Sutty/trabajo-afectivo
5
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

Fixed issue#4039: Usage of pre + code HTML tags is broken and content is swallowed.

Browse source 
(cherry picked from commit 278f55addfe755443bb63614ce4d0ca3300ba9e5)
This commit is contained in:
Martin Gruner 2022-04-09 12:37:19 +02:00
parent 4ec64cf850
commit 07dd0e8c5a
6 changed files with 381 additions and 9 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

11
lib/html_sanitizer.rb
View file

@ -159,14 +159,17 @@ sanitize html string based on whiltelist
scrubber_link = Loofah::Scrubber.new do |node|
# wrap plain-text URLs in <a> tags
if node.is_a?(Nokogiri::XML::Text) && node.content.present? && node.content.include?(':') && node.ancestors.map(&:name).exclude?('a')
urls = URI.extract(node.content, LINKABLE_URL_SCHEMES)
if node.is_a?(Nokogiri::XML::Text) && node.content.present? && node.content.include?(':')
node_ancestor_names = node.ancestors.map(&:name)
if node_ancestor_names.exclude?('a') && node_ancestor_names.exclude?('pre')
urls = URI.extract(node.content, LINKABLE_URL_SCHEMES)
.map { |u| u.sub(%r{[,.]$}, '') } # URI::extract captures trailing dots/commas
.grep_v(%r{^[^:]+:$}) # URI::extract will match, e.g., 'tel:'
next if urls.blank?
next if urls.blank?
add_link(node.content, urls, node)
add_link(node.content, urls, node)
end
end
# prepare links

13
spec/lib/html_sanitizer_spec.rb
View file

@ -138,6 +138,19 @@ RSpec.describe HtmlSanitizer do
end
end
end
context 'correctly processing of pre elements' do
let(:html) do
'<pre><code>apt-get update
Get:1 http://security.ubuntu.com/ubuntu focal-security InRelease [114 kB]
Hit:2 http://de.archive.ubuntu.com/ubuntu focal InRelease
Building dependency tree...</code></pre>'
end
it 'does not convert links' do
expect(body).to eq(html)
end
end
end
describe '.dynamic_image_size' do

40
test/data/mail/mail007.yml
View file

@ -2,8 +2,8 @@
from: Eike.Ehringer@example.com
from_email: Eike.Ehringer@example.com
from_display_name: ''
to: Martin Edenhofer via Znuny Team <support@example.com>
subject: AW:Installation [Ticket#11392]
content_type: text/html
body: "Hallo.<br>Jetzt muss ich dir noch kurzfristig absagen für morgen.<br>Lass uns
evtl morgen Tel.<br><br>Mfg eike <br><br><div>\n<div>Martin Edenhofer via Znuny
Team --- Installation [Ticket#11392] ---</div><div>\n<br><table border=\"0\" cellspacing=\"0\"
@ -11,12 +11,42 @@ body: "Hallo.<br>Jetzt muss ich dir noch kurzfristig absagen für morgen.<br>Las
&lt;support@example.com&gt;</td>\n</tr>\n<tr>\n<td>An</td>\n<td>eike.xx@xx-corpxx.com</td>\n</tr>\n<tr>\n<td>Datum:</td>\n<td>Mi.,
13.06.2012 14:30</td>\n</tr>\n<tr>\n<td>Betreff</td>\n<td>Installation [Ticket#11392]</td>\n</tr>\n</table>\n<hr>\n<br><pre>Hi
Eike,\n\nanbei wie gestern telefonisch besprochen Informationen zur Vorbereitung.\n\na)
Installation von <a href=\"http://ftp.gwdg.de/pub/misc/zammad/RPMS/fedora/4/zammad-3.0.13-01.noarch.rpm\"
rel=\"nofollow noreferrer noopener\" target=\"_blank\">http://ftp.gwdg.de/pub/misc/zammad/RPMS/fedora/4/zammad-3.0.13-01.noarch.rpm</a>
Installation von http://ftp.gwdg.de/pub/misc/zammad/RPMS/fedora/4/zammad-3.0.13-01.noarch.rpm
(dieses RPM ist RHEL kompatible) und dessen Abhängigkeiten.\n\nb) Installation von
\"mysqld\" und \"perl-DBD-MySQL\".\n\nDas wäre es zur Vorbereitung!\n\nBei Fragen
nur zu!\n\n -Martin\n\n--\nMartin Edenhofer\n\nZnuny GmbH // Marienstraße 11 //
10117 Berlin // Germany\n\nP: +49 (0) 30 60 98 54 18-0\nF: +49 (0) 30 60 98 54 18-8\nW:
<a href=\"http://example.com\" rel=\"nofollow noreferrer noopener\" target=\"_blank\">http://example.com</a>
\n\nLocation: Berlin - HRB 139852 B Amtsgericht Berlin-Charlottenburg\nManaging
http://example.com \n\nLocation: Berlin - HRB 139852 B Amtsgericht Berlin-Charlottenburg\nManaging
Director: Martin Edenhofer\n\n</pre>\n</div></div>"
