fix: Use Dompurify to strip style characters (#2632)

2021-07-15 12:54:31 +05:30 · 2021-07-15 12:54:31 +05:30 · aa7db90cd2
commit aa7db90cd2
parent d7982a6ffd
5 changed files with 34 additions and 27 deletions
--- a/app/javascript/dashboard/components/widgets/conversation/Message.vue
+++ b/app/javascript/dashboard/components/widgets/conversation/Message.vue
@ -91,7 +91,6 @@ import contentTypeMixin from 'shared/mixins/contentTypeMixin';
 import BubbleActions from './bubble/Actions';
 import { MESSAGE_TYPE, MESSAGE_STATUS } from 'shared/constants/messages';
 import { generateBotMessageContent } from './helpers/botMessageContentHelper';
-import { stripStyleCharacters } from './helpers/EmailContentParser';

 export default {
  components: {
@ -140,7 +139,7 @@ export default {

      if ((replyHTMLContent || fullHTMLContent) && this.isIncoming) {
        let contentToBeParsed = replyHTMLContent || fullHTMLContent || '';
-        const parsedContent = stripStyleCharacters(contentToBeParsed);
+        const parsedContent = this.stripStyleCharacters(contentToBeParsed);
        if (parsedContent) {
          return parsedContent;
        }
--- a/app/javascript/dashboard/components/widgets/conversation/helpers/EmailContentParser.js
+++ b/app/javascript/dashboard/components/widgets/conversation/helpers/EmailContentParser.js
@ -1,12 +0,0 @@
-export const stripStyleCharacters = emailContent => {
-  let contentToBeParsed = emailContent.replace(/<style(.|\s)*?<\/style>/g, '');
-  contentToBeParsed = contentToBeParsed.replace(/style="(.*?)"/g, '');
-  let parsedContent = new DOMParser().parseFromString(
-    contentToBeParsed,
-    'text/html'
-  );
-  if (!parsedContent.getElementsByTagName('parsererror').length) {
-    return parsedContent.body.innerHTML;
-  }
-  return '';
-};
--- a/app/javascript/dashboard/components/widgets/conversation/helpers/specs/EmailContentParser.spec.js
+++ b/app/javascript/dashboard/components/widgets/conversation/helpers/specs/EmailContentParser.spec.js
@ -1,13 +0,0 @@
-import { stripStyleCharacters } from '../EmailContentParser';
-
-describe('#stripStyleCharacters', () => {
-  it('remove style characters', () => {
-    expect(
-      stripStyleCharacters(
-        `<html><body><style type="text/css"> \n<!-- \nimg \n	{max-width:100%} \ndiv \n	{width:100%!important; \n	height:100%; \n	line-height:1.6em} \ndiv \n	{background-color:#f6f6f6} \n--> \n</style>\n<div itemscope="" itemtype="http://schema.org/EmailMessage" style="font-family:'Helvetica Neue',Helvetica,Arial,sans-serif; box-sizing:border-box; font-size:14px; width:100%!important; height:100%; line-height:1.6em; background-color:#f6f6f6; margin:0; background-color:#f6f6f6">Test Content</div>\n</body></html>`
-      )
-    ).toEqual(
-      '\n<div itemscope="" itemtype="http://schema.org/EmailMessage">Test Content</div>\n'
-    );
-  });
-});