feat: replace flutter_html with SecureEmailWebView (#21)
Swap the flutter_html renderer for a webview_flutter-based widget that enforces strict security by default: scripts blocked via CSP (script-src 'none'), remote images opt-in, and every link click routed through a confirmation dialog that bolds the registered domain for phishing detection. Links open in the system browser via url_launcher. On Linux (no webview_flutter platform support) the widget falls back to plain text extracted via the existing htmlToPlain() utility. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
Thomas SharedInbox
co-authored by
Claude Sonnet 4.6
Claude Sonnet 4.6
parent
902c0a7900
commit
f96f9216cd
@@ -49,6 +49,7 @@ const _excluded = {
|
||||
'lib/ui/screens/thread_detail_screen.dart',
|
||||
'lib/ui/screens/undo_log_screen.dart',
|
||||
'lib/ui/widgets/folder_drawer.dart',
|
||||
'lib/ui/widgets/secure_email_webview.dart',
|
||||
'lib/ui/widgets/snooze_picker.dart',
|
||||
'lib/ui/widgets/try_connection_button.dart',
|
||||
'lib/ui/widgets/undo_shell.dart',
|
||||
|
||||
Reference in New Issue
Block a user