48hr.email/infrastructure/web/views/mail.twig

56 lines
1.7 KiB
Twig

{% extends 'layout.twig' %}
{% block body %}
<div style="float: right; text-align: end;">
<a href="/inbox/{{ address }}">
← Return to inbox</a>
<br>
<a href="/inbox/{{ address }}/{{ uid }}/delete">
Delete Email</a>
<br>
<a href="/logout">
Logout</a>
</div>
<hr>
<div style="text-align: center;">
<h1>{{ mail.subject }}</h1>
</div>
{% if mail.html %}
<div>
{# TODO:
Find a better solution for this monstrocity.
Replaces clean html tag with styled one for readabbility.
Realistically, the entire iFrame or even website itself might be vulnerable.
srcdoc='html' seems like a very, very unsafe method to me, unfortunately I havent found a better solution.
#}
<iframe sandbox="allow-popups allow-popups-to-escape-sandbox" csp="script-src 'none'" srcdoc='{{ mail.html|replace({'<html>': '<html style="color: white"'}) }}'></iframe>
</div>
{% elseif mail.textAsHtml %}
<div class="mail_body">
{{ mail.textAsHtml|raw }}
</div>
{% else %}
<div class="mail_body"></div>
{% endif %}
{% if mail.attachments %}
<div class="mail_body">
{% for attachment in mail.attachments %}
<a href="">📎 {{ attachment.filename }}</a>
{#
Add actual button to download each file, inline.
Or even better. just an a href with filename.
very basic, like regular links look. maybe a paperclip icon
#}
{% endfor %}
</div>
{% endif %}
<h3 style="text-align: center;display: block;">{{ mail.from.text }} | {{ mail.date| date }}</h3>
{% endblock %}