Identify message body content

That looks very nice and i would love to add some improved Body output.
But we need to properly address the problems here...

+++ b/inmail.module
@@ -372,9 +372,14 @@ function inmail_theme() {
+  $variables['body']['html'] = $view_mode == 'full' ? $message->getHtml() : NULL;

+++ b/templates/inmail-message.html.twig
@@ -69,8 +69,12 @@
+            <div class="inmail-message--body__content">{{ body.content|raw|nl2br }}</div>
...
+                <div class="inmail-message--body__html">{{ body.html|raw }}</div>

We need to apply XSS protection here!

Let's add a test that adds some XSS <script> tag and make sure it's not output in the HTML.

Follow-Up: We need to discuss if we should allow opening the mail as break-out without filtering. But as this is delivered through the same domain, it contains risks of API / abuse through JS... Needs an issue to discuss... At least it could likely be that the mail is not properly displayed inside our theme and we need to check what we can do.

Ah and... just removing script tags won't help, since an onclick or onXYZ handler can contain any inline script.

So let's put caring about raw / extended HTML into a follow-up and properly output XSS filtered HTML with this issue. Always.

|raw is generally discouraged and should be avoided, instead, the object should be marked as safe

But why is the raw even necessary when it is plain text? Is there double escaping without it? You could also mark the checkefd string as save by making it a Markup object with Markup::create()

Another possibility would be to do it like \Drupal\Core\Field\Plugin\Field\FieldFormatter\StringFormatter::viewValue, to get the "technical" part out of the real twig template. Not sure if that really makes sense here.

1. +++ b/src/MIME/Message.php
   @@ -79,4 +80,12 @@ class Message extends Entity implements MessageInterface {
   +    return $content_type == 'text/html' ? Xss::filterAdmin($this->getDecodedBody()) : '';
   

   The message itself should not filter. This is a MIME Entity that should return unchanged raw data.
   Filtering is a matter of preprocessing and presentation.

2. +++ b/src/MIME/MultipartMessage.php
   @@ -62,4 +63,18 @@ class MultipartMessage extends MultipartEntity implements MessageInterface {
   +  public function getHtml() {
   ...
   +        $markups[$key] = Xss::filterAdmin($part->getDecodedBody());
   ...
   +    return implode('', $markups);
   

   This doesn't help as a blackbox method.
   Also blindly chaining the HTML parts seems strange. We should pick the first one for the mail body display.

   For semantic indexing, this method extracting all HTML could make sense, but then it should be designed for advanced multipart conversion, supporting file conversion such as PDF text extraction and should be multipart aware.. For the basics we have getPlainText().

   If you look at the mockup, you will see that the message element needs to keep track about what parts have been used for body / html and attachments, because all unused parts are listed as unknown.

+++ b/inmail.module
@@ -372,9 +374,16 @@ function inmail_theme() {
+  $content = trim($message->getPlainText());
...
+  $variables['body']['content'] = $view_mode == 'teaser' ? Markup::create(substr($content, 0, 300)) : Markup::create($content);
+  $variables['body']['html'] = $view_mode == 'full' ? Markup::create($filtered_html) : NULL;

html is as much content as plain text. I think we should rename it.

Wanted to commit to allow quick progress also in theming body / establishing the tabs, but it contains lots of conflicts with the recent changes.

+++ b/templates/inmail-message.html.twig
@@ -52,20 +52,16 @@
+      <div class="inmail-message--body__html">{{ body.html }}</div>

I think we might want to use: inmail-message__body__html :)

+++ b/templates/inmail-message.html.twig
@@ -52,20 +52,16 @@
+       {{ message.getHeader().getFieldBody('Subject') }}</div>

Not sure if here the closing div should go in the next line maybe (?)

#15.1 I was talking about the underscore before body. Now looks niiice.

Committed. Time to move forward! :-)