content_type: text/html
attachments:
- !ruby/hash:ActiveSupport::HashWithIndifferentAccess
data: "<FONT face=\"arial\">Hallo.<br>Jetzt muss ich dir noch kurzfristig absagen
für morgen.<br>Lass uns evtl morgen Tel.<br><br>Mfg eike </FONT><br><br><div class=\"domino-section\"><div
class=\"domino-section-head\"><span class=\"domino-section-title\"><font color=\"#424282\">Martin
Edenhofer via Znuny Team --- Installation [Ticket#11392] --- </font></span></div><div
class=\"domino-section-body\"><br><table width=\"100%\" border=\"0\" cellspacing=\"0\"
cellpadding=\"0\"><tr valign=\"top\"><td width=\"1%\" style=\"width: 96px;\"><font
size=\"2\" color=\"#5F5F5F\">Von:</font></td><td width=\"100%\" style=\"width:
auto;\"><font size=\"2\">&quot;Martin Edenhofer via Znuny Team&quot; &lt;support@example.com&gt;</font></td></tr><tr
valign=\"top\"><td width=\"1%\" style=\"width: 96px;\"><font size=\"2\" color=\"#5F5F5F\">An</font></td><td
width=\"100%\" style=\"width: auto;\"><font size=\"2\">eike.xx@xx-corpxx.com</font></td></tr><tr
valign=\"top\"><td width=\"1%\" style=\"width: 96px;\"><font size=\"2\" color=\"#5F5F5F\">Datum:</font></td><td
width=\"100%\" style=\"width: auto;\"><font size=\"2\">Mi., 13.06.2012 14:30</font></td></tr><tr
valign=\"top\"><td width=\"1%\" style=\"width: 96px;\"><font size=\"2\" color=\"#5F5F5F\">Betreff</font></td><td
width=\"100%\" style=\"width: auto;\"><font size=\"2\">Installation [Ticket#11392]</font></td></tr></table><hr
width=\"100%\" size=\"2\" align=\"left\" noshade style=\"color:#8091A5; \"><br><pre>Hi
Eike,\n\nanbei wie gestern telefonisch besprochen Informationen zur Vorbereitung.\n\na)
Installation von http://ftp.gwdg.de/pub/misc/zammad/RPMS/fedora/4/zammad-3.0.13-01.noarch.rpm
(dieses RPM ist RHEL kompatible) und dessen Abhängigkeiten.\n\nb) Installation
von &quot;mysqld&quot; und &quot;perl-DBD-MySQL&quot;.\n\nDas wäre es zur Vorbereitung!\n\nBei
Fragen nur zu!\n\n -Martin\n\n--\nMartin Edenhofer\n\nZnuny GmbH // Marienstraße
11 // 10117 Berlin // Germany\n\nP: +49 (0) 30 60 98 54 18-0\nF: +49 (0) 30 60
98 54 18-8\nW: http://example.com \n\nLocation: Berlin - HRB 139852 B Amtsgericht
Berlin-Charlottenburg\nManaging Director: Martin Edenhofer\n\n</pre>"
filename: message.html
preferences: !ruby/hash:ActiveSupport::HashWithIndifferentAccess
content-alternative: true
original-format: true
Mime-Type: text/html
Charset: UTF-8

204
test/data/mail/mail106.box Normal file
View file

@ -0,0 +1,204 @@
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="=_e2d4c04609c2d7bd8a014063cc6120fa"
Date: Tue, 29 Mar 2022 22:44:52 +0200
From: Community Verify <community-verify@zammad-hosting.com>
To: jdoe@exmaple.com
Subject: Test
User-Agent: Roundcube Webmail (THA)
Message-ID: <98a70575b3edfb20d543d57c7bcb982d@zammad-hosting.com>
X-Sender: community-verify@zammad-hosting.com
Organization: Zammad GmbH
--=_e2d4c04609c2d7bd8a014063cc6120fa
Content-Transfer-Encoding: 8bit
Content-Type: text/plain; charset=UTF-8;
format=flowed
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod
tempor incididunt ut labore et dolore magna aliqua. Integer malesuada
nunc vel risus commodo viverra. In aliquam sem fringilla ut. Enim sed
faucibus turpis in eu mi bibendum neque egestas. Quis auctor elit sed
vulputate mi sit amet mauris. Duis tristique sollicitudin nibh sit amet
commodo nulla facilisi nullam. Egestas sed sed risus pretium quam.
Maecenas sed enim ut sem. Id leo in vitae turpis massa sed elementum
tempus. Tincidunt lobortis feugiat vivamus at. Commodo odio aenean sed
adipiscing. Massa id neque aliquam vestibulum morbi blandit. Mauris
cursus mattis molestie a. Morbi non arcu risus quis varius quam quisque
id. Volutpat consequat mauris nunc congue nisi vitae suscipit. Aliquet
eget sit amet tellus cras adipiscing enim.
