7

I'm building an PHP email mailbox script.

How would I make html emails display cleanly as they do in gmail/hotmail.

If I just echo it out it affects the whole page layout.

I could use iframes but surely that isn't the best solution.

Stephen Adrian Rathbone
  • 307
  • 5
  • 19
  • Iframes are the SIMPLEST solution, unless you want to takea a stab at dynamically rewriting css within the emails so it can't affect the containing page. – Marc B Feb 21 '12 at 15:42
  • 1
    Have a little think about the size of the team that builds gmail and hotmail, and how often they have bugs and issues, and ask yourself if you really want to go down this road... the 'best solution' is to use an existing library or plugin. Something like http://www.afterlogic.org/webmail-lite might help you out. – Tim Ogilvy Mar 23 '16 at 07:02

4 Answers4

5

If you are looking for the 'best solution' get on board with another open source email library that is doing the same thing you are. Maintaining an email renderer on your own that is safe against script injection and other hacks will simply be too much work for one person.

One example: https://github.com/afterlogic/webmail-lite

Another: http://trac.roundcube.net/

You get the benefit of other developers who use the library maintaining the code base, so if something is broken, all you have to do is pull the latest update (hopefully) and you get the fix. If you find something that needs improving, you can fix it or build it, and make the code better for everyone. I'm really just pitching open source libraries here, however in any commercial context, building your own email renderer without a big team, is a bad idea.

Tim Ogilvy
  • 1,774
  • 1
  • 21
  • 33
4

As Marc B stated, I believe an IFrame would be your best bet... but please realize that if you just dump any email HTML code you risk exposing yourself to viruses, Trojans, and malicious HTML/JavaScript code - Your opening Pandora's box on your computer unless you find a good way to sandbox/strip that HTML.

Here's a simple Regex to clean JavaScript at least :

"(?s)<script.*?(/>|</script>)"
tcables
  • 1,097
  • 4
  • 15
  • 36
  • 3
    That regex only cleans ` – ComFreek Feb 21 '12 at 15:57
  • Blacklisting to achieve security is likely to fail. For example, that doesn't clean `< script >` which probably still works. – pupeno Mar 25 '19 at 14:10
2

Create a DIV container that you assign width (and height if needed) to, and make sure you add an overflow property to match your design. This should keep your email HTML from interfering with your layout.

UPDATE

A DIV container still assures you that you can constrain the size of the display box and with appropriate CSS acts similar to an iframe without all the baggage.

If you are worried about the code in the email, strip_tags would seem a better solution than the regex. You can define a list of tags to leave alone and still be confident of stripping the rest.

AlexC
  • 1,031
  • 12
  • 23
2

Consider the use of some HTML Tidy library (i.e.: PHP.Tidy).

You can pass the text through the library to get well formatted html.

A good practice would be to define a CSS standard behaviour for most tags in the div you're using.

Juan Nunez
  • 531
  • 1
  • 4
  • 13