Skip to content

Comments

Fix/email printing#1529

Merged
MrgSub merged 7 commits intoMail-0:stagingfrom
omraval18:fix/email-printing
Jul 4, 2025
Merged

Fix/email printing#1529
MrgSub merged 7 commits intoMail-0:stagingfrom
omraval18:fix/email-printing

Conversation

@omraval18
Copy link
Contributor

@omraval18 omraval18 commented Jun 28, 2025

Description

After Fix:
Screenshot 2025-06-28 at 7 59 16 PM


Type of Change

Please delete options that are not relevant.

  • 🐛 Bug fix (non-breaking change which fixes an issue)
  • ✨ New feature (non-breaking change which adds functionality)
  • 💥 Breaking change (fix or feature with breaking changes)
  • 📝 Documentation update
  • 🎨 UI/UX improvement
  • 🔒 Security enhancement
  • ⚡ Performance improvement

Areas Affected

Please check all that apply:

  • Email Integration (Gmail, IMAP, etc.)
  • User Interface/Experience
  • Authentication/Authorization
  • Data Storage/Management
  • API Endpoints
  • Documentation
  • Testing Infrastructure
  • Development Workflow
  • Deployment/Infrastructure

Testing Done

Describe the tests you've done:

  • Unit tests added/updated
  • Integration tests added/updated
  • Manual testing performed
  • Cross-browser testing (if UI changes)
  • Mobile responsiveness verified (if UI changes)

Security Considerations

For changes involving data or authentication:

  • No sensitive data is exposed
  • Authentication checks are in place
  • Input validation is implemented
  • Rate limiting is considered (if applicable)

Checklist

  • I have read the CONTRIBUTING document
  • My code follows the project's style guidelines
  • x ] I have performed a self-review of my code
  • I have commented my code, particularly in complex areas
  • I have updated the documentation
  • My changes generate no new warnings
  • I have added tests that prove my fix/feature works
  • All tests pass locally
  • Any dependent changes are merged and published

Additional Notes

Add any other context about the pull request here.

Screenshots/Recordings

Add screenshots or recordings here if applicable.


By submitting this pull request, I confirm that my contribution is made under the terms of the project's license.

Summary by CodeRabbit

  • New Features

    • Improved email content rendering in print view by introducing enhanced HTML sanitization, allowing safe HTML formatting in printed emails.
  • Bug Fixes

    • Enhanced protection against unsafe content in printed emails by sanitizing HTML, reducing the risk of displaying malicious code.

@coderabbitai
Copy link
Contributor

coderabbitai bot commented Jun 28, 2025

Walkthrough

The changes replace the use of a custom escapeHtml function with a new cleanHtml function, imported from a utility module, for sanitizing email body content before rendering it in print views. The cleanHtml function is newly implemented and uses DOMPurify if available, or a fallback sanitizer otherwise.

Changes

File(s) Change Summary
apps/mail/components/mail/mail-display.tsx Added import of cleanHtml function from email utilities; no usage change yet.
apps/mail/components/mail/thread-display.tsx Replaced escapeHtml with cleanHtml for email body sanitization in print preview.
apps/mail/lib/email-utils.ts Added new exported cleanHtml function using DOMPurify or a fallback for HTML sanitization.

Sequence Diagram(s)

sequenceDiagram
    participant User
    participant MailComponent
    participant EmailUtils

    User->>MailComponent: Initiate Print Email/Thread
    MailComponent->>EmailUtils: cleanHtml(decodedBody)
    EmailUtils-->>MailComponent: Sanitized HTML
    MailComponent->>User: Render sanitized HTML in print preview
Loading

Assessment against linked issues

Objective Addressed Explanation
Render email HTML visually in print instead of raw HTML string (#1528)
Sanitize email body to prevent XSS when rendering in print (#1528)

Assessment against linked issues: Out-of-scope changes

No out-of-scope changes detected.

Suggested reviewers

  • ahmetskilinc

Poem

In the warren where emails hop and play,
A new cleanHtml keeps the bugs away.
No more raw tags in the print parade,
Just safe, sweet letters—no XSS to invade!
With DOMPurify’s gentle sweep,
Our bunnies print and sleep.
🐇✨


📜 Recent review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 7ba8263 and 3fa4aa5.

