Updates email integration to use better options for sanitization

PagerTree · Oct 9, 2023 · 2522d6c · 2522d6c
1 parent 28b5c4b
commit 2522d6c
Show file tree

Hide file tree

Showing 4 changed files with 38 additions and 4 deletions.
diff --git a/app/models/pager_tree/integrations/email/v3.rb b/app/models/pager_tree/integrations/email/v3.rb
@@ -2,16 +2,22 @@ module PagerTree::Integrations
   class Email::V3 < Integration
     OPTIONS = [
       {key: :allow_spam, type: :boolean, default: false},
-      {key: :dedup_threads, type: :boolean, default: true}
+      {key: :dedup_threads, type: :boolean, default: true},
+      {key: :sanitize_level, type: :string, default: "relaxed"}
     ]
+
     store_accessor :options, *OPTIONS.map { |x| x[:key] }.map(&:to_s), prefix: "option"
 
+    SANITIZE_LEVELS = ["basic", "default", "relaxed", "relaxed_2", "restricted"]
+
     validates :option_allow_spam, inclusion: {in: [true, false]}
     validates :option_dedup_threads, inclusion: {in: [true, false]}
+    validates :option_sanitize_level, inclusion: {in: SANITIZE_LEVELS}
 
     after_initialize do
       self.option_allow_spam = false if option_allow_spam.nil?
       self.option_dedup_threads = true if option_dedup_threads.nil?
+      self.option_sanitize_level =  "relaxed" if option_sanitize_level.nil?
     end
 
     # SPECIAL: override integration endpoint
@@ -127,7 +133,7 @@ def _body
           end
         end
 
-        @_body = ::Sanitize.document(document, Sanitize::Config::RELAXED)
+        @_body = ::Sanitize.fragment(document, _sanitize_config)
       elsif _mail.multipart? && _mail.text_part
         @_body = _mail_body_part_to_utf8(_mail.text_part)
       else
@@ -137,6 +143,17 @@ def _body
       @_body
     end
 
+    def _sanitize_config
+      case option_sanitize_level
+      when "basic" then Sanitize::Config::BASIC
+      when "default" then Sanitize::Config::DEFAULT
+      when "relaxed" then Sanitize::Config::RELAXED
+      when "restricted" then Sanitize::Config::RESTRICTED
+      when "relaxed_2"
+        Sanitize::Config.merge(Sanitize::Config::RELAXED, :elements => Sanitize::Config::RELAXED[:elements].excluding("style"))
+      end
+    end
+
     # Encodings can cause lots of issues, so we try to convert to UTF-8
     # https://github.com/mikel/mail#encodings
     # https://stackoverflow.com/a/15818886/2903189

diff --git a/app/views/pager_tree/integrations/email/v3/_form_options.html.erb b/app/views/pager_tree/integrations/email/v3/_form_options.html.erb
@@ -1,11 +1,17 @@
- <div class="form-group group">
+<div class="form-group group">
   <%= form.check_box :option_allow_spam, class: "form-checkbox" %>
   <%= form.label :option_allow_spam %>
   <p class="form-hint md:inline-block"><%== t(".option_allow_spam_hint_html") %></p>
 </div>
 
- <div class="form-group group">
+<div class="form-group group">
   <%= form.check_box :option_dedup_threads, class: "form-checkbox" %>
   <%= form.label :option_dedup_threads %>
   <p class="form-hint"><%== t(".option_dedup_threads_hint_html") %></p>
 </div>
+
+<div class="form-group group">
+  <%= form.label :option_sanitize_level %>
+  <%= form.select :option_sanitize_level, PagerTree::Integrations::Email::V3::SANITIZE_LEVELS.map{|x| [x.humanize, x]}, {}, class:'form-control' %>
+  <p class="form-hint"><%== t(".option_sanitize_level_hint_html") %></p>
+</div>
diff --git a/app/views/pager_tree/integrations/email/v3/_show_options.html.erb b/app/views/pager_tree/integrations/email/v3/_show_options.html.erb
@@ -14,4 +14,13 @@
   <dd class="mt-1 text-sm text-gray-900">
     <%= render partial: "shared/components/badge_enabled", locals: { enabled: integration.option_dedup_threads } %>
   </dd>
+</div>
+
+<div class="sm:col-span-1">
+  <dt class="text-sm font-medium text-gray-500">
+    <%= t("activerecord.attributes.pager_tree/integrations/email/v3.option_sanitize_level") %>
+  </dt>
+  <dd class="mt-1 text-sm text-gray-900">
+    <%= integration.option_sanitize_level.humanize %>
+  </dd>
 </div>
diff --git a/config/locales/en.yml b/config/locales/en.yml
@@ -23,6 +23,7 @@ en:
           form_options:
             option_allow_spam_hint_html: "Allow emails marked as SPAM to create alerts"
             option_dedup_threads_hint_html: "Ignore emails from same thread (ex: Prevents new alerts for replys on emails (aka: RE:RE:RE...))"
+            option_sanitize_level_hint_html: "Email HTML Sanitization level. relaxed_2 can remove style tags from Microsoft Outlook. See <a href='https://github.com/rgrove/sanitize#configuration' target='_blank'>santize gem documentation</a> for details."
       form:
         v3:
           form_options:
@@ -114,6 +115,7 @@ en:
       "pager_tree/integrations/email/v3":
         option_allow_spam: "Allow Spam"
         option_dedup_threads: "Dedup Threads"
+        option_sanitize_level: "Sanitize Level"
       "pager_tree/integrations/form/v3":
         option_form_title: "Form Title"
         option_form_header: "Form Header"