Better HTML sanitization for the mail viewer

[rjl]

A more thorough HTML-sanitizing routine should be used to make sure that web bugs don't slip through to the mail viewer. We can't trust MIME-type declarations, either, apparently--some parts advertised as "text/plain" in fact contain HTML that needs to be sanitized. Likewise, tag elements that support URLs as arguments (e.g. "background=...", "link=...") need to be stripped out.

[dmorton]

this can cause major formatting errors, but more importantly, it could potentially introduce some security problems with a certain browser that has so many security holes it couldn't even float on dry land.

[rjl]

As David suggests in a comment to #456, we would probably be better off

using a third-party HTML filter like [http://htmlpurifier.org/ HTML Purifier].

[mortonda@…]

a basic implementation of htmltidy

[mortonda@…]

The patch I just uploaded is a basic implementation, but some discussion and testing is probably needed.

First, I disabled its cache for now, until we determine if and where that cache should be set up. Maybe that should be a maia_config.php option.

Also, I set it up to disallow all URL's. This effectively blocks all images and also prevents clicking through a bit of spam.

On first glance, it seems to do a nice job, and I don't see any major performance problems on an old 1Ghz athlon even with the cache disabled, keeping in mind that this is not one of the more frequently hit sections of code.

[mortonda@…]

heh, I meant html purifier, not html tidy.

[mortonda@…]

committed in [1307], [1311], and [1312]

It will function ok without the extra config item, and while it supposedly speeds up HTMLPurifier to have a cache, I don't know if it is enough to worry about.