extern/egroupware_official
1
0
Fork 0
mirror of https://github.com/EGroupware/egroupware.git synced 2024-12-22 06:30:59 +01:00
Code Issues Packages Projects Releases Wiki Activity

Try to warn user about Mixed Content sometimes being used as external images in mail contents.

Browse Source
This commit is contained in:
Hadi Nategh 2020-06-25 16:34:40 +02:00
parent 8863f28e37
commit 5b1071e3d9
2 changed files with 32 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

31
mail/js/app.js
View File

@ -1152,12 +1152,22 @@ app.classes.mail = AppJS.extend(
var u = _rawUrl.split('[blocked external image:'); var u = _rawUrl.split('[blocked external image:');
u = u[1].replace(']',''); u = u[1].replace(']','');
var url = u; var url = u;
if (u.substr(0,7) == 'http://') u = u.replace ('http://',''); var protocol = '';
if (u.substr(0,8) == 'https://') u = u.replace ('https://',''); if (u.substr(0,7) == 'http://')
{
u = u.replace ('http://','');
protocol = 'http';
}
if (u.substr(0,8) == 'https://')
{
u = u.replace ('https://','');
protocol = 'https';
}
var url_parts = u.split('/'); var url_parts = u.split('/');
return { return {
url: url, url: url,
domain: url_parts[0] domain: url_parts[0],
protocol: protocol
}; };
}; };
@ -1193,9 +1203,20 @@ app.classes.mail = AppJS.extend(
showImages (external_images); showImages (external_images);
return; return;
} }
let message = 'In order to protect your privacy all external sources within this email are blocked.';
for(let i in external_images)
{
if (!external_images[i].alt) continue;
let r = getUrlParts(external_images[i].alt);
if (r && r.protocol == 'http')
{
message = 'There are Mixed Content within this message which are served under HTTP insecure protocol. Be aware Showing / Allowing them would compromise your security!!!';
container.addClass('red');
break;
}
}
jQuery(document.createElement('p')) jQuery(document.createElement('p'))
.text(this.egw.lang('In order to protect your privacy all external sources within this email are blocked.')) .text(this.egw.lang(message))
.appendTo(container); .appendTo(container);
jQuery(document.createElement('button')) jQuery(document.createElement('button'))
.addClass ('closeBtn') .addClass ('closeBtn')

7
mail/templates/default/preview.css
View File

@ -75,7 +75,12 @@ blockquote blockquote blockquote blockquote blockquote blockquote{
border-top: 1px solid rgb(143, 139, 139); border-top: 1px solid rgb(143, 139, 139);
box-shadow: rgb(143, 139, 139) 0px 1px 13px 2px; box-shadow: rgb(143, 139, 139) 0px 1px 13px 2px;
} }
.mail_externalImagesMsg.red {
background: rgba(204, 0, 51, 0.8) !important;
}
.mail_externalImagesMsg.red * {
color: white !important;
}
.mail_externalImagesMsg button { .mail_externalImagesMsg button {
float: right; float: right;
margin: 7px; margin: 7px;