forwardemail / test-preview-emails-cross-browsers-ios-simulator-nodejs-javascript Goto Github PK

I've just discovered these lines in your email template:
https://github.com/niftylettuce/preview-email/blob/337f7f1007801a2691f427856a861808f7cbab62/template.pug#L169-L172

While I understand that you might be interested in gaining insights about the usage of this package, I feel that this is somewhat inappropriate in this context.
Even in a dev environment sensitive information might be displayed. And adding a third party script without an obvious disclaimer seems like a bad practice.

https://www.google.com/webmasters/markup-tester/u/0/

Describe the bug

Node.js version: v16.18.1

OS version: Fedora release 38 (Thirty Eight)

Description: Links in previews don't open on click. Is this an intentional security feature?

Actual behavior

Click on links in the email preview do not open after update from 3.0.10 to 3.0.17 (I assume due to ce6d443 – sandbox attribute).

Console error message, e.g. in chrome:

Blocked opening '<redacted>' in a new window because the request was made in a sandboxed frame whose 'allow-popups' permission is not set.

I can still work around this via "Open link in new tab" in the context menu (proving the link works in principle).

Expected behavior

Click on links in the email preview opens in new tab.

If no general safe solution can be found, maybe make the attribute value configurable by the (library) user.

Code to reproduce

file:///tmp/3aa0abe6-c509-4f8d-a359-a110c2facf8e.html opened in browser, rendering HTML preview of message incl.

…
<a href="http://localhost:3000/<redacted>" target="">Sign In</a>

Checklist

• I have searched through GitHub issues for similar issues.
• I have completely read through the README and documentation.
• I have tested my code with the latest version of Node.js and this package and confirmed it is still not working.

https://github.com/forwardemail/test-preview-emails-cross-browsers-ios-simulator-nodejs-javascript/actions/runs/9258507899

Hi, I am using this preview-email to test if my template.pug display properly. When it render my template.pug in the message, everything from my template.pug is wrapped inside the <iframe>, and the font in the head was also in the iframe and not reflected in my email content. Can you have a look at it?

Describe the bug

This package currently relies on a vulnerable version of nodemailer.
GHSA-9h6g-pr28-7cqp

Please upgrade to the patched version.

It seems the styles in my HTML emails are being overridden by those of preview-email. Am I missing something?

Thanks for the great project!

Hi,

Whilst using this with email-templates I get the debug logging shown in the link.
https://github.com/forwardemail/preview-email/blob/master/src/index.js#L42

I think these should be removed.

I am using this package through email-templates in a WSL environment. It opens chrome for the WSL as explained here, but it does not open the html generated file.

I specified a path like /mnt/c/... for dir option so both windows and WSL can access. It writes the html correctly, but does not load the page in chrome.

I think it is due to chrome on windows that does not understand WSL formatted path, I tested replacing this by:

if (options.open) await open(filePath.replace('/mnt/c', 'C:').replace('/', '\\'), options.open);

and it worked as expected (but it is not reliable at all).

I don't know if it is really an issue with this package or if it should be supported... Maybe just adding an option that takes a function to transform path to give to open could do the job at a minimal cost.

I'm using email-templates with hbs and I wonder if the preview package can support something else than pug?

Maybe override the default render function by one passed in options:

  options = {
    dir: os.tmpdir(),
    id: uuid.v4(),
    open: { wait: false },
    template: templateFilePath,
    renderFn: pug.renderFile,
    ...options
  };

....

  const html = await pify(options.renderFn)(
    options.template,
    Object.assign(options.locals, {
      cache: true,
      pretty: true,
      dayjs
    })
  );

Describe the bug

Node.js version: 14

OS version: macOS 12.6.1

Description: mailparser lib doesn't properly follow semver and has caused a breaking change in a minor/patch release.

Actual behavior

When running an application that depends upon preview-email, using node 14, the following error occurs:

