2023-11-01 11:48:19 +01:00
|
|
|
{% extends 'layout.twig' %}
|
|
|
|
|
|
|
|
|
|
{% block body %}
|
|
|
|
|
|
|
|
|
|
<div style="float: right; text-align: end;">
|
2023-11-03 06:11:17 +01:00
|
|
|
<a href="/inbox/{{ address }}">
|
2023-11-01 11:48:19 +01:00
|
|
|
← Return to inbox</a>
|
|
|
|
|
<br>
|
2024-09-28 00:31:44 +02:00
|
|
|
<a href="/inbox/{{ address }}/{{ uid }}/delete">
|
2023-11-02 06:25:22 +01:00
|
|
|
Delete Email</a>
|
|
|
|
|
<br>
|
2023-11-03 06:11:17 +01:00
|
|
|
<a href="/logout">
|
2023-11-01 11:48:19 +01:00
|
|
|
Logout</a>
|
|
|
|
|
</div>
|
|
|
|
|
<hr>
|
|
|
|
|
<div style="text-align: center;">
|
|
|
|
|
<h1>{{ mail.subject }}</h1>
|
|
|
|
|
</div>
|
|
|
|
|
{% if mail.html %}
|
|
|
|
|
<div>
|
2023-11-02 08:15:11 +01:00
|
|
|
|
|
|
|
|
{# TODO:
|
|
|
|
|
Find a better solution for this monstrocity.
|
|
|
|
|
Replaces clean html tag with styled one for readabbility.
|
|
|
|
|
Realistically, the entire iFrame or even website itself might be vulnerable.
|
|
|
|
|
srcdoc='html' seems like a very, very unsafe method to me, unfortunately I havent found a better solution.
|
|
|
|
|
#}
|
|
|
|
|
|
2023-11-02 12:05:01 +01:00
|
|
|
<iframe sandbox="allow-popups allow-popups-to-escape-sandbox" csp="script-src 'none'" srcdoc='{{ mail.html|replace({'<html>': '<html style="color: white"'}) }}'></iframe>
|
2023-11-01 11:48:19 +01:00
|
|
|
</div>
|
|
|
|
|
{% elseif mail.textAsHtml %}
|
|
|
|
|
<div class="mail_body">
|
|
|
|
|
{{ mail.textAsHtml|raw }}
|
|
|
|
|
</div>
|
|
|
|
|
{% else %}
|
|
|
|
|
<div class="mail_body"></div>
|
|
|
|
|
{% endif %}
|
|
|
|
|
<h3 style="text-align: center;display: block;">{{ mail.from.text }} | {{ mail.date| date }}</h3>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
{% endblock %}
|
