@@ -47,18 +47,7 @@ export class ThunderbirdElementReplacer extends WebmailElementReplacer {
4747 for ( const attachment of attachments ) {
4848 const fcAttachment = await BrowserMsg . send . bg . await . thunderbirdGetDownloadableAttachment ( { attachment } ) ;
4949 if ( fcAttachment ) {
50- if ( attachment . name . endsWith ( '.pgp' ) ) {
51- const generatedPgpTemplate = this . generatePgpAttachmentTemplate ( attachment . name , fcAttachment ) ;
52- $ ( '.pgp_attachments_block' ) . append ( generatedPgpTemplate ) ; // xss-sanitized
53- } else if ( Attachment . encryptedMsgNames . some ( a => attachment . name . includes ( a ) ) && ! this . emailBodyFromThunderbirdMail ) {
54- await this . messageDecrypt ( signerKeys , fcAttachment ) ;
55- } else if ( attachment . name . endsWith ( '.asc' ) ) {
56- const sigText = new TextDecoder ( 'utf-8' ) . decode ( fcAttachment ) . trim ( ) ;
57- if ( this . resemblesSignedMsg ( sigText ) ) {
58- const plaintext = emailBodyToParse ;
59- await this . messageVerify ( signerKeys , { plaintext, sigText } ) ;
60- }
61- }
50+ await this . attachmentUiRenderer ( attachment . name , fcAttachment , signerKeys , emailBodyToParse ) ;
6251 }
6352 }
6453 }
@@ -123,6 +112,20 @@ export class ThunderbirdElementReplacer extends WebmailElementReplacer {
123112 $ ( 'body' ) . html ( pgpBlock ) ; // xss-sanitized
124113 } ;
125114
115+ private attachmentUiRenderer = async ( attachmentName : string , fcAttachment : Buf , verificationPubs : string [ ] , plaintext : string ) => {
116+ if ( attachmentName . endsWith ( '.pgp' ) ) {
117+ const generatedPgpTemplate = this . generatePgpAttachmentTemplate ( attachmentName , fcAttachment ) ;
118+ $ ( '.pgp_attachments_block' ) . append ( generatedPgpTemplate ) ; // xss-sanitized
119+ } else if ( Attachment . encryptedMsgNames . some ( a => attachmentName . includes ( a ) ) && ! this . emailBodyFromThunderbirdMail ) {
120+ await this . messageDecrypt ( verificationPubs , fcAttachment ) ;
121+ } else if ( attachmentName . endsWith ( '.asc' ) ) {
122+ const sigText = new TextDecoder ( 'utf-8' ) . decode ( fcAttachment ) . trim ( ) ;
123+ if ( this . resemblesSignedMsg ( sigText ) ) {
124+ await this . messageVerify ( verificationPubs , { plaintext, sigText } ) ;
125+ }
126+ }
127+ } ;
128+
126129 private generatePgpBlockTemplate = ( encryptionStatus : string , verificationStatus : string , messageToRender : string ) : string => {
127130 return `
128131 <div ${ encryptionStatus === 'encrypted' ? 'class="pgp_secure"' : 'class="pgp_neutral"' }
@@ -142,17 +145,17 @@ export class ThunderbirdElementReplacer extends WebmailElementReplacer {
142145 const uiFileExtensions = [ 'excel' , 'word' , 'png' , 'jpg' , 'generic' ] ;
143146 const attachmentHtmlRoot = $ ( '<div>' ) . addClass ( 'thunderbird_attachment_root' ) ;
144147 const attachmentFileTypeIcon = $ ( '<img>' ) . addClass ( 'thunderbird_attachment_icon' ) ;
145- attachmentFileTypeIcon . attr ( 'alt' , Xss . escape ( originalFilename ) ) ;
148+ const decryptedFileName = originalFilename . replace ( / \. ( p g p | g p g | a s c ) $ / i , '' ) ;
146149 uiFileExtensions . some ( fileExtension => {
147- if ( originalFilename . replace ( / \. ( p g p | g p g | a s c ) $ / i , '' ) . endsWith ( fileExtension ) ) {
150+ if ( decryptedFileName . endsWith ( fileExtension ) ) {
148151 attachmentFileTypeIcon . attr ( 'src' , messenger . runtime . getURL ( `/img/fileformat/${ fileExtension } ) ) ;
149152 }
150153 } ) ;
151154 const attachmentFilename = $ ( '<div>' ) . addClass ( 'thunderbird_attachment_name' ) . text ( originalFilename ) ;
152155 const attachmentDownloadBtn = $ ( '<div>' )
153156 . addClass ( 'thunderbird_attachment_download' )
154157 . on ( 'click' , async ( ) => {
155- await this . downloadThunderbirdAttachmentHandler ( originalFilename , attachmentData ) ;
158+ await this . downloadThunderbirdAttachmentHandler ( decryptedFileName , attachmentData ) ;
156159 } )
157160 . append ( $ ( '<img>' ) . attr ( 'src' , messenger . runtime . getURL ( '/img/svgs/download-link.svg' ) ) ) ; // xss-safe-value
158161 attachmentHtmlRoot . append ( attachmentFileTypeIcon ) ; // xss-escaped
@@ -161,17 +164,15 @@ export class ThunderbirdElementReplacer extends WebmailElementReplacer {
161164 return attachmentHtmlRoot ;
162165 } ;
163166
164- private downloadThunderbirdAttachmentHandler = async ( originalFilename : string , encryptedData : Buf ) => {
167+ private downloadThunderbirdAttachmentHandler = async ( decryptedFileName : string , encryptedData : Buf ) => {
165168 if ( encryptedData ) {
166169 const result = await MsgUtil . decryptMessage ( {
167170 kisWithPp : await KeyStore . getAllWithOptionalPassPhrase ( this . acctEmail ) ,
168171 encryptedData,
169172 verificationPubs : [ ] , // todo: #4158 signature verification of attachments
170173 } ) ;
171174 if ( result . success && result . content ) {
172- const decryptedFileName = originalFilename . replace ( / \. ( p g p | g p g | a s c ) $ / i, '' ) ;
173- const decryptedContent = result . content ;
174- await BrowserMsg . send . bg . await . thunderbirdInitiateAttachmentDownload ( { decryptedFileName, decryptedContent } ) ;
175+ await BrowserMsg . send . bg . await . thunderbirdInitiateAttachmentDownload ( { decryptedFileName, decryptedContent : result . content } ) ;
175176 }
176177 }
177178 } ;
0 commit comments