From f367b4caf67ec0a5c84cb89bbb4aeb0a92c8a687 Mon Sep 17 00:00:00 2001
From: ClaraCrazy <clara@cynthialabs.net>
Date: Thu, 2 Nov 2023 08:15:11 +0100
Subject: [PATCH] Add TODO Comment to mail twig

---
 infrastructure/web/views/mail.twig | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/infrastructure/web/views/mail.twig b/infrastructure/web/views/mail.twig
index 69dc3c6..6ec33f3 100644
--- a/infrastructure/web/views/mail.twig
+++ b/infrastructure/web/views/mail.twig
@@ -18,6 +18,14 @@
     </div>
     {% if mail.html %}
     <div>
+
+        {# TODO: 
+            Find a better solution for this monstrocity.
+            Replaces clean html tag with styled one for readabbility. 
+            Realistically, the entire iFrame or even website itself might be vulnerable.
+            srcdoc='html' seems like a very, very unsafe method to me, unfortunately I havent found a better solution.
+        #}
+
 		<iframe srcdoc='{{ mail.html|replace({'<html>': '<html style="color: white"'}) }}'></iframe>
 	</div>
     {% elseif mail.textAsHtml %}