Viverra suspendisse potenti nullam ac tortor vitae. Et pharetra pharetra
massa massa. Amet nisl suscipit adipiscing bibendum est ultricies
integer quis auctor. Vestibulum morbi blandit cursus risus at ultrices.
Malesuada nunc vel risus commodo viverra maecenas. Dictum at tempor
commodo ullamcorper. Purus gravida quis blandit turpis cursus in hac
habitasse platea. Felis bibendum ut tristique et egestas. Augue lacus
viverra vitae congue eu consequat ac felis. Nunc eget lorem dolor sed
viverra ipsum nunc aliquet. Ullamcorper velit sed ullamcorper morbi
tincidunt ornare massa eget. Est ultricies integer quis auctor elit sed.
apt-get update
Get:1 http://security.ubuntu.com/ubuntu focal-security InRelease [114
kB]
Hit:2 http://de.archive.ubuntu.com/ubuntu focal InRelease
Hit:3 http://de.archive.ubuntu.com/ubuntu focal-updates InRelease
Get:4 http://10.10.21.205:3207/dprepo/ubuntu experimental/20.04_x86_64/
InRelease [3820 B]
Hit:5 http://de.archive.ubuntu.com/ubuntu focal-backports InRelease
Get:6 http://10.10.21.205:3207/dprepo/ubuntu 20.04_x86_64/ InRelease
[3781 B]
Get:7 http://10.10.21.205:3207/dprepo/ubuntu experimental/20.04_x86_64/
Sources [2710 B]
Get:8 http://10.10.21.205:3207/dprepo/ubuntu experimental/20.04_x86_64/
Packages [6507 B]
Get:9 http://10.10.21.205:3207/dprepo/ubuntu 20.04_x86_64/ Sources [9066
B]
Get:10 http://10.10.21.205:3207/dprepo/ubuntu 20.04_x86_64/ Packages
[23.8 kB]
Get:11 http://security.ubuntu.com/ubuntu focal-security/main amd64
DEP-11 Metadata [40.6 kB]
Get:12 http://security.ubuntu.com/ubuntu focal-security/universe amd64
DEP-11 Metadata [66.3 kB]
Get:13 http://security.ubuntu.com/ubuntu focal-security/multiverse amd64
DEP-11 Metadata [2464 B]
Fetched 273 kB in 1s (288 kB/s)
Reading package lists...
Batterie-Status prüfen
Reading package lists...
Building dependency tree...
Semper eget duis at tellus at urna. Enim diam vulputate ut pharetra sit
amet aliquam id diam. Sollicitudin tempor id eu nisl nunc. Amet justo
donec enim diam vulputate ut pharetra sit. Massa tempor nec feugiat nisl
pretium fusce id velit ut. Semper feugiat nibh sed pulvinar proin
gravida hendrerit lectus. Convallis posuere morbi leo urna molestie at
elementum eu. Blandit aliquam etiam erat velit scelerisque in. Nisl
tincidunt eget nullam non nisi est sit amet facilisis. In hendrerit
gravida rutrum quisque non tellus orci. Et leo duis ut diam quam. Quis
hendrerit dolor magna eget. Magna eget est lorem ipsum. Sit amet
volutpat consequat mauris nunc congue nisi vitae. Diam maecenas
ultricies mi eget. Enim tortor at auctor urna.
Nam at lectus urna duis convallis convallis tellus id interdum. Id
aliquet lectus proin nibh nisl condimentum id. Vel elit scelerisque
mauris pellentesque pulvinar pellentesque habitant. Vitae tortor
condimentum lacinia quis vel eros. Dolor morbi non arcu risus quis
varius. Nec nam aliquam sem et tortor consequat. Sagittis orci a
scelerisque purus. Ultricies mi eget mauris pharetra et. Ut aliquam
purus sit amet luctus venenatis lectus magna. Lectus vestibulum mattis
ullamcorper velit sed ullamcorper morbi. Eu consequat ac felis donec et.
Imperdiet dui accumsan sit amet nulla facilisi morbi tempus. Non odio
euismod lacinia at quis risus. Est ullamcorper eget nulla facilisi etiam
dignissim diam. Lectus sit amet est placerat. Lectus magna fringilla
urna porttitor rhoncus dolor purus. Nec feugiat in fermentum posuere
urna nec tincidunt praesent. Egestas quis ipsum suspendisse ultrices
gravida dictum fusce. Volutpat sed cras ornare arcu dui vivamus.
Quam viverra orci sagittis eu volutpat odio. Egestas sed tempus urna et
pharetra pharetra massa massa ultricies. Sagittis nisl rhoncus mattis
rhoncus urna neque viverra. Gravida dictum fusce ut placerat orci nulla
pellentesque dignissim. Feugiat nibh sed pulvinar proin gravida
hendrerit lectus. Molestie ac feugiat sed lectus vestibulum mattis. Sit
amet purus gravida quis blandit. Massa vitae tortor condimentum lacinia.
