Project

General

Profile

Actions

Defect #19537

closed

Broken HTML sanitizer refence breaks email receiving

Added by Phil Stewart over 9 years ago. Updated over 9 years ago.

Status:
Closed
Priority:
Normal
Category:
Email receiving
Target version:
Start date:
Due date:
% Done:

0%

Estimated time:
Resolution:
Fixed
Affected version:

Description

HTML emails fail silently when receiving emails via IMAP due to broken HTML sanitizer reference in MailHandler.full_sanitizer on line 449 of app/models/mail_handler.rb:

def self.full_sanitizer
  @full_sanitizer ||= HTML::FullSanitizer.new
end

Changing this line to @full_sanitizer ||= Rails::Html::FullSanitizer.new works, although it didn't do a particularly good job on the stuck email I'd sent from Outlook.

Redmine: 3.0.1
Rails: 4.2.0
Ruby: 2.2.0


Files

MailHandler_Strip_sample.png (178 KB) MailHandler_Strip_sample.png Rupesh J, 2015-04-29 10:50
Actions #1

Updated by Timur Voroshilov over 9 years ago

This line @full_sanitizer ||= Rails::Html::FullSanitizer.new works:
Ruby 2.0.0
Rails 4.2.0
Redmine 3.0.1

And normally works on import mail sent by MS Outlook 2013.

Actions #2

Updated by Rupesh J over 9 years ago

This is a new implementation of rails sanitizer, This did not work, So using the old deprecated one, through a GEM.

gem 'rails-deprecated_sanitizer'

Until this is corrected with the rails sanitizer...! :)

Actions #3

Updated by Phil Stewart over 9 years ago

I've created a Gemfile.local file in my install and added gem 'rails-deprecated_sanitizer', which works nicely without having to change MailHandler over to the new sanitizer.

Actions #4

Updated by Toshi MARUYAMA over 9 years ago

  • Target version set to 3.0.2
Actions #5

Updated by Jean-Philippe Lang over 9 years ago

  • Subject changed from Broken HTML sanitizer refence breaks redmine:email:receive_imap to Broken HTML sanitizer refence breaks email receiving
  • Status changed from New to Closed
  • Assignee set to Jean-Philippe Lang
  • Resolution set to Fixed

Fixed in r14219, the default Rails sanitizer is now used.

Actions #6

Updated by Rupesh J over 9 years ago

The text striping is not handled.
I am getting some unwanted Outlook mail tags.
Please let me know if this needs to be reported as another bug ?

Actions #8

Updated by Toshi MARUYAMA over 9 years ago

Rupesh J wrote:

The text striping is not handled.
I am getting some unwanted Outlook mail tags.

Did it work on Redmine 2.x?

Please let me know if this needs to be reported as another bug ?

If it is regression of Redmine 3.0,
please create new issue because 3.0.2 was released.

If it is not regression of Redmine 3.0,
I think it is duplicate of #13209.

Actions #9

Updated by Rupesh J over 9 years ago

Ok, I will create a regression bug.

It worked in
  • 2.6.x
  • 3.0.1 using the gem 'rails-deprecated_sanitizer'
Actions #10

Updated by Toshi MARUYAMA over 9 years ago

Thank you for creating #19737.

Actions

Also available in: Atom PDF