feat: Add signature and quotes in RichHtmlEditorWebview

[solrubado]

Depends on Infomaniak/android-rich-html-editor#46

[LunarX]

The textfield for the redaction has a different color than the background now. Also the placeholder and my signature are not displayed at all.

Edit: Ok it looks like it's more of an issue of some of the logic not loading in time instead.

In this before:

On main:

[LunarX]

Check if the computation of saveSnapshot and isSnapshotTheSame are correct when you open a new message, modify nothing and then leave. Because right now it saves a new draft everytime even when there are no modifications

[LunarX]

I haven't finished reviewing yet but here a some of the comments. We can review them together

[LunarX]

Some more comments the rest comes later

[github-actions]

This PR/issue depends on:

• fix: Selection change listener and maven local config android-rich-html-editor#46
  By Dependent Issues (🤖). Happy coding!

[solrubado]

change to const

[github-actions]

Failed to generate code suggestions for PR

[github-actions]

PR Reviewer Guide 🔍

(Review updated until commit ca4cec7)

Here are some key observations to aid the review process:

⏱️ Estimated effort to review: 4 🔵🔵🔵🔵⚪

🧪 No relevant tests

🔒 Security concerns Potential XSS via Signature Injection: The replaceSignatureScript injects HTML content directly into the DOM via outerHTML. While the JavaScript string is escaped, the HTML payload itself is not sanitized before insertion. If an attacker can control the signature content (e.g., via a compromised account or malicious signature sync), they could inject arbitrary HTML/JavaScript into the editor WebView. Recommendation: Sanitize the signature HTML using the same sanitization logic used for body content before injection, or use DOM APIs that don't execute scripts (e.g., textContent for text-only signatures).

⚡ Recommended focus areas for review Memory Leak Risk The jsBridge and editorJsBridge are declared as lateinit var in the companion object (static). These hold references to callbacks (onImagesDeletedFromQuotes, onWebViewFinishedLoading) which likely capture Activity/Fragment contexts. This can cause memory leaks when the WebView is destroyed but the static reference remains. Consider using weak references or clearing these references when the WebView is destroyed. lateinit var jsBridge: JavascriptBridge // TODO: Avoid excessive memory consumption with injection lateinit var editorJsBridge: EditorJavascriptBridge fun initJavascriptBridge( onWebViewFinishedLoading: (() -> Unit)? = null, ) { jsBridge = JavascriptBridge(onWebViewFinishedLoading = onWebViewFinishedLoading) } fun initEditorJsBridge( onImagesDeletedFromQuotes: ((List<String>) -> Unit)? = null, ) { editorJsBridge = EditorJavascriptBridge(onImagesDeletedFromQuotes = onImagesDeletedFromQuotes) } XSS Injection Risk The updateBodySignature method injects signature HTML directly into the WebView via evaluateJavascript using outerHTML. While looselyEscapeAsStringLiteralForJs escapes for JavaScript context, the HTML content itself is inserted unsanitized into the DOM. If signature.content contains malicious JavaScript (e.g., <img src=x onerror=alert(1)>), it could execute in the WebView context. Ensure signature HTML is sanitized before injection or use a safer DOM manipulation approach. private fun updateBodySignature(signature: Signature) { val selectedSignature = if (signature.isDummy) "" else signature.content val signatureWithClass = signatureUtils.encapsulateSignatureContentWithInfomaniakClass(selectedSignature) val escapedSignature = looselyEscapeAsStringLiteralForJs(signatureWithClass) val replaceSignatureScript = replaceSignatureScript.format( MessageBodyUtils.INFOMANIAK_SIGNATURE_HTML_CLASS_NAME, escapedSignature, MessageBodyUtils.INFOMANIAK_REPLY_QUOTE_HTML_CLASS_NAME ) binding.editorWebView.evaluateJavascript(replaceSignatureScript, null) } Resource Leak The MutationObserver is set up to monitor quote elements for removed images, but there is no corresponding cleanup logic to disconnect the observer when the WebView is destroyed or the quotes are hidden. This could lead to memory leaks or stale callbacks if the WebView is reused or destroyed. Ensure mutationObserver.disconnect() is called when appropriate (e.g., when hiding quotes or destroying the view). var mutationObserver; var QUOTE_SELECTORS = '.ik_mail_quote, .forwardContentMessage'; function setupObserver() { // Find all quotes containers to observe var quoteElements = document.querySelectorAll(QUOTE_SELECTORS); if (quoteElements.length === 0) return ; mutationObserver = new MutationObserver(function(mutationRecords) { var removedCids = []; mutationRecords.forEach(function (mutation) { for (var removedNode, nodeIndex = 0; removedNode = mutation.removedNodes[nodeIndex]; ++nodeIndex) { if (removedNode.nodeType == Node.ELEMENT_NODE) { if ("img" == removedNode.tagName.toLowerCase()) { removedCids.push(removedNode.src); } else { var childImages = removedNode.getElementsByTagName("img"); for (var childIndex = 0; childIndex < childImages.length; childIndex++) { removedCids.push(childImages[childIndex].src); } } } } }); // Notify if images were removed if (removedCids.length > 0) { onImagesDeletedFromQuotes(JSON.stringify(removedCids)); } }); // Observe quotes containers quoteElements.forEach(function(quoteElement) { mutationObserver.observe(quoteElement, { childList: true, subtree: true, }) }) } if (document.readyState === 'loading') { document.addEventListener('DOMContentLoaded', setupObserver); } else { setupObserver(); } })();

[github-actions]

Failed to generate code suggestions for PR

[github-actions]

Persistent review updated to latest commit ca4cec7

[github-actions]

Failed to generate code suggestions for PR

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
1 Accepted issue

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[Copilot]

Pull request overview

Copilot reviewed 49 out of 49 changed files in this pull request and generated 4 comments.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

deleteInlineAttachments() builds cidsToDelete as a List and then calls contains() inside a filter, making the removal O(n*m) for large attachment/cid lists.

Consider converting cidsToDelete to a Set before filtering so lookups are O(1).

Suggested change

	val cidsToDelete = cids.map { it.removePrefix("cid:") }
	val cidsToDelete = cids.mapTo(mutableSetOf()) { it.removePrefix("cid:") }

[Copilot]

getElementPositionOrMax() relies on Element.sourceRange() to decide whether reply vs forward quotes come first. However JsoupParserUtil.jsoupParseWithLog() currently uses Jsoup.parse(value) without enabling source position tracking, so sourceRange() will be null and this will always return Int.MAX_VALUE, making the quote-splitting decision incorrect.

Consider either (a) switching parsing here to a jsoup Parser configured to track source positions, or (b) reverting to a string-index based approach (as was done previously) to pick the earliest quote block reliably.

Suggested change

	return this.selectFirst(className)?.sourceRange()?.start()?.pos() ?: Int.MAX_VALUE
	val element = this.selectFirst(className) ?: return Int.MAX_VALUE
	val documentHtml = outerHtml()
	val elementHtml = element.outerHtml()
	val position = documentHtml.indexOf(elementHtml)
	return if (position >= 0) position else Int.MAX_VALUE

[Copilot]

removeUnwantedHtml() returns doc.html(), which includes jsoup’s document-level wrappers (e.g. <head>…</head><body>…</body>). Since the editor typically works with an HTML fragment (body inner HTML), this can change what gets saved/sent and potentially introduce unexpected tags.

Consider returning the body fragment (doc.body().html()) or reusing the existing “unwrap document wrapping” logic (like EditorContentManager’s getHtmlWithoutDocumentWrapping()).

Suggested change

	return doc.html()
	return doc.body().html()