./node_modules/mailparser/node_modules/html-to-text/lib/html-to-text.cjs:1838
    tableToString: (rows) => tableToString(rows, formatOptions.rowSpacing ?? 0, formatOptions.colSpacing ?? 3),
                                                                           ^
SyntaxError: Unexpected token '?'
    at wrapSafe (internal/modules/cjs/loader.js:915:16)
    at Module._compile (internal/modules/cjs/loader.js:963:27)
    at Object.Module._extensions..js (internal/modules/cjs/loader.js:1027:10)
    at Module.load (internal/modules/cjs/loader.js:863:32)
    at Function.Module._load (internal/modules/cjs/loader.js:708:14)
    at Module.require (internal/modules/cjs/loader.js:887:19)
    at require (internal/modules/cjs/helpers.js:74:18)
    at Object.<anonymous> (/opt/atlassian/pipelines/agent/build/node_modules/mailparser/lib/mail-parser.js:12:24)
    at Module._compile (internal/modules/cjs/loader.js:999:30)
    at Object.Module._extensions..js (internal/modules/cjs/loader.js:1027:10)
    at Module.load (internal/modules/cjs/loader.js:863:32)
    at Function.Module._load (internal/modules/cjs/loader.js:708:14)
    at Module.require (internal/modules/cjs/loader.js:887:19)
    at require (internal/modules/cjs/helpers.js:74:18)
    at Object.<anonymous> (/opt/atlassian/pipelines/agent/build/node_modules/mailparser/index.js:3:20)
    at Module._compile (internal/modules/cjs/loader.js:999:30)
    at Object.Module._extensions..js (internal/modules/cjs/loader.js:1027:10)
    at Module.load (internal/modules/cjs/loader.js:863:32)
    at Function.Module._load (internal/modules/cjs/loader.js:708:14)
    at Module.require (internal/modules/cjs/loader.js:887:19)
    at require (internal/modules/cjs/helpers.js:74:18)
    at Object.<anonymous> (/opt/atlassian/pipelines/agent/build/node_modules/preview-email/index.js:19:26)
    at Module._compile (internal/modules/cjs/loader.js:999:30)
    at Object.Module._extensions..js (internal/modules/cjs/loader.js:1027:10)
    at Module.load (internal/modules/cjs/loader.js:863:32)
    at Function.Module._load (internal/modules/cjs/loader.js:708:14)
    at Module.require (internal/modules/cjs/loader.js:887:19)
    at require (internal/modules/cjs/helpers.js:74:18)
    at Object.<anonymous> (/opt/atlassian/pipelines/agent/build/node_modules/email-templates/lib/index.js:29:22)

Expected behavior

Expected to run without errors.

Code to fix

Update package.json with

    "mailparser": "~3.3.0",

or

    "mailparser": "~3.5.0",

Since 3.5.0 is the latest version that doesn't have breaking changes.

Checklist

• I have searched through GitHub issues for similar issues.
• I have completely read through the README and documentation.
• I have tested my code with the latest version of Node.js and this package and confirmed it is still not working.
  No I have not done this because the issue is with Node 14.

I attach an image with a CID and reference it in my html mail via <img src="cid:logo">, this currently does not work.

Describe the bug

Node.js version: 14.17.3

OS version: mac os 10.15.3

Description: require('node:child_process') throwing error

Actual behavior

Cannot find module 'node:child_process'

Expected behavior

preview-email should load properly

Code to reproduce

Checklist

• I have searched through GitHub issues for similar issues.
• I have completely read through the README and documentation.
• I have tested my code with the latest version of Node.js and this package and confirmed it is still not working.

I've tried several parameters for the app property both none worked.

Here's what I've tried:

1. /c/Program Files (x86)/Google/Chrome/Application/chrome.exe (Nothing happens, I have a custom mounting for docker that's why I don't have the /mnt/ prefix)
2. explorer.exe (Just opens a new Windows Explorer window)
3. powershell.exe -c (Nothing happens)
4. wsl-open (Nothing happens)

I would like to make a template for the preview or at least be able to update the styling of if ex. link to a stylesheet.

Hi, thank you for this great package.

I am working on Linux with visual code and recently upgraded from 1.27 to 1.28, after this upgrade the emails where not opened in the browser any more, but a window of visual code was opened.

I have found that it is because the text/html mime type was opened by default by visual code after the upgrade.
Before upgrade :

$ xdg-mime query default text/html
firefox.desktop
``
After upgrade : 

$ xdg-mime query default text/html
code-url-handler.desktop
``
I know it is not an issue with the email-preview package, but I wanted to expose the context because the xdg commands is used by opn.

So my need would be to have the opening command configurable so I can ask to specifically open firefox or google chrome.

Thank you very much.

So it looks like a few hours ago nodemailer/mailparser reverted 3.0.1 back to MIT (yay!). And this version has the vulnerability fixed packages as well.

Currently preview-email package is using mailparser version 3.6.4. This version has vulnerabilities issue because of using punycode. This was fixed in version 3.6.9 -> nodemailer/mailparser#355

Describe the bug

Node.js version: 18.16.1

OS version: Windows 10

Description: Dependency package of display-notification version 2.0.0 having vulnerability. Latest version of display-notification having fix. Link https://security.snyk.io/vuln/SNYK-JS-SEMVER-3247795

Actual behavior

Expected behavior

Code to reproduce

Checklist

• [ *] I have searched through GitHub issues for similar issues.

• [ *] I have completely read through the README and documentation.

• [ *] I have tested my code with the latest version of Node.js and this package and confirmed it is still not working.

Hi,
first of all great work! We are using your email-templates module and the preview shows on every system except Ubuntu using Chrome.
Is that just us or a general issue?
All the best

According to the readme, theopen option is supposed to be a Boolean or an object of the { wait: false } format. However in the code it only checks for boolean.

https://github.com/forwardemail/preview-email/blob/4e48c73756b13599bbff92e30fe20a9bf1dd54e5/src/index.js#L55

If { wait: false } is passed it will always be true