Mail template header tags for custom styling (css/font)

[Norbert Bede]

hi,

my customer want to send quite complex, nice html formatted emails. The user paste html code, including tags

<html>
<head>
<meta>
<body>

iD sanitize the html code and remove all above tags, and leave only content of body.

Now the problem is customer want to use <head> tags to define font, styles.

Currently i was able to convert head style to inline styles, not nice but most compatible.

Email produced by iD use the next head of html email. (checked in view source)

<HTML>
<HEAD>
<TITLE>MAIL TITLE</TITLE>
</HEAD>
<BODY>

My assumption this can be improved easily, and then would allow to create a nice emails .

Proposal

The best would be use on mail template (R_MailText) a new field to define head tags. .

use isValid concept, which validate content then simple put into header of the mail.

not sure, but also special tags like language, darkmode, responsivity must be defined.

another option is use Full page mode: config.fullPage = true;

https://ckeditor.com/docs/ckeditor4/latest/features/fullpage.html

any another idea, how we can use customer head tags ?

wdyt ?

[Norbert Bede]

hi

Note

reading now my chat with @Diego in context of kanban.  the kanban sanitize tags, then we add the custom css to theme itself.. We had an idea to add a new window "Additional CSS" - where we would safely define css classes, then allow use it in html renderer. 

Looks the above issue minimally related to
1. email template
2. dashboard html content
3. kanban cards

in html mail context, i would suggest 2 tabs A. additional css  B. email tags - same time not sure it would be displayed in ckeditor renderer. - then added to generated email when materialsie html source.

from overall perspective this approach wont work.

WDYT ?

[muri...@devcoffee.com.br]

hi @norbert,

This topic is really useful. We've had similar requests before with email sending and kanban.

For emails, in the more complex scenario we integrated Freemarker, allowing users to attach an HTML file and import it with {{file_template1.html}}, then parse the variables for sending.

For kanban, we was thinking about a new configuration field at Kanban Configuration window for allow the user to include CSS, JS, etc., to be inserted once when loading the form and then we can have more attractive cards with visual effects....

Maybe we can create a POC to validate the idea

[Carlos Antonio Ruiz Gomez]

We added HTML validation to prevent XSS vulnerability, see IDEMPIERE-3980

The problem with user-editable HTML is similar as with user-editable SQL.

I'm wondering if a possible solution can be creating a field that allows HTML without sanitizing, and is just available for advanced roles (a.k.a. SuperUser in Tenant) - similar to what we do with all SQL fields.

Regards,

Carlos Ruiz

[Saulo Gil]

Hello,

Alternatively you can use Jasper reports, which you'd render as HTML code, then use said code as the email body/message.

Regards,

Saulo Gil | Orbital Software  | +54 911 3049 4237

--
You received this message because you are subscribed to the Google Groups "iDempiere" group.
To unsubscribe from this group and stop receiving emails from it, send an email to idempiere+...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/idempiere/e5b476eb-3e00-42e9-a015-d8a22cd62facn%40googlegroups.com.

[Norbert Bede]

hi,

@muriloht - i have no experience with freemaker, probably a good idea.

@carlosruiz - probably yes, but i dont like tech solutions where we adding a 2Nd field.. but can be straight.

@Saulo - thanks, but looks me a complicated solution and workaround.

my ideas

1. What about to create a new window, like "web asset" =  where we would register trusted assets snippets, they can be referred in various subsystems.

2. and/or add on each mail template whitelabelled html tags - like meta, and styles

Norbert

[Nicolas Micoud]

Hi Norbert,

We are not using styles on emails, and we remove the sanitize part (WTextEditorDialog.sanitize()) - at the end only Admins (not necessarly Advanced) are using this.
That sounds like what Carlos is suggesting - but instead of only authorize AdvancedRoles, that would allow a selection of Role do to whatever they want in this field.

The WebAsset is also interesting. As they can be done/validated (trusted) and reused at several places.

WhiteLabelled tags could work, but will be a pain to configure per template, no?