0

I have a function which compares emails contents from a few tables. If the contents differ, I want to display it for comparison. I am trying to do that using iframes and srcdoc attribute. This is a fragment of my email which has got inline styles and nested quotes. 

<html xmlns="http://www.w3.org/1999/xhtml">
    <head>
        <meta content="text/html; charset=UTF-8" http-equiv="Content-Type" />
        <title>Title</title>
    </head>
    <style type="text/css">a:visited {color: #fff;}</style>
    <body style="background: #fff; margin-top:25px; margin-bottom:30px; padding-top:0; padding-bottom:0;">&nbsp;
        <table align="center">

I tried to replace all quotes with that function. 

str_replace([ '"', '&' ], [ '&quot;', '&amp;amp;' ],$row1['email_content'])

but it does not work. I have also tried 

htmlentities($row1['email_content'])

and 

addslashes($row1['email_content'])

but it also did not work. How can i display email content in an iframe properly?

Professor Abronsius
  • 33,063
  • 5
  • 32
  • 46
newman
  • 424
  • 2
  • 12
  • *"How can i display emial content in iframe properly"* - Dont bother, instead [parse the content with dom document or such](https://stackoverflow.com/questions/3577641/how-do-you-parse-and-process-html-xml-in-php) - your question also makes little sense, it would display fine in an iframe with or without quotes encoded. Quoting it will just break the HTML – Lawrence Cherone Dec 14 '17 at 08:10
  • Without str_repalce nothing is displayed. With str_replace plain text is displayed. – newman Dec 14 '17 at 08:13
  • How are you adding the html to the iframe? – Professor Abronsius Dec 14 '17 at 08:32
  • `echo '';` – newman Dec 14 '17 at 08:35

1 Answers1

1

I was curious about this so knocked up a couple of quick test pages to test for myself what you were saying ~ seems obvious but whatever character is used with srcdoc ( ie: srcdoc=' or srcdoc=" ) must be escaped/replaced when generating the content.

<!-- mickeymouse.html ~ used as source for `srcdoc` -->

<html>
    <head>
        <title>Mickey Mouse loved Minnie</title>    
    </head>
    <body>
        <h1>Mickey Mouse</h1>
        <p>Lorem ipsum dolor sit amet, consectetur adipiscing elit. Aliquam non finibus nisl. Etiam ut velit ut est placerat dictum. </p>

        <!-- content populated by inline javascript within iframe srcdoc html -->
        <div id="donaldduck">nothing to see here</div>

        <script>document.getElementById("donaldduck").innerHTML="poor wiley coyote, when will he catch that damn bird?";</script>


        <!-- The line below caused the iframe to not correctly render before doing str_replace to edit the single quotes -->
        <p>If this text has a single quote - like ' it will cause whatever follows to not render and breaks the `srcdoc` content</p>

    </body>
</html>



<!-- iframe page - will display mickeymouse.html -->
<html>
    <head>
        <title>iframe - srcdoc</title>  
    </head>
    <body>
        <?php
            $file='mickeymouse.html';
            $html=file_get_contents( $file );
            /*

                '   ->  &#39;
                "   ->  &#34;

            */

        ?>
        <iframe srcdoc="<?php echo str_replace( '"', '&#34', $html ); ?>" width=800 height=600 sandbox='allow-forms allow-scripts allow-same-origin'></iframe>
    </body>
</html>
Professor Abronsius
  • 33,063
  • 5
  • 32
  • 46