Ultricies lacus sed turpis tincidunt id aliquet. Rhoncus urna neque
viverra justo nec ultrices. Vulputate odio ut enim blandit volutpat
maecenas volutpat. Lorem sed risus ultricies tristique.
--
My amazing company
--=_e2d4c04609c2d7bd8a014063cc6120fa
Content-Transfer-Encoding: quoted-printable
Content-Type: text/html; charset=UTF-8
<html><head><meta http-equiv=3D"Content-Type" content=3D"text/html; charset=
=3DUTF-8" /></head><body style=3D'font-size: 10pt'>
<p>Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod =
tempor incididunt ut labore et dolore magna aliqua. Integer malesuada nunc =
vel risus commodo viverra. In aliquam sem fringilla ut. Enim sed faucibus t=
urpis in eu mi bibendum neque egestas. Quis auctor elit sed vulputate mi si=
t amet mauris. Duis tristique sollicitudin nibh sit amet commodo nulla faci=
lisi nullam. Egestas sed sed risus pretium quam. Maecenas sed enim ut sem=
=2E Id leo in vitae turpis massa sed elementum tempus. Tincidunt lobortis f=
eugiat vivamus at. Commodo odio aenean sed adipiscing. Massa id neque aliqu=
am vestibulum morbi blandit. Mauris cursus mattis molestie a. Morbi non arc=
u risus quis varius quam quisque id. Volutpat consequat mauris nunc congue =
nisi vitae suscipit. Aliquet eget sit amet tellus cras adipiscing enim.</p>
<p>Viverra suspendisse potenti nullam ac tortor vitae. Et pharetra pharetra=
massa massa. Amet nisl suscipit adipiscing bibendum est ultricies integer =
quis auctor. Vestibulum morbi blandit cursus risus at ultrices. Malesuada n=
unc vel risus commodo viverra maecenas. Dictum at tempor commodo ullamcorpe=
r. Purus gravida quis blandit turpis cursus in hac habitasse platea. Felis =
bibendum ut tristique et egestas. Augue lacus viverra vitae congue eu conse=
quat ac felis. Nunc eget lorem dolor sed viverra ipsum nunc aliquet. Ullamc=
orper velit sed ullamcorper morbi tincidunt ornare massa eget. Est ultricie=
s integer quis auctor elit sed.</p>
<p>https://zammad.com</p>
<pre><code>apt-get update
Get:1 http://security.ubuntu.com/ubuntu focal-security InRelease [114 kB]
Hit:2 http://de.archive.ubuntu.com/ubuntu focal InRelease
Hit:3 http://de.archive.ubuntu.com/ubuntu focal-updates InRelease
Get:4 http://10.10.21.205:3207/dprepo/ubuntu experimental/20.04_x86_64/ InR=
elease [3820 B]
Hit:5 http://de.archive.ubuntu.com/ubuntu focal-backports InRelease
Get:6 http://10.10.21.205:3207/dprepo/ubuntu 20.04_x86_64/ InRelease [3781 =
B]
Get:7 http://10.10.21.205:3207/dprepo/ubuntu experimental/20.04_x86_64/ Sou=
rces [2710 B]
Get:8 http://10.10.21.205:3207/dprepo/ubuntu experimental/20.04_x86_64/ Pac=
kages [6507 B]
Get:9 http://10.10.21.205:3207/dprepo/ubuntu 20.04_x86_64/ Sources [9066 B]
Get:10 http://10.10.21.205:3207/dprepo/ubuntu 20.04_x86_64/ Packages [23.8 =
kB]
Get:11 http://security.ubuntu.com/ubuntu focal-security/main amd64 DEP-11 M=
etadata [40.6 kB]
Get:12 http://security.ubuntu.com/ubuntu focal-security/universe amd64 DEP-=
11 Metadata [66.3 kB]
Get:13 http://security.ubuntu.com/ubuntu focal-security/multiverse amd64 DE=
P-11 Metadata [2464 B]
Fetched 273 kB in 1s (288 kB/s)
Reading package lists...
Batterie-Status pr&uuml;fen
Reading package lists...
