FIX: email styling with blacklisted iframes

2016-10-21 12:37:03 +02:00 · 2016-10-21 12:37:03 +02:00 · 2a61cc8c88
parent 35d248ab0d
commit 2a61cc8c88
2 changed files with 13 additions and 2 deletions
--- a/lib/email/styles.rb
+++ b/lib/email/styles.rb
@ -129,13 +129,18 @@ module Email
      # iframes can't go in emails, so replace them with clickable links
      @fragment.css('iframe').each do |i|
        begin
-          src_uri = URI(i['src'])
+          # sometimes, iframes are blacklisted...
+          if i["src"].blank?
+            i.remove
+            next
+          end

+          src_uri = URI(i['src'])
          # If an iframe is protocol relative, use SSL when displaying it
          display_src = "#{src_uri.scheme || 'https'}://#{src_uri.host}#{src_uri.path}#{src_uri.query.nil? ? '' : '?' + src_uri.query}#{src_uri.fragment.nil? ? '' : '#' + src_uri.fragment}"
          i.replace "<p><a href='#{src_uri.to_s}'>#{CGI.escapeHTML(display_src)}</a><p>"
        rescue URI::InvalidURIError
-          # If the URL is weird, remove it
+          # If the URL is weird, remove the iframe
          i.remove
        end
      end
--- a/spec/components/email/styles_spec.rb
+++ b/spec/components/email/styles_spec.rb
@ -95,6 +95,12 @@ describe Email::Styles do
      expect(frag.at('iframe')).to be_blank
      expect(frag.at('a')).to be_blank
    end
+
+    it "won't allow empty iframe src, strips them with no link" do
+      frag = html_fragment("<iframe src=''></iframe>")
+      expect(frag.at('iframe')).to be_blank
+      expect(frag.at('a')).to be_blank
+    end
  end

  context "rewriting protocol relative URLs to the forum" do