Home » Php » PHP displaying html email in a html page

PHP displaying html email in a html page

Posted by: admin July 12, 2020 Leave a comment

Questions:

I’m building an PHP email mailbox script.

How would I make html emails display cleanly as they do in gmail/hotmail.

If I just echo it out it affects the whole page layout.

I could use iframes but surely that isn’t the best solution.

How to&Answers:

As Marc B stated, I believe an IFrame would be your best bet… but please realize that if you just dump any email HTML code you risk exposing yourself to viruses, Trojans, and malicious HTML/JavaScript code – Your opening Pandora’s box on your computer unless you find a good way to sandbox/strip that HTML.

Here’s a simple Regex to clean JavaScript at least :

"(?s)<script.*?(/>|</script>)"

Answer:

If you are looking for the ‘best solution’ get on board with another open source email library that is doing the same thing you are. Maintaining an email renderer on your own that is safe against script injection and other hacks will simply be too much work for one person.

One example: https://github.com/afterlogic/webmail-lite

Another: http://trac.roundcube.net/

You get the benefit of other developers who use the library maintaining the code base, so if something is broken, all you have to do is pull the latest update (hopefully) and you get the fix. If you find something that needs improving, you can fix it or build it, and make the code better for everyone. I’m really just pitching open source libraries here, however in any commercial context, building your own email renderer without a big team, is a bad idea.

Answer:

Consider the use of some HTML Tidy library (i.e.: PHP.Tidy).

You can pass the text through the library to get well formatted html.

A good practice would be to define a CSS standard behaviour for most tags in the div you’re using.

Answer:

Create a DIV container that you assign width (and height if needed) to, and make sure you add an overflow property to match your design. This should keep your email HTML from interfering with your layout.

UPDATE

A DIV container still assures you that you can constrain the size of the display box and with appropriate CSS acts similar to an iframe without all the baggage.

If you are worried about the code in the email, strip_tags would seem a better solution than the regex. You can define a list of tags to leave alone and still be confident of stripping the rest.