guettli/sharedinbox
1
0
Fork 0
Code Issues 21 Pull Requests 6 Actions Packages Projects Releases Wiki Activity

feat: replace flutter_html with SecureEmailWebView (#21)

Browse Source 
Swap the flutter_html renderer for a webview_flutter-based widget that
enforces strict security by default: scripts blocked via CSP
(script-src 'none'), remote images opt-in, and every link click routed
through a confirmation dialog that bolds the registered domain for
phishing detection.  Links open in the system browser via url_launcher.

On Linux (no webview_flutter platform support) the widget falls back to
plain text extracted via the existing htmlToPlain() utility.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
Thomas SharedInbox
2026-05-15 08:18:42 +02:00
co-authored by Claude Sonnet 4.6
parent 902c0a7900
commit f96f9216cd
6 changed files with 285 additions and 119 deletions
Download Patch File Download Diff File Expand all files Collapse all files
pubspec.yaml
+1 -1
View File
@@ -41,7 +41,7 @@ dependencies:
mime: ^2.0.0
# HTML rendering for email bodies
flutter_html: ^3.0.0
webview_flutter: ^4.0.0
url_launcher: ^6.3.2
flutter_markdown: ^0.7.7+1