Opened 12 months ago
Closed 8 months ago
#1488523 closed Bugs (fixed)
Support for HTML special character notations in message list/header display
| Reported by: | hh | Owned by: | |
|---|---|---|---|
| Priority: | 7 | Milestone: | 0.9-beta |
| Component: | User Interface | Version: | 0.8-rc |
| Severity: | minor | Keywords: | header subject literal |
| Cc: |
Description
It would be nice to have HTML special character notations shown verbatim in the Subject field of email. As of 0.8-rc, such notations, typically & and ©, are directly rendered by the browser. If you have © in the Subject field, for example, it appears as a copyright symbol (©) in the message list and header panes.
Note: With my setup, Q() in strict mode doesn't seem to work for this purpose, and I had no luck extending the underlying rep_specialchars_out() function - I'm now experimenting with something like:
*** program/include/main.inc.orig Sat May 19 01:06:54 2012
--- program/include/main.inc Fri Jun 8 20:29:23 2012
***************
*** 290,295 ****
--- 290,297 ----
*/
function Q($str, $mode='strict', $newlines=TRUE)
{
+ if ($mode == 'sanitize')
+ return htmlspecialchars($str);
return rep_specialchars_output($str, 'html', $mode, $newlines);
}
The following changes are against a7d5e3e8:
*** program/steps/mail/func.inc.orig Fri Jun 8 20:50:13 2012
--- program/steps/mail/func.inc Fri Jun 8 20:51:05 2012
***************
*** 264,270 ****
if (in_array($col, array('from', 'to', 'cc', 'replyto')))
$cont = Q(rcmail_address_string($header->$col, 3, false, null, $header->charset), 'show');
else if ($col=='subject') {
! $cont = trim(rcube_mime::decode_header($header->$col, $header->charset));
if (!$cont) $cont = rcube_label('nosubject');
$cont = Q($cont);
}
--- 264,270 ----
if (in_array($col, array('from', 'to', 'cc', 'replyto')))
$cont = Q(rcmail_address_string($header->$col, 3, false, null, $header->charset), 'show');
else if ($col=='subject') {
! $cont = Q(trim(rcube_mime::decode_header($header->$col, $header->charset)), 'sanitize');
if (!$cont) $cont = rcube_label('nosubject');
$cont = Q($cont);
}
***************
*** 947,953 ****
// single header value is requested
if (!empty($attrib['valueof']))
! return Q($plugin['output'][$attrib['valueof']]['value'], ($attrib['valueof'] == 'subject' ? 'strict' : 'show'));
// compose html table
$table = new html_table(array('cols' => 2));
--- 947,953 ----
// single header value is requested
if (!empty($attrib['valueof']))
! return Q($plugin['output'][$attrib['valueof']]['value'], ($attrib['valueof'] == 'subject' ? 'sanitize' : 'show'));
// compose html table
$table = new html_table(array('cols' => 2));
Change History (7)
comment:1 Changed 12 months ago by hh
comment:2 Changed 12 months ago by hh
SUPPLEMENTAL
If you reply to email with a Subject line like the one in the previous example (the one with <), the editable Subject form field returns raw HTML notations - i.e., you get < in place of <. (The Subject itself gets modified.) To prevent this, we also need something like:
*** program/steps/mail/compose.inc.orig Fri May 18 16:06:54 2012
--- program/steps/mail/compose.inc Sun Jun 10 11:38:31 2012
***************
*** 1259,1265 ****
}
$out = $form_start ? "$form_start\n" : '';
! $out .= $textfield->show($subject);
$out .= $form_end ? "\n$form_end" : '';
return $out;
--- 1259,1265 ----
}
$out = $form_start ? "$form_start\n" : '';
! $out .= $textfield->show(Q($subject, 'sanitize'));
$out .= $form_end ? "\n$form_end" : '';
return $out;
Note: sanitize is my wording. Probably it should have been normalize or something.
comment:3 Changed 10 months ago by alec
- Milestone changed from later to 0.8-stable
- Type changed from Feature Requests to Bugs
I think this is a bug that HTML entities in subject/headers are not "sanitized".
comment:4 Changed 10 months ago by thomasb
I guess our duplicate quotation check (in rep_specialchars_output()) is causing this issue. We should remove that and test whether there are situations where indeed HTML characters are quoted twice.
comment:5 Changed 9 months ago by alec
I've commented it and we have few issues now (mail subject in on reply, contact form inputs). Maybe this is one form-elements related issue. Need more testing.
comment:6 Changed 8 months ago by alec
I commited two changes to a new branch 'html_ent'. Works for me, but I'd like to test this change with some plugins.
comment:7 Changed 8 months ago by alec
- Resolution set to fixed
- Status changed from new to closed
Merged.
TO REPRODUCE
For example - let's say you have a Subject line like:
As of 0.8-rc, this will be shown as: