Replace REMOTE_OBJECTS with an attribute on the body element

We need the information in the browser, because the remote-objects-message is now rendered independently from the message contents, and we need it for each message part.
11 months ago · f44a330e0d
4 changed files with 13 additions and 21 deletions
--- a/program/actions/mail/index.php
+++ b/program/actions/mail/index.php
@ -33,7 +33,6 @@ class rcmail_action_mail_index extends rcmail_action
    ];

    protected static $PRINT_MODE = false;
-    protected static $REMOTE_OBJECTS;
    protected static $SUSPICIOUS_EMAIL = false;
    protected static $wash_html_body_attrs = [];

@ -1004,7 +1003,14 @@ class rcmail_action_mail_index extends rcmail_action
        $html = rcube_charset::clean($html);

        $html = $washer->wash($html);
-        self::$REMOTE_OBJECTS = $washer->extlinks;
+        if ($washer->extlinks) {
+            // This is an ugly solution, but the least invasive I could think
+            // of. The problem is that the "washer" traverses the node tree
+            // from the top and produces a string containing HTML code - so
+            // after "washiing" we have only a big string, and before "washing"
+            // we don't yet know if any remote references are present.
+            $html = str_replace('<body ', '<body data-extlinks="true" ', $html);
+        }

        // There was no <body>, but a wrapper element is required
        if (!empty($p['inline_html']) && !empty(self::$wash_html_body_attrs)) {
--- a/program/actions/mail/show.php
+++ b/program/actions/mail/show.php
@ -705,14 +705,6 @@ class rcmail_action_mail_show extends rcmail_action_mail_index
                        $rcmail->output->set_env('is_pgp_content', '#' . $container_id);
                    }

-                    if ($part->mimetype === 'text/html') {
-                        // "Wash" the HTML part so we can determine if remote
-                        // objects are present as a side effect. At this point
-                        // we're not interested in the result.
-                        // TODO: can we get the information somehow cheaper?
-                        self::wash_html($body, ['inline_html' => false], $part->replaces);
-                    }
-
                    $out .= html::div(['class' => 'message-prefix'], $plugin['prefix']);
                    $out .= html::div(
                        [
@ -809,11 +801,6 @@ class rcmail_action_mail_show extends rcmail_action_mail_index
            }
        }

-        // tell client that there are blocked remote objects
-        if (self::$REMOTE_OBJECTS && !$safe_mode) {
-            $rcmail->output->set_env('blockedobjects', true);
-        }
-
        $rcmail->output->add_gui_object('messagebody', $attrib['id']);

        return html::div($attrib, $out);
--- a/program/js/app.js
+++ b/program/js/app.js
@ -368,11 +368,6 @@ function rcube_webmail() {
                        }, this.env.mail_read_time * 1000);
                    }

-                    if (this.env.blockedobjects) {
-                        $(this.gui_objects.remoteobjectsmsg).show();
-                        this.enable_command('load-remote', true);
-                    }
-
                    // make preview/message frame visible
                    if (this.env.action == 'preview' && this.is_framed()) {
                        this.enable_command('compose', 'add-contact', false);
@ -10691,6 +10686,11 @@ function rcube_webmail() {
                iframe.addEventListener('load', () => {
                    // Hide "Loading data" message.
                    $(iframe).siblings('.loading').hide();
+                    // Show remote objects notice
+                    if (iframe.contentDocument.body.dataset.extlinks === 'true') {
+                        $(this.gui_objects.remoteobjectsmsg).show();
+                        this.enable_command('load-remote', true);
+                    }
                    this.resize_preview_iframe(iframe);
                    resolve();
                });
--- a/tests/Actions/Mail/IndexTest.php
+++ b/tests/Actions/Mail/IndexTest.php
@ -346,7 +346,6 @@ class IndexTest extends ActionTestCase
        $this->assertMatchesRegularExpression('/Subscription form/', $html, 'Include <form> contents');
        $this->assertMatchesRegularExpression('/<!-- link ignored -->/', $html, 'No external links allowed');
        $this->assertMatchesRegularExpression('/<a[^>]+ target="_blank"/', $html, 'Set target to _blank');
-        // $this->assertTrue($GLOBALS['REMOTE_OBJECTS'], "Remote object detected");

        // render HTML in safe mode
        $params['safe'] = true;