@bobfrankston/rmfmail 1.0.679 → 1.0.680
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/client/app.ts
CHANGED
|
@@ -1071,6 +1071,12 @@ function sanitizeQuotedBody(msg: any): string {
|
|
|
1071
1071
|
// future provider/path that didn't go through that pipeline.
|
|
1072
1072
|
const isPlainText = !msg.bodyHtml;
|
|
1073
1073
|
if (isPlainText) {
|
|
1074
|
+
// Full HTML escape. Leaving `>` unescaped was tempting for source
|
|
1075
|
+
// readability but breaks HTML in edge cases — TinyMCE's normalize-
|
|
1076
|
+
// on-paste re-interprets the input, and stray `>` near sequences
|
|
1077
|
+
// like `<!--` / `-->` / `<!` in plain-text bodies can be misread
|
|
1078
|
+
// by the parser. Per Bob 2026-05-12: "not just ugly, it breaks
|
|
1079
|
+
// the HTML." Trivial source-clutter is the lesser evil.
|
|
1074
1080
|
const escaped = String(msg.bodyText || "")
|
|
1075
1081
|
.replace(/&/g, "&").replace(/</g, "<").replace(/>/g, ">");
|
|
1076
1082
|
return `<div style="white-space:pre-wrap;font-family:inherit;margin:0">${escaped}</div>`;
|
|
@@ -596,6 +596,27 @@ async function createTinyMceEditor(container2, opts = {}) {
|
|
|
596
596
|
// everything that the schema allows.
|
|
597
597
|
paste_word_valid_elements: "@[style|class],-strong/b,-em/i,-u,-s,-sub,-sup,-strike,-p,-ol,-ul,-li,-h1,-h2,-h3,-h4,-h5,-h6,-blockquote,-table[border|cellpadding|cellspacing|width|height|class|style],-tr,-td[colspan|rowspan|width|height|class|style|valign|align|background|bgcolor],-th,-thead,-tbody,-tfoot,-pre,-br,-a[href|target|title],-img[src|alt|width|height|style|class]",
|
|
598
598
|
paste_retain_style_properties: "color background background-color font-family font-size font-weight font-style text-decoration text-align padding padding-top padding-bottom padding-left padding-right margin margin-top margin-bottom margin-left margin-right border border-top border-bottom border-left border-right",
|
|
599
|
+
// Auto-link bare URLs in pasted content. TinyMCE's `autolink`
|
|
600
|
+
// plugin only fires on TYPED space/enter; URLs that arrive via
|
|
601
|
+
// clipboard (browser address bar, terminal copy) come in as
|
|
602
|
+
// plain text and stay un-linked. paste_preprocess runs on the
|
|
603
|
+
// HTML the paste plugin produced.
|
|
604
|
+
//
|
|
605
|
+
// CRITICAL: skip auto-link when the content already contains
|
|
606
|
+
// anchors. Naive regex over the whole content would wrap
|
|
607
|
+
// `<a href="X">X</a>` in ANOTHER anchor (nested anchors are
|
|
608
|
+
// invalid HTML and browsers split them, producing visible
|
|
609
|
+
// junk). For HTML pastes that already have linked URLs (the
|
|
610
|
+
// common case from a browser address bar or another mail
|
|
611
|
+
// client), TinyMCE preserves them — no auto-link pass needed.
|
|
612
|
+
// For plain-text pastes (no anchors present), wrap any bare
|
|
613
|
+
// http(s)://… runs. Trailing sentence punctuation is excluded
|
|
614
|
+
// from the URL.
|
|
615
|
+
paste_preprocess: (_plugin, args) => {
|
|
616
|
+
if (/<a[\s>]/i.test(args.content))
|
|
617
|
+
return;
|
|
618
|
+
args.content = args.content.replace(/(^|[\s(\[])((?:https?|ftp):\/\/[^\s<>"']+[^\s<>"'.,;:!?)\]])/gi, (_m, lead, url) => `${lead}<a href="${url}">${url}</a>`);
|
|
619
|
+
},
|
|
599
620
|
content_style: "body { font-family: system-ui, sans-serif; font-size: 14px; }",
|
|
600
621
|
init_instance_callback: (ed) => resolve(ed),
|
|
601
622
|
setup: (ed) => {
|