize fixes

Commit 048a8dcb0de7b61e1c702e551f20697e40a6df74:
    body charset and sanitize fixes


Branch: refs/heads/secmail
Author: Sam Ruby <ru...@intertwingly.net>
Committer: Sam Ruby <ru...@intertwingly.net>
Pusher: rubys <ru...@apache.org>

------------------------------------------------------------
Gemfile                                                      | + 
server.rb                                                    | + 
views/body.html.rb                                           | +++++++ --------
------------------------------------------------------------
32 changes: 16 additions, 16 deletions.
------------------------------------------------------------


diff --git a/Gemfile b/Gemfile
index 3de9ad9..1c7eef6 100644
--- a/Gemfile
+++ b/Gemfile
@@ -5,6 +5,7 @@ gem 'rake'
 gem 'zip'
 gem 'whimsy-asf'
 gem 'sinatra'
+gem 'sanitize'
 gem 'wunderbar', '~> 1.0.9'
 
 group :demo do
diff --git a/server.rb b/server.rb
index 025b1d5..0210c54 100644
--- a/server.rb
+++ b/server.rb
@@ -5,6 +5,7 @@
 require 'wunderbar/sinatra'
 require 'wunderbar/bootstrap'
 require 'ruby2js/filter/functions'
+require 'sanitize'
 
 require_relative 'mailbox'
 
diff --git a/views/body.html.rb b/views/body.html.rb
index 0549a4c..694f0b7 100644
--- a/views/body.html.rb
+++ b/views/body.html.rb
@@ -26,34 +26,32 @@
 
     _tr do
       _td 'Subject:'
-      _td @message.subject
+      _td @message.subject || '(empty)'
     end
   end
 
   _p
-  _hr
-  _p
 
   #
   # Try various ways to display the body
   #
-  success = false
-  if @message.html_part and @message.html_part.body.to_s.valid_encoding?
+  if @message.html_part
     _div do
-      begin
-        _{@message.html_part.body.to_s.encode('utf-8').untaint}
-        success = true
-      rescue
+      body = @message.html_part.body.to_s
+
+      if body.to_s.encoding == Encoding::BINARY and @message.html_part.charset
+        body.force_encoding(@message.html_part.charset)
       end
+
+      _{body.encode('utf-8', invalid: :replace, undef: :replace)}
     end
-  end
+  elsif @message.text_part.body
+    body = @message.text_part.body.to_s
 
-  if not success and @message.text_part.body
-    begin
-      _pre @message.text_part.body.to_s.encode('utf-8')
-    rescue
-      body = @message.text_part.body.to_s.force_encoding('windows-1252')
-      _pre body.encode('utf-8', invalid: :replace, undef: :replace)
+    if body.to_s.encoding == Encoding::BINARY and @message.text_part.charset
+      body.force_encoding(@message.text_part.charset)
     end
+
+    _pre body.encode('utf-8', invalid: :replace, undef: :replace)
   end
 end