Building dependency tree...</code></pre>
<p>Semper eget duis at tellus at urna. Enim diam vulputate ut pharetra sit =
amet aliquam id diam. Sollicitudin tempor id eu nisl nunc. Amet justo donec=
enim diam vulputate ut pharetra sit. Massa tempor nec feugiat nisl pretium=
fusce id velit ut. Semper feugiat nibh sed pulvinar proin gravida hendreri=
t lectus. Convallis posuere morbi leo urna molestie at elementum eu. Blandi=
t aliquam etiam erat velit scelerisque in. Nisl tincidunt eget nullam non n=
isi est sit amet facilisis. In hendrerit gravida rutrum quisque non tellus =
orci. Et leo duis ut diam quam. Quis hendrerit dolor magna eget. Magna eget=
est lorem ipsum. Sit amet volutpat consequat mauris nunc congue nisi vitae=
=2E Diam maecenas ultricies mi eget. Enim tortor at auctor urna.</p>
<p>Nam at lectus urna duis convallis convallis tellus id interdum. Id aliqu=
et lectus proin nibh nisl condimentum id. Vel elit scelerisque mauris pelle=
ntesque pulvinar pellentesque habitant. Vitae tortor condimentum lacinia qu=
is vel eros. Dolor morbi non arcu risus quis varius. Nec nam aliquam sem et=
tortor consequat. Sagittis orci a scelerisque purus. Ultricies mi eget mau=
ris pharetra et. Ut aliquam purus sit amet luctus venenatis lectus magna. L=
ectus vestibulum mattis ullamcorper velit sed ullamcorper morbi. Eu consequ=
at ac felis donec et. Imperdiet dui accumsan sit amet nulla facilisi morbi =
tempus. Non odio euismod lacinia at quis risus. Est ullamcorper eget nulla =
facilisi etiam dignissim diam. Lectus sit amet est placerat. Lectus magna f=
ringilla urna porttitor rhoncus dolor purus. Nec feugiat in fermentum posue=
re urna nec tincidunt praesent. Egestas quis ipsum suspendisse ultrices gra=
vida dictum fusce. Volutpat sed cras ornare arcu dui vivamus.</p>
<p>Quam viverra orci sagittis eu volutpat odio. Egestas sed tempus urna et =
pharetra pharetra massa massa ultricies. Sagittis nisl rhoncus mattis rhonc=
us urna neque viverra. Gravida dictum fusce ut placerat orci nulla pellente=
sque dignissim. Feugiat nibh sed pulvinar proin gravida hendrerit lectus. M=
olestie ac feugiat sed lectus vestibulum mattis. Sit amet purus gravida qui=
s blandit. Massa vitae tortor condimentum lacinia. Ultricies lacus sed turp=
is tincidunt id aliquet. Rhoncus urna neque viverra justo nec ultrices. Vul=
putate odio ut enim blandit volutpat maecenas volutpat. Lorem sed risus ult=
ricies tristique.</p>
<div id=3D"signature">
<div class=3D"pre" style=3D"margin: 0; padding: 0; font-family: monospace">=
<span class=3D"sig">--&nbsp;<br />My amazing company</span></div>
</div>
</body></html>
--=_e2d4c04609c2d7bd8a014063cc6120fa--

68
test/data/mail/mail106.yml Normal file
View file

@ -0,0 +1,68 @@
--- !ruby/hash:ActiveSupport::HashWithIndifferentAccess
from: Community Verify <community-verify@zammad-hosting.com>
from_email: community-verify@zammad-hosting.com
from_display_name: Community Verify
to: jdoe@exmaple.com
subject: Test
body: |-
<p>Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Integer malesuada nunc vel risus commodo viverra. In aliquam sem fringilla ut. Enim sed faucibus turpis in eu mi bibendum neque egestas. Quis auctor elit sed vulputate mi sit amet mauris. Duis tristique sollicitudin nibh sit amet commodo nulla facilisi nullam. Egestas sed sed risus pretium quam. Maecenas sed enim ut sem. Id leo in vitae turpis massa sed elementum tempus. Tincidunt lobortis feugiat vivamus at. Commodo odio aenean sed adipiscing. Massa id neque aliquam vestibulum morbi blandit. Mauris cursus mattis molestie a. Morbi non arcu risus quis varius quam quisque id. Volutpat consequat mauris nunc congue nisi vitae suscipit. Aliquet eget sit amet tellus cras adipiscing enim.</p><p>Viverra suspendisse potenti nullam ac tortor vitae. Et pharetra pharetra massa massa. Amet nisl suscipit adipiscing bibendum est ultricies integer quis auctor. Vestibulum morbi blandit cursus risus at ultrices. Malesuada nunc vel risus commodo viverra maecenas. Dictum at tempor commodo ullamcorper. Purus gravida quis blandit turpis cursus in hac habitasse platea. Felis bibendum ut tristique et egestas. Augue lacus viverra vitae congue eu consequat ac felis. Nunc eget lorem dolor sed viverra ipsum nunc aliquet. Ullamcorper velit sed ullamcorper morbi tincidunt ornare massa eget. Est ultricies integer quis auctor elit sed.</p><p><a href="https://zammad.com" rel="nofollow noreferrer noopener" target="_blank">https://zammad.com</a></p><pre><code>apt-get update
Get:1 http://security.ubuntu.com/ubuntu focal-security InRelease [114 kB]
Hit:2 http://de.archive.ubuntu.com/ubuntu focal InRelease
Hit:3 http://de.archive.ubuntu.com/ubuntu focal-updates InRelease
Get:4 http://10.10.21.205:3207/dprepo/ubuntu experimental/20.04_x86_64/ InRelease [3820 B]
Hit:5 http://de.archive.ubuntu.com/ubuntu focal-backports InRelease
Get:6 http://10.10.21.205:3207/dprepo/ubuntu 20.04_x86_64/ InRelease [3781 B]
Get:7 http://10.10.21.205:3207/dprepo/ubuntu experimental/20.04_x86_64/ Sources [2710 B]
Get:8 http://10.10.21.205:3207/dprepo/ubuntu experimental/20.04_x86_64/ Packages [6507 B]
Get:9 http://10.10.21.205:3207/dprepo/ubuntu 20.04_x86_64/ Sources [9066 B]
Get:10 http://10.10.21.205:3207/dprepo/ubuntu 20.04_x86_64/ Packages [23.8 kB]
Get:11 http://security.ubuntu.com/ubuntu focal-security/main amd64 DEP-11 Metadata [40.6 kB]
Get:12 http://security.ubuntu.com/ubuntu focal-security/universe amd64 DEP-11 Metadata [66.3 kB]
Get:13 http://security.ubuntu.com/ubuntu focal-security/multiverse amd64 DEP-11 Metadata [2464 B]
Fetched 273 kB in 1s (288 kB/s)
Reading package lists...
