feat: Text shared via the ShareExtension is sanitized and added to a new draft

.package.resolved

@@ -239,8 +239,8 @@
       "kind" : "remoteSourceControl",
       "location" : "https://github.com/Infomaniak/swift-concurrency",
       "state" : {
-        "revision" : "1c2e7ee0bb93203c865904494b0aa2aedbc57713",
-        "version" : "0.0.4"
+        "revision" : "02960fd5d2cf57c7ba38d13bbbf580d7f6ac7102",
+        "version" : "0.0.5"
       }
     },
     {

Mail/Views/New Message/Attachments/AttachmentsManager.swift

@@ -116,8 +116,8 @@ import SwiftUI
         await worker.completeUploadedAttachments()
     }
 
-    func processTextAttachments(_ attachments: [TextAttachable]) async {
-        await worker.processTextAttachments(attachments)
+    func processHtmlAttachments(_ attachments: [HTMLAttachable]) async {
+        await worker.processHtmlAttachments(attachments)
     }
 
     func attachmentUploadTaskOrFinishedTask(for uuid: String) -> AttachmentUploadTask {

Mail/Views/New Message/ComposeMessageIntentView.swift

@@ -39,7 +39,7 @@ struct ComposeMessageIntentView: View, IntentViewable {
     }
 
     let composeMessageIntent: ComposeMessageIntent
-    var textAttachments: [TextAttachable] = []
+    var htmlAttachments: [HTMLAttachable] = []
     var attachments: [Attachable] = []
 
     var body: some View {
@@ -50,7 +50,7 @@ struct ComposeMessageIntentView: View, IntentViewable {
                     mailboxManager: resolvedIntent.mailboxManager,
                     messageReply: resolvedIntent.messageReply,
                     attachments: attachments,
-                    textAttachments: textAttachments
+                    htmlAttachments: htmlAttachments
                 )
                 .environmentObject(resolvedIntent.mailboxManager)
             } else {

Mail/Views/New Message/ComposeMessageView.swift

@@ -101,7 +101,7 @@ struct ComposeMessageView: View {
     private let messageReply: MessageReply?
     private let draftContentManager: DraftContentManager
     private let mailboxManager: MailboxManager
-    private let textAttachments: [TextAttachable]
+    private let htmlAttachments: [HTMLAttachable]
 
     private var isSendButtonDisabled: Bool {
         let disabledState = draft.identityId == nil
@@ -118,10 +118,10 @@ struct ComposeMessageView: View {
         mailboxManager: MailboxManager,
         messageReply: MessageReply? = nil,
         attachments: [Attachable] = [],
-        textAttachments: [TextAttachable] = []
+        htmlAttachments: [HTMLAttachable] = []
     ) {
         self.messageReply = messageReply
-        self.textAttachments = textAttachments
+        self.htmlAttachments = htmlAttachments
 
         _draft = ObservedRealmObject(wrappedValue: draft)
 
@@ -223,7 +223,7 @@ struct ComposeMessageView: View {
                 currentSignature = try await draftContentManager.prepareCompleteDraft()
 
                 async let _ = attachmentsManager.completeUploadedAttachments()
-                async let _ = attachmentsManager.processTextAttachments(textAttachments)
+                async let _ = attachmentsManager.processHtmlAttachments(htmlAttachments)
 
                 isLoadingContent = false
             } catch {

MailCore/Cache/Attachments/AttachmentsManagerWorker/AttachmentsManagerWorker.swift

@@ -370,22 +370,14 @@ extension AttachmentsManagerWorker: AttachmentsManagerWorkable {
         await updateDelegate?.contentWillChange()
     }
 
-    public func processTextAttachments(_ attachments: [TextAttachable]) async {
-        // Process all text attachments
-        let textAttachments = await attachments.concurrentMap { attachment in
-            await attachment.textAttachment
-        }
-
+    public func processHtmlAttachments(_ htmlAttachments: [HTMLAttachable]) async {
         // Get first usable title
-        let anyUsableTitle = anyUsableTitle(in: textAttachments)
-
-        // Get all URLs
-        let allURLs = allURLs(in: textAttachments)
+        let anyUsableTitle = await anyUsableTitle(in: htmlAttachments)
 
-        // Render all URLs as HTML code, if any after a minimalistic input sanitising
-        let formattedBodyUrls = formattedBodyUrls(allURLs: allURLs)
+        // Get all the sanitized HTML we can fetch
+        let allSanitizedHtmlString = await allSanitizedHtml(in: htmlAttachments).reduce("", +)
 
