fix: escape HTML characters in plain text view to prevent content hiding (#1837)

Copilot · rnwood · web-flow · commit 33526339357f · 2025-09-08T18:25:21.000+01:00
* Initial plan

* fix: escape HTML characters in plain text view to prevent content hiding

Co-authored-by: rnwood &lt;1327895+rnwood@users.noreply.github.com&gt;

---------

Co-authored-by: copilot-swe-agent[bot] &lt;198982749+Copilot@users.noreply.github.com&gt;
Co-authored-by: rnwood &lt;1327895+rnwood@users.noreply.github.com&gt;
diff --git a/Rnwood.Smtp4dev/ClientApp/src/components/messageviewplaintext.vue b/Rnwood.Smtp4dev/ClientApp/src/components/messageviewplaintext.vue
@@ -44,6 +44,12 @@
           
             srcDoc.set(this.$refs.htmlframe as HTMLIFrameElement, this.html ?? "");
         }
+
+        private escapeHtml(text: string): string {
+            const div = document.createElement('div');
+            div.textContent = text;
+            return div.innerHTML;
+        }
         async loadMessage() {
 
             this.error = null;
@@ -53,7 +59,8 @@
             try {
                 if (this.message != null) {
 
-                    this.html = "<pre>" + await new MessagesController().getMessagePlainText(this.message.id) + "</pre>"
+                    const plainText = await new MessagesController().getMessagePlainText(this.message.id);
+                    this.html = "<pre>" + this.escapeHtml(plainText) + "</pre>";
                 }
             } catch (e: any) {
                 this.error = e;
