HTML mail leakage when the `text/html` part is not a direct child of the `multipart/alternative`
Hello!
I think I've encountered a problem in Schleuder 3.4.0 (which is probably still present in the later versions as well), in which the HTML part of an email containing keywords will not be removed if the text/html
part is not a direct child of the main multipart/alternative
container.
Steps to Reproduce the Problem
- Compose a new email (I used Thunderbird 102, but other email clients might work as well).
- Add Schleuder keywords (such as an
x-resend
keyword). - In the body of the email, insert an image.
- Send the encrypted, signed email to the Schleuder address.
Note: Since the HTML part should be stripped anyway, I agree that there is not much point including an image in the email in the first place. However, I think there are real-life situations where this could happen: for instance, when quoting / replying to an email which already has embedded images, the email client will automatically include these images in the new message, and the user may just leave them as is. (Actually, this is how I've stumbled upon this problem.)
Expected Behavior
One would expect the HTML part to be stripped from the email resent by Schleuder, since #399 (closed) was fixed thanks to !255 (merged).
Actual Behavior
The HTML part will be left untouched by Schleuder and resent as is. In particular, it will leak the keywords.
Specifications
- Version: 3.4.0 (it seems to me that the problem is present in the 4.* branch as well, but I wasn't able to test)
- Installation method (package, gem...): unknown
- Mail client version: Thunderbird 102.3.0
Other information
It seems to me that this is due to the fact that Schleuder will only remove the text/html
part if it is directly contained in the top-level multipart/alternative
container, according to the strip_html_from_alternative_if_keywords_present
filter. For instance, the filter will work as expected if the email has the following structure:
multipart/alternative
|- text/plain
'- text/html
However, if there is an image embedded with the HTML part, then Thunderbird (and probably other email clients) will first bundle the HTML part and the image together in a multipart/related
part, then add this part to the multipart/alternative
:
multipart/alternative
|- text/plain
'- multipart/related
|- text/html
'- image/jpeg
From what I could understand from the code of the strip_html_from_alternative_if_keywords_present
filter, it seems to me that Schleuder will not find and remove the text/html
part because it is not in the mail.parts
array.
Maybe a possible fix would be to recurse down the tree of parts instead of just looking at the direct children of the root multipart/alternative
container? Unfortunately, I'm not fluent enough in Ruby to be able to investigate this issue further.
In any case, I hope that this report will help!
Thank you very much for all the work on this great tool! :)
Cheers!
snip