From 77ec41bb6f542077503106cacc1dbd28118c50b4 Mon Sep 17 00:00:00 2001
From: Felix Hammerl <fhammerl@thoughtworks.com>
Date: Wed, 24 Feb 2016 10:13:25 +0100
Subject: Issue #617: Sanitize received content

Sanitizes received HTML content with DOMPurify, making it safe
for displaying and templating. Sanitizes received plain text content
by encoding every single character as HTML entity.
---
 web-ui/app/js/mail_view/ui/mail_view.js | 1 +
 1 file changed, 1 insertion(+)

(limited to 'web-ui/app/js/mail_view/ui/mail_view.js')

diff --git a/web-ui/app/js/mail_view/ui/mail_view.js b/web-ui/app/js/mail_view/ui/mail_view.js
index d4f5dd9e..8465b45a 100644
--- a/web-ui/app/js/mail_view/ui/mail_view.js
+++ b/web-ui/app/js/mail_view/ui/mail_view.js
@@ -72,6 +72,7 @@ define(
         }));
 
         this.$node.find('.bodyArea').html(viewHelpers.formatMailBody(data.mail));
+
         this.trigger(document, events.search.highlightResults, {where: '.bodyArea'});
         this.trigger(document, events.search.highlightResults, {where: '.subjectArea'});
         this.trigger(document, events.search.highlightResults, {where: '.msg-header .recipients'});
-- 
cgit v1.2.3