parser = new HTMLPurifier_URIParser(); $this->urlGenerator = $urlGenerator; } /** * @param array $attr * @param HTMLPurifier_Config $config * @param HTMLPurifier_Context $context * @return array */ #[\Override] public function transform($attr, $config, $context) { if ($context->get('CurrentToken')->name !== 'img' || !isset($attr['src'])) { return $attr; } // Block tracking pixels if (isset($attr['width']) && isset($attr['height']) && (int)$attr['width'] < 5 && (int)$attr['height'] < 5) { // Replace with a transparent png in case it's important for the layout $attr['src'] = $this->urlGenerator->imagePath('mail', 'blocked-image.png'); $attr = $this->setDisplayNone($attr); return $attr; } // Do not block images attached to the email $url = $this->parser->parse($attr['src']); if ($url->host === Util::getServerHostName() && $url->path === $this->urlGenerator->linkToRoute('mail.proxy.proxy')) { $attr['data-original-src'] = $attr['src']; $attr['src'] = $this->urlGenerator->imagePath('mail', 'blocked-image.png'); $attr = $this->setDisplayNone($attr); } return $attr; } /** * @param array $attr * @return array * * Sets html attribute style="display: none;", keeps old style * attributes */ private function setDisplayNone(array $attr): array { if (isset($attr['style'])) { $attr['style'] = 'display: none;' . $attr['style']; // the space is important for jquery! } else { $attr['style'] = 'display: none;'; } return $attr; } }