Hey, > > > Would this also fix the issue with the second mail I posted (positioning > > > of > > > content elements over the header)? > > > > yes because now the header css is only active in the header. > > Did you test with the example mail I provided?
yes. > > > My suggestion would have been to wrap the mail body in an iframe > > > instead. > > > > mmh do you can add headers etc. inside iframe? for me all docus looks > > like, > > that you can only place a url and nothing else. > > You can either load a document from a URL with the src="…" attribute or add > a document inline with the srcdoc="…" attribute. The latter would require > smart escaping of the message body and is in general a somewhat broken idea > in my opinion. > > I'd actually write the message body to be displayed as HTML to a temporary > file and load that with <iframe src="…" seamless sandbox></iframe>. > > Actually, the iframe's sandbox attribute seams to be the way to go here, as > it prevents the exact things we want to prevent here. > > Your approach is a good additional safety net, though. Well if that works please provide a patch for that and bring it upstream. Regards, sandro
