Block external images

lib/service/html.php

@@ -19,6 +19,7 @@ use HTMLPurifier_HTMLDefinition;
 use HTMLPurifier_URISchemeRegistry;
 use Kwi\UrlLinker;
 use OCA\Mail\Service\HtmlPurify\CidURIScheme;
+use OCA\Mail\Service\HtmlPurify\TransformImageSrc;
 use OCA\Mail\Service\HtmlPurify\TransformNoReferrer;
 use OCA\Mail\Service\HtmlPurify\TransformURLScheme;
 use OCP\IURLGenerator;
@@ -95,6 +96,9 @@ class Html {
 		$config->set('Cache.DefinitionImpl', null);
 
 		// Rewrite URL for redirection and proxying of content
+		$html = $config->getDefinition('HTML');
+		$html->info_attr_transform_post['imagesrc'] = new TransformImageSrc();
+
 		$uri = $config->getDefinition('URI');
 		$uri->addFilter(new TransformURLScheme($messageParameters, $mapCidToAttachmentId, $this->urlGenerator), $config);
 

lib/service/htmlpurify/transformimagesrc.php

+<?php
+
+namespace OCA\Mail\Service\HtmlPurify;
+use HTMLPurifier_AttrTransform;
+use HTMLPurifier_Config;
+use HTMLPurifier_Context;
+use OCP\Util;
+
+/**
+ * Adds copies src to data-src on all img tags.
+ */
+class TransformImageSrc extends HTMLPurifier_AttrTransform {
+	/**
+	 * @param array $attr
+	 * @param HTMLPurifier_Config $config
+	 * @param HTMLPurifier_Context $context
+	 * @return array
+	 */
+	public function transform($attr, $config, $context) {
+		if ( $context->get('CurrentToken')->name !== 'img' ||
+			!isset($attr['src'])) {
+			return $attr;
+		}
+
+		$attr['data-original-src'] = $attr['src'];
+		$attr['src'] = Util::imagePath('mail', 'blocked-image.png');
+		return $attr;
+	}
+}