FIX: prevent huge custom emojis in emails

2017-01-30 18:06:48 +01:00 · 2017-01-30 18:06:48 +01:00 · 8fc7420f83
parent d4bbdcd7d6
commit 8fc7420f83
2 changed files with 17 additions and 16 deletions
--- a/lib/email/styles.rb
+++ b/lib/email/styles.rb
@ -37,25 +37,20 @@ module Email
      @fragment.css('img').each do |img|
        next if img['class'] == 'site-logo'
-        if img['class'] == "emoji" || img['src'] =~ /(plugins|images)\/emoji/
+        if (img['class'] && img['class']['emoji']) || (img['src'] && img['src'][/\/_?emoji\//])
-          img['width'] = 20
+          img['width'] = img['height'] = 20
          img['height'] = 20
        else
          # use dimensions of original iPhone screen for 'too big, let device rescale'
          if img['width'].to_i > 320 or img['height'].to_i > 480
-            img['width'] = 'auto'
+            img['width'] = img['height'] = 'auto'
            img['height'] = 'auto'
          end
        end
        if img['src']
          # ensure all urls are absolute
-        if img['src'] =~ /^\/[^\/]/
+          img['src'] = "#{Discourse.base_url}#{img['src']}" if img['src'][/^\/[^\/]/]
          img['src'] = "#{Discourse.base_url}#{img['src']}"
        end
          # ensure no schemaless urls
-        if img['src'] && img['src'].starts_with?("//")
+          img['src'] = "#{uri.scheme}:#{img['src']}" if img['src'][/^\/\//]
          img['src'] = "#{uri.scheme}:#{img['src']}"
        end
      end
@ -199,12 +194,12 @@ module Email
    def strip_avatars_and_emojis
      @fragment.search('img').each do |img|
-        if img['src'] =~ /_avatar/
+        if img['src'][/_avatar/]
          img.parent['style'] = "vertical-align: top;" if img.parent.name == 'td'
          img.remove
        end
-        if img['title'] && (img['src'] =~ /images\/emoji/ || img['src'] =~ /uploads\/default\/_emoji/)
+        if img['title'] && img['src'][/\/_?emoji\//]
          img.add_previous_sibling(img['title'] || "emoji")
          img.remove
        end
--- a/spec/components/email/styles_spec.rb
+++ b/spec/components/email/styles_spec.rb
@ -30,12 +30,18 @@ describe Email::Styles do
      expect(frag.at("img")["style"]).to match("max-width")
    end
-    it "adds a width and height to images with an emoji path" do
+    it "adds a width and height to emojis" do
      frag = basic_fragment("<img src='/images/emoji/fish.png' class='emoji'>")
      expect(frag.at("img")["width"]).to eq("20")
      expect(frag.at("img")["height"]).to eq("20")
    end
    it "adds a width and height to custom emojis" do
      frag = basic_fragment("<img src='/uploads/default/_emoji/fish.png' class='emoji emoji-custom'>")
      expect(frag.at("img")["width"]).to eq("20")
      expect(frag.at("img")["height"]).to eq("20")
    end
    it "converts relative paths to absolute paths" do
      frag = basic_fragment("<img src='/some-image.png'>")
      expect(frag.at("img")["src"]).to eq("#{Discourse.base_url}/some-image.png")