Batterie-Status prüfen
Reading package lists...
Building dependency tree...</code></pre>
<p>Semper eget duis at tellus at urna. Enim diam vulputate ut pharetra sit amet aliquam id diam. Sollicitudin tempor id eu nisl nunc. Amet justo donec enim diam vulputate ut pharetra sit. Massa tempor nec feugiat nisl pretium fusce id velit ut. Semper feugiat nibh sed pulvinar proin gravida hendrerit lectus. Convallis posuere morbi leo urna molestie at elementum eu. Blandit aliquam etiam erat velit scelerisque in. Nisl tincidunt eget nullam non nisi est sit amet facilisis. In hendrerit gravida rutrum quisque non tellus orci. Et leo duis ut diam quam. Quis hendrerit dolor magna eget. Magna eget est lorem ipsum. Sit amet volutpat consequat mauris nunc congue nisi vitae. Diam maecenas ultricies mi eget. Enim tortor at auctor urna.</p><p>Nam at lectus urna duis convallis convallis tellus id interdum. Id aliquet lectus proin nibh nisl condimentum id. Vel elit scelerisque mauris pellentesque pulvinar pellentesque habitant. Vitae tortor condimentum lacinia quis vel eros. Dolor morbi non arcu risus quis varius. Nec nam aliquam sem et tortor consequat. Sagittis orci a scelerisque purus. Ultricies mi eget mauris pharetra et. Ut aliquam purus sit amet luctus venenatis lectus magna. Lectus vestibulum mattis ullamcorper velit sed ullamcorper morbi. Eu consequat ac felis donec et. Imperdiet dui accumsan sit amet nulla facilisi morbi tempus. Non odio euismod lacinia at quis risus. Est ullamcorper eget nulla facilisi etiam dignissim diam. Lectus sit amet est placerat. Lectus magna fringilla urna porttitor rhoncus dolor purus. Nec feugiat in fermentum posuere urna nec tincidunt praesent. Egestas quis ipsum suspendisse ultrices gravida dictum fusce. Volutpat sed cras ornare arcu dui vivamus.</p><p>Quam viverra orci sagittis eu volutpat odio. Egestas sed tempus urna et pharetra pharetra massa massa ultricies. Sagittis nisl rhoncus mattis rhoncus urna neque viverra. Gravida dictum fusce ut placerat orci nulla pellentesque dignissim. Feugiat nibh sed pulvinar proin gravida hendrerit lectus. Molestie ac feugiat sed lectus vestibulum mattis. Sit amet purus gravida quis blandit. Massa vitae tortor condimentum lacinia. Ultricies lacus sed turpis tincidunt id aliquet. Rhoncus urna neque viverra justo nec ultrices. Vulputate odio ut enim blandit volutpat maecenas volutpat. Lorem sed risus ultricies tristique.</p><div>
<div><span>-- <br>My amazing company</span></div></div>
content_type: text/html
attachments:
- !ruby/hash:ActiveSupport::HashWithIndifferentAccess
data: |
<html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /></head><body style='font-size: 10pt'>
<p>Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Integer malesuada nunc vel risus commodo viverra. In aliquam sem fringilla ut. Enim sed faucibus turpis in eu mi bibendum neque egestas. Quis auctor elit sed vulputate mi sit amet mauris. Duis tristique sollicitudin nibh sit amet commodo nulla facilisi nullam. Egestas sed sed risus pretium quam. Maecenas sed enim ut sem. Id leo in vitae turpis massa sed elementum tempus. Tincidunt lobortis feugiat vivamus at. Commodo odio aenean sed adipiscing. Massa id neque aliquam vestibulum morbi blandit. Mauris cursus mattis molestie a. Morbi non arcu risus quis varius quam quisque id. Volutpat consequat mauris nunc congue nisi vitae suscipit. Aliquet eget sit amet tellus cras adipiscing enim.</p>