-        // mutate Draft
+        // Mutate Draft
         await backgroundRealm.execute { realm in
             try? realm.write {
                 guard let draftInContext = realm.object(ofType: Draft.self, forPrimaryKey: self.draftLocalUUID) else {
@@ -400,8 +392,8 @@ extension AttachmentsManagerWorker: AttachmentsManagerWorkable {
                     modified = true
                 }
 
-                if !formattedBodyUrls.isEmpty {
-                    draftInContext.body = formattedBodyUrls + draftInContext.body
+                if !allSanitizedHtmlString.isEmpty {
+                    draftInContext.body = allSanitizedHtmlString + draftInContext.body
                     modified = true
                 }
 
@@ -414,34 +406,26 @@ extension AttachmentsManagerWorker: AttachmentsManagerWorkable {
         }
     }
 
-    private func anyUsableTitle(in textAttachments: [TextAttachment]) -> String {
-        textAttachments.first { $0.title?.isEmpty == false }?.title ?? ""
+    private func anyUsableTitle(in textAttachments: [TextAttachable]) async -> String {
+        let textAttachments = await textAttachments.asyncMap { attachment in
+            await attachment.textAttachment
+        }
+
+        let title = textAttachments.first { $0.title?.isEmpty == false }?.title ?? ""
+        return title
     }
 
-    private func allURLs(in textAttachments: [TextAttachment]) -> [String] {
-        textAttachments.compactMap { attachment in
-            guard let body = attachment.body,
-                  !body.isEmpty else {
+    private func allSanitizedHtml(in htmlAttachments: [HTMLAttachable]) async -> [String] {
+        let allSanitizedHtml: [String] = await htmlAttachments.asyncCompactMap { attachment in
+            guard let renderedHTML = await attachment.renderedHTML,
+                  !renderedHTML.isEmpty else {
                 return nil
             }
 
-            return body
+            return renderedHTML
         }
-    }
-
-    private func formattedBodyUrls(allURLs: [String]) -> String {
-        allURLs.reduce("") { partialResult, urlString in
-            guard let bodyUrl = URL(string: urlString) else {
-                return partialResult
-            }
 
-            let bodyAbsoluteUrl = bodyUrl.absoluteString
-            guard !bodyAbsoluteUrl.isEmpty else {
-                return partialResult
-            }
-
-            return partialResult + "<div><a href=\"\(bodyAbsoluteUrl)\">" + bodyAbsoluteUrl + "</a></div>"
-        }
+        return allSanitizedHtml
     }
 
     @MainActor public func attachmentUploadTaskOrFinishedTask(for uuid: String) -> AttachmentUploadTask {

MailCore/Cache/Attachments/TextAttachable.swift

@@ -28,6 +28,14 @@ public protocol TextAttachable {
     var textAttachment: TextAttachment { get async }
 }
 
+/// Something that can be rendered into HTML that can be added to a Mail Draft safely.
+///
+/// Inherits from `TextAttachable`
+public protocol HTMLAttachable: TextAttachable {
+    /// Provides a sanitised HTML that can be added to a Mail body.
+    var renderedHTML: String? { get async }
+}
+
 extension NSItemProvider: TextAttachable {
     static let nilAttachment: TextAttachment = (nil, nil)
 

MailShareExtension/Attachment/SafariKeyValueToHTMLAttachment.swift

@@ -0,0 +1,55 @@
+/*
+ Infomaniak Mail - iOS App
+ Copyright (C) 2024 Infomaniak Network SA
+
+ This program is free software: you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+import Foundation
+import MailCore
+
+struct SafariKeyValueToHTMLAttachment: HTMLAttachable {
+    let item: TextAttachable
+
+    init(wrapping item: TextAttachable) {
+        self.item = item
+    }
+
+    // MARK: TextAttachable protocol
+
+    var textAttachment: MailCore.TextAttachment {
+        get async {
+            await item.textAttachment
+        }
+    }
+
+    // MARK: HTMLAttachable protocol
+
+    var renderedHTML: String? {
+        get async {
+            guard let urlString = await textAttachment.body,
+                  let bodyUrl = URL(string: urlString) else {
+                return nil
+            }
+
+            let bodyAbsoluteUrl = bodyUrl.absoluteString
+            guard !bodyAbsoluteUrl.isEmpty else {
+                return nil
+            }
+
+            let finalHTML = "<div class=\"renderedHTML\"><a href=\"\(bodyAbsoluteUrl)\">" + bodyAbsoluteUrl + "</a></div>"
+            return finalHTML
+        }
+    }
+}