📒 Files selected for processing (3)
  • apps/mail/components/mail/mail-display.tsx (1 hunks)
  • apps/mail/components/mail/thread-display.tsx (2 hunks)
  • apps/mail/lib/email-utils.ts (2 hunks)
🚧 Files skipped from review as they are similar to previous changes (3)
  • apps/mail/components/mail/mail-display.tsx
  • apps/mail/components/mail/thread-display.tsx
  • apps/mail/lib/email-utils.ts
⏰ Context from checks skipped due to timeout of 90000ms (1)
  • GitHub Check: Cursor BugBot
✨ Finishing Touches
  • 📝 Generate Docstrings

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share
🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

  • Review comments: Directly reply to a review comment made by CodeRabbit. Example:
    • I pushed a fix in commit <commit_id>, please review it.
    • Explain this complex logic.
    • Open a follow-up GitHub issue for this discussion.
  • Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
    • @coderabbitai explain this code block.
    • @coderabbitai modularize this function.
  • PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
    • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
    • @coderabbitai read src/utils.ts and explain its main purpose.
    • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
    • @coderabbitai help me debug CodeRabbit configuration file.

Support

Need help? Create a ticket on our support page for assistance with any issues or questions.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

  • @coderabbitai pause to pause the reviews on a PR.
  • @coderabbitai resume to resume the paused reviews.
  • @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
  • @coderabbitai full review to do a full review from scratch and review all the files again.
  • @coderabbitai summary to regenerate the summary of the PR.
  • @coderabbitai generate docstrings to generate docstrings for this PR.
  • @coderabbitai generate sequence diagram to generate a sequence diagram of the changes in this PR.
  • @coderabbitai resolve resolve all the CodeRabbit review comments.
  • @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
  • @coderabbitai help to get help.

Other keywords and placeholders

  • Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
  • Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
  • Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

  • You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
  • Please see the configuration documentation for more information.
  • If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

  • Visit our Documentation for detailed information on how to use CodeRabbit.
  • Join our Discord Community to get help, request features, and share feedback.
  • Follow us on X/Twitter for updates and announcements.

Copy link
Contributor

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 1

🧹 Nitpick comments (2)
apps/mail/components/mail/thread-display.tsx (1)

614-614: Remove redundant fallback content.

The cleanHtml function already provides a fallback for empty content, making the explicit fallback parameter unnecessary.

Apply this diff to simplify the code:

-                  ${cleanHtml(message.decodedBody ?? '<p><em>No email content available</em></p>')}
+                  ${cleanHtml(message.decodedBody)}

This change eliminates redundancy since cleanHtml handles falsy input internally.

apps/mail/components/mail/mail-display.tsx (1)

1213-1213: Remove redundant fallback content.

Same issue as in thread-display.tsx - the cleanHtml function already handles empty content internally.

Apply this diff to simplify the code:

-                ${cleanHtml(emailData.decodedBody ?? '<p><em>No email content available</em></p>' ) }
+                ${cleanHtml(emailData.decodedBody)}

This eliminates the redundant fallback parameter since cleanHtml provides its own fallback for falsy values.

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 59c18be and 3e80e55.

📒 Files selected for processing (3)
  • apps/mail/components/mail/mail-display.tsx (2 hunks)
  • apps/mail/components/mail/thread-display.tsx (2 hunks)
  • apps/mail/lib/email-utils.ts (2 hunks)
🧰 Additional context used
🧠 Learnings (3)
apps/mail/components/mail/mail-display.tsx (2)
Learnt from: snehendu098
PR: Mail-0/Zero#1323
File: apps/mail/lib/themes/theme-utils.ts:318-318
Timestamp: 2025-06-24T06:22:58.753Z
Learning: In the Mail-0/Zero theme system (apps/mail/lib/themes/theme-utils.ts), when color themes are being applied, all color values come in HSL format, so there's no need for additional format validation when converting colors with hslToHex().
Learnt from: retrogtx
PR: Mail-0/Zero#1328
File: apps/mail/lib/hotkeys/mail-list-hotkeys.tsx:202-209
Timestamp: 2025-06-18T17:26:50.918Z
Learning: In apps/mail/lib/hotkeys/mail-list-hotkeys.tsx, the switchCategoryByIndex function using hardcoded indices for category hotkeys does not break when users reorder categories, contrary to the theoretical index-shifting issue. The actual implementation has constraints or mechanisms that prevent hotkey targeting issues.
apps/mail/components/mail/thread-display.tsx (3)
Learnt from: retrogtx
PR: Mail-0/Zero#1328
File: apps/mail/lib/hotkeys/mail-list-hotkeys.tsx:202-209
Timestamp: 2025-06-18T17:26:50.918Z
Learning: In apps/mail/lib/hotkeys/mail-list-hotkeys.tsx, the switchCategoryByIndex function using hardcoded indices for category hotkeys does not break when users reorder categories, contrary to the theoretical index-shifting issue. The actual implementation has constraints or mechanisms that prevent hotkey targeting issues.
Learnt from: snehendu098
PR: Mail-0/Zero#1323
File: apps/mail/lib/themes/theme-utils.ts:318-318
Timestamp: 2025-06-24T06:22:58.753Z
Learning: In the Mail-0/Zero theme system (apps/mail/lib/themes/theme-utils.ts), when color themes are being applied, all color values come in HSL format, so there's no need for additional format validation when converting colors with hslToHex().
Learnt from: danteissaias
PR: Mail-0/Zero#618
File: apps/mail/components/mail/mail-iframe.tsx:12-12
Timestamp: 2025-04-07T20:46:11.697Z
Learning: In the Mail-0/Zero application, sender emails are guaranteed to be non-empty when passed to components that handle them, making additional empty string validation unnecessary.
apps/mail/lib/email-utils.ts (1)
Learnt from: snehendu098
PR: Mail-0/Zero#1323
File: apps/mail/lib/themes/theme-utils.ts:318-318
Timestamp: 2025-06-24T06:22:58.753Z
Learning: In the Mail-0/Zero theme system (apps/mail/lib/themes/theme-utils.ts), when color themes are being applied, all color values come in HSL format, so there's no need for additional format validation when converting colors with hslToHex().
🧬 Code Graph Analysis (2)
apps/mail/components/mail/mail-display.tsx (1)
apps/mail/lib/email-utils.ts (1)
  • cleanHtml (209-222)
apps/mail/components/mail/thread-display.tsx (1)
apps/mail/lib/email-utils.ts (1)
  • cleanHtml (209-222)
🔇 Additional comments (3)
apps/mail/lib/email-utils.ts (1)