<p>Viverra suspendisse potenti nullam ac tortor vitae. Et pharetra pharetra massa massa. Amet nisl suscipit adipiscing bibendum est ultricies integer quis auctor. Vestibulum morbi blandit cursus risus at ultrices. Malesuada nunc vel risus commodo viverra maecenas. Dictum at tempor commodo ullamcorper. Purus gravida quis blandit turpis cursus in hac habitasse platea. Felis bibendum ut tristique et egestas. Augue lacus viverra vitae congue eu consequat ac felis. Nunc eget lorem dolor sed viverra ipsum nunc aliquet. Ullamcorper velit sed ullamcorper morbi tincidunt ornare massa eget. Est ultricies integer quis auctor elit sed.</p>
<p>https://zammad.com</p>
<pre><code>apt-get update
Get:1 http://security.ubuntu.com/ubuntu focal-security InRelease [114 kB]
Hit:2 http://de.archive.ubuntu.com/ubuntu focal InRelease
Hit:3 http://de.archive.ubuntu.com/ubuntu focal-updates InRelease
Get:4 http://10.10.21.205:3207/dprepo/ubuntu experimental/20.04_x86_64/ InRelease [3820 B]
Hit:5 http://de.archive.ubuntu.com/ubuntu focal-backports InRelease
Get:6 http://10.10.21.205:3207/dprepo/ubuntu 20.04_x86_64/ InRelease [3781 B]
Get:7 http://10.10.21.205:3207/dprepo/ubuntu experimental/20.04_x86_64/ Sources [2710 B]
Get:8 http://10.10.21.205:3207/dprepo/ubuntu experimental/20.04_x86_64/ Packages [6507 B]
Get:9 http://10.10.21.205:3207/dprepo/ubuntu 20.04_x86_64/ Sources [9066 B]
Get:10 http://10.10.21.205:3207/dprepo/ubuntu 20.04_x86_64/ Packages [23.8 kB]
Get:11 http://security.ubuntu.com/ubuntu focal-security/main amd64 DEP-11 Metadata [40.6 kB]
Get:12 http://security.ubuntu.com/ubuntu focal-security/universe amd64 DEP-11 Metadata [66.3 kB]
Get:13 http://security.ubuntu.com/ubuntu focal-security/multiverse amd64 DEP-11 Metadata [2464 B]
Fetched 273 kB in 1s (288 kB/s)
Reading package lists...
Batterie-Status pr&uuml;fen
Reading package lists...
Building dependency tree...</code></pre>
<p>Semper eget duis at tellus at urna. Enim diam vulputate ut pharetra sit amet aliquam id diam. Sollicitudin tempor id eu nisl nunc. Amet justo donec enim diam vulputate ut pharetra sit. Massa tempor nec feugiat nisl pretium fusce id velit ut. Semper feugiat nibh sed pulvinar proin gravida hendrerit lectus. Convallis posuere morbi leo urna molestie at elementum eu. Blandit aliquam etiam erat velit scelerisque in. Nisl tincidunt eget nullam non nisi est sit amet facilisis. In hendrerit gravida rutrum quisque non tellus orci. Et leo duis ut diam quam. Quis hendrerit dolor magna eget. Magna eget est lorem ipsum. Sit amet volutpat consequat mauris nunc congue nisi vitae. Diam maecenas ultricies mi eget. Enim tortor at auctor urna.</p>
<p>Nam at lectus urna duis convallis convallis tellus id interdum. Id aliquet lectus proin nibh nisl condimentum id. Vel elit scelerisque mauris pellentesque pulvinar pellentesque habitant. Vitae tortor condimentum lacinia quis vel eros. Dolor morbi non arcu risus quis varius. Nec nam aliquam sem et tortor consequat. Sagittis orci a scelerisque purus. Ultricies mi eget mauris pharetra et. Ut aliquam purus sit amet luctus venenatis lectus magna. Lectus vestibulum mattis ullamcorper velit sed ullamcorper morbi. Eu consequat ac felis donec et. Imperdiet dui accumsan sit amet nulla facilisi morbi tempus. Non odio euismod lacinia at quis risus. Est ullamcorper eget nulla facilisi etiam dignissim diam. Lectus sit amet est placerat. Lectus magna fringilla urna porttitor rhoncus dolor purus. Nec feugiat in fermentum posuere urna nec tincidunt praesent. Egestas quis ipsum suspendisse ultrices gravida dictum fusce. Volutpat sed cras ornare arcu dui vivamus.</p>
<p>Quam viverra orci sagittis eu volutpat odio. Egestas sed tempus urna et pharetra pharetra massa massa ultricies. Sagittis nisl rhoncus mattis rhoncus urna neque viverra. Gravida dictum fusce ut placerat orci nulla pellentesque dignissim. Feugiat nibh sed pulvinar proin gravida hendrerit lectus. Molestie ac feugiat sed lectus vestibulum mattis. Sit amet purus gravida quis blandit. Massa vitae tortor condimentum lacinia. Ultricies lacus sed turpis tincidunt id aliquet. Rhoncus urna neque viverra justo nec ultrices. Vulputate odio ut enim blandit volutpat maecenas volutpat. Lorem sed risus ultricies tristique.</p>
