From d1c1ebfe01146964701a25ded064a4b43dc2f4d1 Mon Sep 17 00:00:00 2001
From: M66B <M66B@users.noreply.github.com>
Date: Sun, 10 Mar 2019 19:39:17 +0000
Subject: [PATCH] Remove scripts from original messages

---
 app/src/main/java/eu/faircode/email/HtmlHelper.java | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/app/src/main/java/eu/faircode/email/HtmlHelper.java b/app/src/main/java/eu/faircode/email/HtmlHelper.java
index 2965c5b082..8545bfc96c 100644
--- a/app/src/main/java/eu/faircode/email/HtmlHelper.java
+++ b/app/src/main/java/eu/faircode/email/HtmlHelper.java
@@ -33,6 +33,7 @@ import android.text.TextUtils;
 import android.util.Base64;
 
 import org.jsoup.Jsoup;
+import org.jsoup.nodes.Attribute;
 import org.jsoup.nodes.Document;
 import org.jsoup.nodes.Element;
 import org.jsoup.nodes.Node;
@@ -75,6 +76,7 @@ public class HtmlHelper {
 
         Document document = Jsoup.parse(html);
 
+        // Remove tracking pixels
         for (Element img : document.select("img")) {
             String src = img.attr("src");
             String height = img.attr("height").trim();
@@ -83,6 +85,15 @@ public class HtmlHelper {
                 img.removeAttr("src");
         }
 
+        // Remove Javascript
+        for (Element e : document.select("*"))
+            for (Attribute a : e.attributes())
+                if (a.getValue().trim().toLowerCase().startsWith("javascript:"))
+                    e.removeAttr(a.getKey());
+
+        // Remove scripts
+        document.select("script").remove();
+
         return document.outerHtml();
     }