Message reader with sandboxed HTML render #18

New issue

Open

opened 2026-04-20 11:08:21 +00:00 by ariejan · 0 comments

ariejan commented 2026-04-20 11:08:21 +00:00

Owner

Copy link

Render HTML body inside <iframe sandbox> with strict CSP. Sanitize via rails-html-sanitizer. Inline image cid: resolution. Block remote images by default with "load images" banner.

Render HTML body inside `<iframe sandbox>` with strict CSP. Sanitize via rails-html-sanitizer. Inline image `cid:` resolution. Block remote images by default with "load images" banner.

ariejan added this to the M1 Receive mail milestone 2026-04-20 11:08:21 +00:00

ariejan added the

area:ui

area:security

type:feature

priority:p0

labels 2026-04-20 11:08:21 +00:00

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

master

issue-5-docker-compose

No results found.

Labels

Clear labels   

area:auth

Auth, sessions, 2FA

  

area:docs

Documentation

  

area:imap

IMAP adapter and sync

  

area:model

Schema and ActiveRecord

  

area:ops

Docker, deploy, backup, observability

  

area:search

Full-text search

  

area:security

Security and privacy

  

area:smtp

SMTP adapter and send

  

area:ui

Hotwire / frontend

  

priority:p0

Critical / blocking

  

priority:p1

High

  

priority:p2

Normal

  

type:bug

Defect

  

type:chore

Setup / maintenance

  

type:feature

New functionality

  

type:test

Test infrastructure

No labels

area:auth

area:docs

area:imap

area:model

area:ops

area:search

area:security

area:smtp

area:ui

priority:p0

priority:p1

priority:p2

type:bug

type:chore

type:feature

type:test

Milestone

Clear milestone

No items

No milestone

M1 Receive mail

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

ariejan/envoy#18

No description provided.