From 837aba39d513ffcf42c73b35c6e0edf78d1a0c97 Mon Sep 17 00:00:00 2001
From: James Lemieux <jplemieux@google.com>
Date: Tue, 20 May 2014 14:15:12 -0700
Subject: [PATCH] Sanitize HTML email bodies in Android Email

b/14567151

Sanitizes HTML email bodies on demand as they are requested from
EmailMessageCursor. Also alters Account settings to indicate that emails can be
assumed to be sanitized and transform scripts can be applied to the email
bodies.

Change-Id: I789e6de3569ae8c7d2c21f0b5aa590d7638a1467
---
 src/com/android/email/provider/EmailMessageCursor.java | 4 +++-
 src/com/android/email/provider/EmailProvider.java      | 7 +++++++
 2 files changed, 10 insertions(+), 1 deletion(-)

diff --git a/src/com/android/email/provider/EmailMessageCursor.java b/src/com/android/email/provider/EmailMessageCursor.java
index a734bbe63..e4aa27003 100644
--- a/src/com/android/email/provider/EmailMessageCursor.java
+++ b/src/com/android/email/provider/EmailMessageCursor.java
@@ -25,6 +25,7 @@ import android.provider.BaseColumns;
 import android.util.SparseArray;
 
 import com.android.emailcommon.provider.EmailContent.Body;
+import com.android.mail.utils.HtmlSanitizer;
 import com.android.mail.utils.LogUtils;
 
 import org.apache.commons.io.IOUtils;
@@ -70,7 +71,8 @@ public class EmailMessageCursor extends CursorWrapper {
                     final Uri htmlUri = Body.getBodyHtmlUriForMessageWithId(messageId);
                     final InputStream in = cr.openInputStream(htmlUri);
                     final String underlyingHtmlString = IOUtils.toString(in);
-                    mHtmlParts.put(position, underlyingHtmlString);
+                    final String sanitizedHtml = HtmlSanitizer.sanitizeHtml(underlyingHtmlString);
+                    mHtmlParts.put(position, sanitizedHtml);
                 }
             } catch (final IOException e) {
                 LogUtils.v(LogUtils.TAG, e, "Did not find html body for message %d", messageId);
diff --git a/src/com/android/email/provider/EmailProvider.java b/src/com/android/email/provider/EmailProvider.java
index acd04b034..ce887766b 100644
--- a/src/com/android/email/provider/EmailProvider.java
+++ b/src/com/android/email/provider/EmailProvider.java
@@ -3383,6 +3383,9 @@ public class EmailProvider extends ContentProvider {
         // TODO: Should this be stored per-account, or some other mechanism?
         capabilities |= AccountCapabilities.NESTED_FOLDERS;
 
+        // sanitization happens lazily in the EmailMessageCursor as HTML email bodies are requested
+        capabilities |= UIProvider.AccountCapabilities.SANITIZED_HTML;
+
         return capabilities;
     }
 
@@ -3486,6 +3489,10 @@ public class EmailProvider extends ContentProvider {
                         UIProvider.SyncStatus.INITIAL_SYNC_NEEDED);
             }
         }
+        if (projectionColumns.contains(UIProvider.AccountColumns.ENABLE_MESSAGE_TRANSFORMS)) {
+            // Email is now sanitized, which grants the ability to inject beautifying javascript.
+            values.put(UIProvider.AccountColumns.ENABLE_MESSAGE_TRANSFORMS, 1);
+        }
         if (projectionColumns.contains(
                 UIProvider.AccountColumns.SettingsColumns.IMPORTANCE_MARKERS_ENABLED)) {
             // Email doesn't support priority inbox, so always state importance markers disabled.