MailShareExtension/Attachment/TxtToHTMLAttachment.swift

@@ -0,0 +1,73 @@
+/*
+ Infomaniak Mail - iOS App
+ Copyright (C) 2024 Infomaniak Network SA
+
+ This program is free software: you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+import Foundation
+import MailCore
+
+/// A wrapping type that can read an NSItemProvider that renders as a`.txt` on the fly and provide the content thanks to the
+/// `TextAttachable` protocol
+struct TxtToTextAttachment: HTMLAttachable {
+    let item: NSItemProvider
+
+    init?(wrapping item: NSItemProvider) {
+        guard item.underlyingType == .isText else {
+            return nil
+        }
+
+        self.item = item
+    }
+
+    // MARK: TextAttachable protocol
+
+    var textAttachment: MailCore.TextAttachment {
+        get async {
+            guard let textAttachment = try? await item.writeToTemporaryURL() else {
+                return (nil, nil)
+            }
+
+            guard let textData = NSData(contentsOf: textAttachment.url) else {
+                return (nil, nil)
+            }
+
+            let textString = String(decoding: textData, as: UTF8.self)
+
+            /// The `txt` file name is generated, so not useful for an email subject, discarding it
+            return TextAttachment(title: nil, body: textString)
+        }
+    }
+
+    // MARK: HTMLAttachable protocol
+
+    var renderedHTML: String? {
+        get async {
+            guard let textString = await textAttachment.body else {
+                return nil
+            }
+
+            /// Minimalist HTML sanitisation and support, non HTML text will work too.
+            guard let document = try? SwiftSoupUtils(fromHTMLFragment: textString),
+                  let cleanDocument = try? await document.cleanBody(),
+                  let cleanHTML = try? cleanDocument.outerHtml() else {
+                return nil
+            }
+
+            let finalHTML = "<div class=\"renderedHTML\">" + cleanHTML + "</div>"
+            return finalHTML
+        }
+    }
+}

MailShareExtension/WeblocToTextAttachment.swift → MailShareExtension/Attachment/WeblocToHTMLAttachment.swift

@@ -21,7 +21,7 @@ import MailCore
 
 /// A wrapping type that can read an NSItemProvider that renders as a`.webloc` on the fly and provide the content thanks to the
 /// `TextAttachable` protocol
-struct WeblocToTextAttachment: TextAttachable {
+struct WeblocToTextAttachment: HTMLAttachable {
     let item: NSItemProvider
 
     init?(wrapping item: NSItemProvider) {
@@ -40,20 +40,39 @@ struct WeblocToTextAttachment: TextAttachable {
                 return (nil, nil)
             }
 
-            guard let weblocData = NSData(contentsOf: webloc.url) else {
+            guard let weblocData = try? Data(contentsOf: webloc.url) else {
                 return (nil, nil)
             }
 
-            guard let parsedWebloc = try? PropertyListSerialization.propertyList(from: weblocData as Data,
+            guard let parsedWebloc = try? PropertyListSerialization.propertyList(from: weblocData,
                                                                                  options: [],
                                                                                  format: nil) as? NSDictionary else {
                 return (nil, nil)
             }
 
             let parsedURL = parsedWebloc["URL"] as? String
 
-            /// The `webloc` title is not useful for an email subject, discarding it
+            /// The `webloc` file name is generated, so not useful for an email subject, discarding it
             return TextAttachment(title: nil, body: parsedURL)
         }
     }
+
+    // MARK: HTMLAttachable protocol
+
+    var renderedHTML: String? {
+        get async {
+            guard let urlString = await textAttachment.body,
+                  let bodyUrl = URL(string: urlString) else {
+                return nil
+            }
+
+            let bodyAbsoluteUrl = bodyUrl.absoluteString
+            guard !bodyAbsoluteUrl.isEmpty else {
+                return nil
+            }
+
+            let finalHTML = "<div class=\"renderedHTML\"><a href=\"\(bodyAbsoluteUrl)\">" + bodyAbsoluteUrl + "</a></div>"
+            return finalHTML
+        }
+    }
 }