add option to view full (html) message #1763
Conversation
|
hopefully not, js is not available in email clients for a good reason.
remote fetching should be controllable by the user, like a load external content button and the option to trust certain domains / filetypes? Also we should sanitize the html files even if we disable js in the webview there are probably still vulnerabilities. I would just allow a safe subset of html. |
|
sanitizing html-files is planned, filtering out js stuff and maybe other things, this will be done together with adding embedded images which requires iterating over html anyway. for loading remote content - we had several discussions over that, there are several possible approaches, yes. |
no, javascript is not enabled at all. for subsequent discussions wrt sanitizing, please refer to deltachat/deltachat-core-rust#2127 |
r10s
force-pushed
the
save-original
branch
2 times, most recently
from
0240638 to
af23481
Compare
r10s
force-pushed
the
save-original
branch
2 times, most recently
from
3a1043c to
6b442af
Compare
|
remote content is now disabled by default, there is a menu option to load it once or always, see image atop. i think, this is mergable now - also to get the strings to master and make them translatable for the other UIs. if needed, we can add a banner or so later on in a subsequent pr, however, for the first thing, the state is not that bad, esp. as there are not many options currently :) also, the subject is not yet shown (cmp deltachat/deltachat-core-rust#2138), but this is also for a subsequent pr. |
…idden 'Once' that looks more like a bug :)
|
First testing...
|
r10s
changed the title
probably not that hard, i've skimmed some options in
we will see. it is one of two menu entries. i also noted above that a banner in a subsequent pr might be nice, however, this would also need detection of request to remote content, not sure how hard that is and if it is really worth the effort.
no, "Always" means "Always" :) so, "Always for all HTML-messages". at least for now, that should be sufficient. tbh, i do not think we really need this "always for this message", "always for this sender", "always for this domain" etc., i do not think that this bureaucracy is really helpful. also, as you usually have confirmed a contact request before and you always have to hit the "show full message" button. having that in mind, that the html-stuff is used for confirmed contacts only, the privacy thing is maybe not a huge one. also, i do not want to have too high barriers for initial implementation for ios/desktop (see deltachat/deltachat-ios#1046) but i would like to get this discussion out of this pr as well, the current options are already more than we initially wanted to do :) |
| android:layout_marginBottom="10dp" | ||
| android:paddingLeft="12dp" | ||
| android:paddingRight="12dp" | ||
| android:background="@drawable/conversation_item_update_background" |
There was a problem hiding this comment.
The button somehow looks too... grey to me; the following looks better IMO but not great still:
| android:background="@drawable/conversation_item_update_background" | |
| android:background="@color/delta_primary" | |
| android:textColor="@color/white" | |
| tools:visibility="visible" |
There was a problem hiding this comment.
yip, the button could need some tweaking, however, also outgoing buttons need tweaking, and by just saying @color/delta_primary, the rounded corners are lost.
There was a problem hiding this comment.
For me it looks equally good with round and square corners, but yes, if we want to preserve rounded corners, this needs some more work.
What do you mean with "outgoing buttons"?
There was a problem hiding this comment.
What do you mean with "outgoing buttons"?
the ones defined in res/layout/conversation_item_sent.xml. we have two layout for the bubbles, one incoming, one outgoing. you suggestion would only change the incoming ones (on the left side).
however, to move forward, i'd like to put that layout discussion into another pr, current state is not bad (maybe in darkmode it is a bit dark :)
this makes it easier for the user to find the option if one sees, images are missing in the document.
|
i've changed the wording from "Load remote content" to "Load remote images" - for the latter, it seems much easier for the user to understand the option as one sees that images are missing (the option in the menu, not visible on the screenshot, is also called Load remote images). not sure, if it is really needed to point out that this also affects styles or other content, however, i've added that bit. the second note is that user are not thinking that it is a bug, when they are seeing images if the option is disabled (i've seen that complain for other mua in some threads and forums)
|
|
Shorter the messages are easier to read and some users have small screens. Maybe "Remote images may be used to track you" for the first sentence? Typical WYSIWYG users probably will not understand what "remote styles" are, unless they are familiar with CSS and the concept of separate styles. I would use "fonts and other content" instead. Bullets are useless here, this is not a list. I would even merge it into a single paragraph: "The setting also allows loading fonts and other content. Even if it is disabled, you may still see embedded or cached images." |
|
now it looks like that, much cleaner, thanks a lot!
EDIT: first "may" is replaced by "can", according to recent irc discussions, see following commit for reasoning. |
| <item android:title="@string/search" | ||
| android:id="@+id/menu_search_web_view" | ||
| app:actionViewClass="androidx.appcompat.widget.SearchView" | ||
| app:showAsAction="collapseActionView|never" /> |
There was a problem hiding this comment.
Nitpicking: Maybe move this to the end, as it's shown on the right? (I was a little confused first why the "0/0" text doesn't come first
There was a problem hiding this comment.
we are using the same order already at other places, so i would not mix that - and i do not want to change other places in scope of this pr.
i read it as menu_search_web_view introduces the sequence of needed search buttons :)
| @@ -282,7 +282,7 @@ public void openConversation(int chatId, int startingPosition) { | |||
| final ApplicationDcContext dcContext = DcHelper.getContext(this); | |||
| if (isForwarding(this) && dcContext.getChat(chatId).isSelfTalk()) { | |||
| SendRelayedMessageUtil.immediatelyRelay(this, chatId); | |||
| Toast.makeText(this, "✔️ " + getString(R.string.saved), Toast.LENGTH_SHORT).show(); | |||
| Toast.makeText(this, DynamicTheme.getCheckmarkEmoji(this) + " " + getString(R.string.saved), Toast.LENGTH_SHORT).show(); | |||
There was a problem hiding this comment.
this is not related to html-view, however, during review it turns out that the "✔️" emoji does not contrast nicely to dark-mode background-colors and we introduced a function therefore - and used it at places where "✔️" was already used before.
Don't use AsyncTask
this is the ui counterpart of deltachat/deltachat-core-rust#2125 - the pr adds a button "Show full message..." whenever core thinks, this is reasonable. a click on the button opens an html-view with the full message as returned by the core.
the full-message is even searchable :)
left: message with the new button, right: after tap on the button
EDIT: now, remote content is disabled by default and can be enabled in the menu:
related related: deltachat/deltachat-desktop#2078, deltachat/deltachat-ios#1046, deltachat/deltachat-core-rust#2125