<div id="signature">
<div class="pre" style="margin: 0; padding: 0; font-family: monospace"><span class="sig">--&nbsp;<br />My amazing company</span></div>
</div>
</body></html>
filename: message.html
preferences: !ruby/hash:ActiveSupport::HashWithIndifferentAccess
content-alternative: true
original-format: true
Mime-Type: text/html
Charset: UTF-8

54
test/unit/html_sanitizer_test.rb
View file

@ -163,5 +163,59 @@ test 123
assert_equal(HtmlSanitizer.strict("<a href=\"#{attachment_url_evil_other}\">Evil link</a>"), "<a href=\"#{attachment_url_good}\" rel=\"nofollow noreferrer noopener\" target=\"_blank\" title=\"#{attachment_url_good}\">Evil link</a>")
assert_equal(HtmlSanitizer.strict('<a href="mailto:testäöü@example.com" id="123">test</a>'), '<a href="mailto:test%C3%A4%C3%B6%C3%BC@example.com">test</a>')
assert_equal(HtmlSanitizer.strict('<pre><code>apt-get update
Get:1 http://security.ubuntu.com/ubuntu focal-security InRelease [114 kB]
Hit:2 http://de.archive.ubuntu.com/ubuntu focal InRelease
Hit:3 http://de.archive.ubuntu.com/ubuntu focal-updates InRelease
Get:4 http://10.10.21.205:3207/dprepo/ubuntu experimental/20.04_x86_64/ InR=
elease [3820 B]
Hit:5 http://de.archive.ubuntu.com/ubuntu focal-backports InRelease
Get:6 http://10.10.21.205:3207/dprepo/ubuntu 20.04_x86_64/ InRelease [3781 =
B]
Get:7 http://10.10.21.205:3207/dprepo/ubuntu experimental/20.04_x86_64/ Sou=
rces [2710 B]
Get:8 http://10.10.21.205:3207/dprepo/ubuntu experimental/20.04_x86_64/ Pac=
kages [6507 B]
Get:9 http://10.10.21.205:3207/dprepo/ubuntu 20.04_x86_64/ Sources [9066 B]
Get:10 http://10.10.21.205:3207/dprepo/ubuntu 20.04_x86_64/ Packages [23.8 =
kB]
Get:11 http://security.ubuntu.com/ubuntu focal-security/main amd64 DEP-11 M=
etadata [40.6 kB]
Get:12 http://security.ubuntu.com/ubuntu focal-security/universe amd64 DEP-=
11 Metadata [66.3 kB]
Get:13 http://security.ubuntu.com/ubuntu focal-security/multiverse amd64 DE=
P-11 Metadata [2464 B]
Fetched 273 kB in 1s (288 kB/s)
Reading package lists...
Batterie-Status pr&uuml;fen
Reading package lists...
Building dependency tree...</code></pre>'), '<pre><code>apt-get update
Get:1 http://security.ubuntu.com/ubuntu focal-security InRelease [114 kB]
Hit:2 http://de.archive.ubuntu.com/ubuntu focal InRelease
Hit:3 http://de.archive.ubuntu.com/ubuntu focal-updates InRelease
Get:4 http://10.10.21.205:3207/dprepo/ubuntu experimental/20.04_x86_64/ InR=
elease [3820 B]
Hit:5 http://de.archive.ubuntu.com/ubuntu focal-backports InRelease
Get:6 http://10.10.21.205:3207/dprepo/ubuntu 20.04_x86_64/ InRelease [3781 =
B]
Get:7 http://10.10.21.205:3207/dprepo/ubuntu experimental/20.04_x86_64/ Sou=
rces [2710 B]
Get:8 http://10.10.21.205:3207/dprepo/ubuntu experimental/20.04_x86_64/ Pac=
kages [6507 B]
Get:9 http://10.10.21.205:3207/dprepo/ubuntu 20.04_x86_64/ Sources [9066 B]
Get:10 http://10.10.21.205:3207/dprepo/ubuntu 20.04_x86_64/ Packages [23.8 =
kB]
Get:11 http://security.ubuntu.com/ubuntu focal-security/main amd64 DEP-11 M=
etadata [40.6 kB]
Get:12 http://security.ubuntu.com/ubuntu focal-security/universe amd64 DEP-=
11 Metadata [66.3 kB]
Get:13 http://security.ubuntu.com/ubuntu focal-security/multiverse amd64 DE=
P-11 Metadata [2464 B]
Fetched 273 kB in 1s (288 kB/s)
Reading package lists...
Batterie-Status prüfen
Reading package lists...
Building dependency tree...</code></pre>')
end
end