3-3: LGTM: DOMPurify import added for HTML sanitization.

The import is correctly positioned and will be used by the new cleanHtml function for XSS protection.

apps/mail/components/mail/thread-display.tsx (1)

41-41: LGTM: cleanHtml import added correctly.

The import is properly positioned and will be used for sanitizing email content in the print functionality.

apps/mail/components/mail/mail-display.tsx (1)

59-59: LGTM: cleanHtml import added correctly.

The import is properly positioned and aligns with the thread-display implementation for consistency.

Copy link
Contributor

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 1

🧹 Nitpick comments (2)
apps/mail/lib/email-utils.ts (2)

3-3: Add type declaration for DOMPurify import.

The DOMPurify import lacks proper TypeScript typing, which could lead to type safety issues.

Apply this diff to improve type safety:

-import DOMPurify from 'dompurify';
+import DOMPurify from 'dompurify';
+import type { DOMPurifyI } from 'dompurify';

Or consider using a more explicit import pattern:

-import DOMPurify from 'dompurify';
+import * as DOMPurify from 'dompurify';

232-240: Enhance dangerous attribute detection.

The current attribute sanitization logic could be more comprehensive and should include additional dangerous patterns.

Consider applying this diff to improve attribute sanitization:

         if (
           attrName.startsWith('on') ||
+          attrName === 'href' && (attrValue.includes('javascript:') || attrValue.includes('vbscript:')) ||
+          attrName === 'src' && (attrValue.includes('javascript:') || attrValue.includes('vbscript:')) ||
+          attrName === 'formaction' ||
+          attrName === 'xlink:href' ||
           attrValue.includes('javascript:') ||
           attrValue.includes('data:') ||
-          attrValue.includes('vbscript:')
+          attrValue.includes('vbscript:') ||
+          attrValue.includes('livescript:') ||
+          attrValue.includes('mocha:')
         ) {
           el.removeAttribute(attr.name);
         }
📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 3e80e55 and 69bbca9.

📒 Files selected for processing (1)
  • apps/mail/lib/email-utils.ts (2 hunks)
🧰 Additional context used
🧠 Learnings (1)
apps/mail/lib/email-utils.ts (1)
Learnt from: snehendu098
PR: Mail-0/Zero#1323
File: apps/mail/lib/themes/theme-utils.ts:318-318
Timestamp: 2025-06-24T06:22:58.753Z
Learning: In the Mail-0/Zero theme system (apps/mail/lib/themes/theme-utils.ts), when color themes are being applied, all color values come in HSL format, so there's no need for additional format validation when converting colors with hslToHex().

@omraval18
Copy link
Contributor Author

@MrgSub @ahmetskilinc @nizzyabi anyone who can review this ?

@MrgSub
Copy link
Collaborator

MrgSub commented Jun 30, 2025

Please address comments

cursor[bot]

This comment was marked as outdated.

@omraval18
Copy link
Contributor Author

@MrgSub have made changes as per bots

@omraval18
Copy link
Contributor Author

@MrgSub can you checkout this as well ?

@MrgSub MrgSub merged commit 3263d88 into Mail-0:staging Jul 4, 2025
5 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

Email Printing prints raw HTML string instead of Rendering it

2 participants