serv/mox
1
0
Fork 0
mirror of https://github.com/mjl-/mox.git synced 2025-01-28 23:35:56 +03:00
Code Issues Projects Releases Packages Wiki Activity Actions

webmail: add clear marker between message header and body, so if html message tries to fake ui elements, it'll be noticed (hopefully)

Browse source
This commit is contained in:
Mechiel Lukkien 2023-11-01 18:58:04 +01:00
parent ef50f4abf0
commit 725f030d3c
No known key found for this signature in database
2 changed files with 8 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
webmail/webmail.js
View file

@ -2865,7 +2865,10 @@ const newMsgView = (miv, msglistView, listMailboxes, possibleLabels, messageLoad
let urlType; // text, html, htmlexternal; for opening in new tab/print
let msgbuttonElem, msgheaderElem, msgattachmentElem, msgmodeElem;
let msgheaderdetailsElem = null; // When full headers are visible, or some headers are requested through settings.
const msgmetaElem = dom.div(style({ backgroundColor: '#f8f8f8', borderBottom: '1px solid #ccc', maxHeight: '90%', overflowY: 'auto' }), attr.role('region'), attr.arialabel('Buttons and headers for message'), msgbuttonElem = dom.div(), dom.div(attr.arialive('assertive'), msgheaderElem = dom.table(dom._class('msgheaders'), style({ marginBottom: '1ex', width: '100%' })), msgattachmentElem = dom.div(), msgmodeElem = dom.div()));
const msgmetaElem = dom.div(style({ backgroundColor: '#f8f8f8', borderBottom: '5px solid white', maxHeight: '90%', overflowY: 'auto' }), attr.role('region'), attr.arialabel('Buttons and headers for message'), msgbuttonElem = dom.div(), dom.div(attr.arialive('assertive'), msgheaderElem = dom.table(dom._class('msgheaders'), style({ marginBottom: '1ex', width: '100%' })), msgattachmentElem = dom.div(), msgmodeElem = dom.div()),
// Explicit gray line with white border below that separates headers from body, to
// prevent HTML messages from faking UI elements.
dom.div(style({ height: '2px', backgroundColor: '#ccc' })));
const msgscrollElem = dom.div(dom._class('pad', 'yscrollauto'), attr.role('region'), attr.arialabel('Message body'), style({ backgroundColor: 'white' }));
const msgcontentElem = dom.div(dom._class('scrollparent'), style({ flexGrow: '1' }));
const trashMailboxID = listMailboxes().find(mb => mb.Trash)?.ID;

5
webmail/webmail.ts
View file

@ -2364,7 +2364,7 @@ const newMsgView = (miv: MsgitemView, msglistView: MsglistView, listMailboxes: l
let msgheaderdetailsElem: HTMLElement | null = null // When full headers are visible, or some headers are requested through settings.
const msgmetaElem = dom.div(
style({backgroundColor: '#f8f8f8', borderBottom: '1px solid #ccc', maxHeight: '90%', overflowY: 'auto'}),
style({backgroundColor: '#f8f8f8', borderBottom: '5px solid white', maxHeight: '90%', overflowY: 'auto'}),
attr.role('region'), attr.arialabel('Buttons and headers for message'),
msgbuttonElem=dom.div(),
dom.div(
@ -2373,6 +2373,9 @@ const newMsgView = (miv: MsgitemView, msglistView: MsglistView, listMailboxes: l
msgattachmentElem=dom.div(),
msgmodeElem=dom.div(),
),
// Explicit gray line with white border below that separates headers from body, to
// prevent HTML messages from faking UI elements.
dom.div(style({height: '2px', backgroundColor: '#ccc'})),
)
const msgscrollElem = dom.div(dom._class('pad', 'yscrollauto'),