Add TODO Comment to mail twig

2025-11-03 23:16:31 +01:00 · 2023-11-02 08:15:11 +01:00 · 2023-11-02 08:15:11 +01:00 · f367b4caf6
commit f367b4caf6
parent 01b56d97e9
1 changed files with 8 additions and 0 deletions
--- a/infrastructure/web/views/mail.twig
+++ b/infrastructure/web/views/mail.twig
@ -18,6 +18,14 @@
    </div>
    {% if mail.html %}
    <div>
+
+        {# TODO: 
+            Find a better solution for this monstrocity.
+            Replaces clean html tag with styled one for readabbility. 
+            Realistically, the entire iFrame or even website itself might be vulnerable.
+            srcdoc='html' seems like a very, very unsafe method to me, unfortunately I havent found a better solution.
+        #}
+
 		<iframe srcdoc='{{ mail.html|replace({'<html>': '<html style="color: white"'}) }}'></iframe>
 	</div>
    {% elseif mail.textAsHtml %}