feat: add client-side TIFF previewer using UTIF.js#3646
Merged
luis100 merged 1 commit intodevelopmentfrom Apr 16, 2026
Merged
Conversation
Renders single- and multi-page TIFF files directly in the browser via
HTML5 canvas without server-side conversion. Pages are stacked vertically
matching the PDF.js layout.
- Add TiffViewer.java GWT widget (JSNI XHR + UTIF.decode/toRGBA8/canvas)
- Wire TiffViewer into BitstreamPreview dispatch for viewer type "tiff"
- Bundle UTIF.js 3.1.0 as a static asset under js/utif/
- Include UTIF.js in Main.html and Portal.html
- Register TIFF viewer in roda-wui.properties (mimetypes, extensions,
PRONOM IDs fmt/7-fmt/10, fmt/154-fmt/159, fmt/353 / GeoTIFF)
- Fix spring.web.resources.static-locations property name in
application.properties (SB3 renamed spring.resources.*)
- Fix GWT debug-profile pom.xml: add webappDirectory pointing to
target/<finalName>/static so compiled JS lands where Spring Boot
can serve it from classpath:/static/
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
dosubot
bot
added
size:XXL
luis100
added a commit
that referenced
this pull request
Apr 16, 2026
- Remove VIEWER_TYPE_TIFF and tiffPreview() leaked from PR #3646 (caused compilation failure: TiffViewer class not on this branch) - Escape error message before innerHTML insertion to prevent XSS - Move escapeHtml before onError so it is defined at call site - Remove redundant FORBID_ATTR list from DOMPurify (already default behaviour) - Track Blob object-URLs in instance field; revoke all on widget detach to prevent memory leak - Update DOMPurify WebJar from 3.2.6 to 3.4.0 to fix Snyk findings - Add CSS for email viewer classes to main.gss Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
luis100
added a commit
that referenced
this pull request
Apr 17, 2026
The UTIF.js <script> tag was polluted from the tiff-viewer branch into this branch. js/utif/UTIF.js is not produced by the email-viewer build, causing a 404 / NoResourceFoundException on every page load. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
luis100
added a commit
that referenced
this pull request
Apr 17, 2026
- Remove VIEWER_TYPE_TIFF and tiffPreview() leaked from PR #3646 (caused compilation failure: TiffViewer class not on this branch) - Escape error message before innerHTML insertion to prevent XSS - Move escapeHtml before onError so it is defined at call site - Remove redundant FORBID_ATTR list from DOMPurify (already default behaviour) - Track Blob object-URLs in instance field; revoke all on widget detach to prevent memory leak - Update DOMPurify WebJar from 3.2.6 to 3.4.0 to fix Snyk findings - Add CSS for email viewer classes to main.gss Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
luis100
added a commit
that referenced
this pull request
Apr 17, 2026
…elopment After rebasing claude/email-viewer onto origin/development (which had merged PR #3646 with TIFF viewer support), the earlier fix commit that removed TIFF constants/methods as pollution still applied, causing compilation errors. Restore them so the preview dispatch works correctly for both TIFF and email viewers. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
TiffViewer.javaGWT widget that fetches TIFF files via XHR (arraybuffer) and renders each page onto an HTML5<canvas>using UTIF.js, stacked vertically like the PDF.js viewerTiffViewerintoBitstreamPreviewdispatch (new viewer type"tiff")js/utif/UTIF.js(no WebJar available on Maven Central); include script tag in bothMain.htmlandPortal.htmlroda-wui.properties: mimetypesimage/tiff/image/x-tiff, extensions.tif/.tiff, PRONOM IDs fmt/7–fmt/10, fmt/154–fmt/159, fmt/353 (GeoTIFF)spring.web.resources.static-locationsproperty name inapplication.properties(Spring Boot 3 renamedspring.resources.*)debug-*profiles inpom.xml: add<webappDirectory>pointing totarget/<finalName>/static/so compiled JS lands where Spring Boot resolvesclasspath:/static/Security
UTIF.js was reviewed for vulnerabilities. All risks are DoS-class (not XSS/RCE). Guards applied in
TiffViewer:MAX_PAGES = 500— prevents memory exhaustion from files with thousands of IFDsMAX_DIMENSION_PX = 16384— skips any page whose width or height exceeds 16 384 px (1 GiB RGBA buffer limit)Test plan
-Pdebug-mainand Spring Boot serves the module JS withoutNoResourceFoundException🤖 Generated with Claude Code