From f64cc96771cee467bf88d993d70eed846716ef39 Mon Sep 17 00:00:00 2001
From: dab246 <tdvu@linagora.com>
Date: Wed, 23 Oct 2024 15:53:02 +0700
Subject: [PATCH 1/9] Standardize HTML sanitizing when preview email

---
 contact/pubspec.lock                          |  9 ++++
 .../message_content_transformer.dart          | 41 +++++++++++--------
 .../utils/html_transformer/sanitize_html.dart | 19 +++++++++
 ...ndardize_html_sanitizing_transformers.dart | 39 ++++++++++++++++++
 .../transform_configuration.dart              | 25 +++++++----
 core/pubspec.lock                             |  9 ++++
 core/pubspec.yaml                             |  6 +++
 ...ize_html_sanitizing_transformers_test.dart | 40 ++++++++++++++++++
 .../email/data/local/html_analyzer.dart       |  5 ++-
 model/pubspec.lock                            |  9 ++++
 pubspec.lock                                  |  9 ++++
 11 files changed, 185 insertions(+), 26 deletions(-)
 create mode 100644 core/lib/presentation/utils/html_transformer/sanitize_html.dart
 create mode 100644 core/lib/presentation/utils/html_transformer/text/standardize_html_sanitizing_transformers.dart
 create mode 100644 core/test/utils/standardize_html_sanitizing_transformers_test.dart

diff --git a/contact/pubspec.lock b/contact/pubspec.lock
index ce6c986509..e92a2e3b7e 100644
--- a/contact/pubspec.lock
+++ b/contact/pubspec.lock
@@ -992,6 +992,15 @@ packages:
       url: "https://pub.dev"
     source: hosted
     version: "3.2.1"
+  sanitize_html:
+    dependency: transitive
+    description:
+      path: sanitize_html
+      ref: twake-supported
+      resolved-ref: "5b9986c42cc86c7e565c941648f875f2e1d2f7bd"
+      url: "https://github.com/dab246/dart-neats.git"
+    source: git
+    version: "2.1.0"
   shelf:
     dependency: transitive
     description:
diff --git a/core/lib/presentation/utils/html_transformer/message_content_transformer.dart b/core/lib/presentation/utils/html_transformer/message_content_transformer.dart
index 034855b738..a42a5024f7 100644
--- a/core/lib/presentation/utils/html_transformer/message_content_transformer.dart
+++ b/core/lib/presentation/utils/html_transformer/message_content_transformer.dart
@@ -23,13 +23,12 @@ class MessageContentTransformer {
     Map<String, String>? mapUrlDownloadCID
   }) async {
     await Future.wait([
-      if (_configuration.domTransformers.isNotEmpty)
-        ..._configuration.domTransformers.map((domTransformer) async =>
-            domTransformer.process(
-              document: document,
-              dioClient: _dioClient,
-              mapUrlDownloadCID: mapUrlDownloadCID,
-            )
+      ..._configuration.domTransformers.map((domTransformer) async =>
+          domTransformer.process(
+            document: document,
+            dioClient: _dioClient,
+            mapUrlDownloadCID: mapUrlDownloadCID,
+          )
         )
     ]);
   }
@@ -38,24 +37,32 @@ class MessageContentTransformer {
     required String message,
     Map<String, String>? mapUrlDownloadCID
   }) async {
-    final document = parse(message);
-    await _transformDocument(
-      document: document,
-      mapUrlDownloadCID: mapUrlDownloadCID,
-    );
+    final newMessage = _configuration.textTransformers.isNotEmpty
+      ? _transformMessage(message)
+      : message;
+
+    final document = parse(newMessage);
+
+    if (_configuration.domTransformers.isNotEmpty) {
+      await _transformDocument(
+        document: document,
+        mapUrlDownloadCID: mapUrlDownloadCID,
+      );
+    }
+
     return document;
   }
 
   String _transformMessage(String message) {
-    if (_configuration.textTransformers.isNotEmpty) {
-      for (var transformer in _configuration.textTransformers) {
-        message = transformer.process(message, _htmlEscape);
-      }
+    for (var transformer in _configuration.textTransformers) {
+      message = transformer.process(message, _htmlEscape);
     }
     return message;
   }
 
   String toMessage(String message) {
-    return _transformMessage(message);
+    return _configuration.textTransformers.isNotEmpty
+      ? _transformMessage(message)
+      : message;
   }
 }
\ No newline at end of file
diff --git a/core/lib/presentation/utils/html_transformer/sanitize_html.dart b/core/lib/presentation/utils/html_transformer/sanitize_html.dart
new file mode 100644
index 0000000000..b51e3ac6ad
--- /dev/null
+++ b/core/lib/presentation/utils/html_transformer/sanitize_html.dart
@@ -0,0 +1,19 @@
+import 'package:sanitize_html/sanitize_html.dart';
+
+class SanitizeHtml {
+  String process({
+    required String inputHtml,
+    List<String>? allowAttributes,
+    List<String>? allowTags,
+    List<String>? allowClassNames,
+  }) {
+    final outputHtml = sanitizeHtml(
+      inputHtml,
+      allowAttributes: allowAttributes,
+      allowTags: allowTags,
+      allowClassName: (className) =>
+        allowClassNames?.contains(className.toLowerCase()) == true
+    );
+    return outputHtml;
+  }
+}
\ No newline at end of file
diff --git a/core/lib/presentation/utils/html_transformer/text/standardize_html_sanitizing_transformers.dart b/core/lib/presentation/utils/html_transformer/text/standardize_html_sanitizing_transformers.dart
new file mode 100644
index 0000000000..588ed66c15
--- /dev/null
+++ b/core/lib/presentation/utils/html_transformer/text/standardize_html_sanitizing_transformers.dart
@@ -0,0 +1,39 @@
+import 'dart:convert';
+import 'package:core/presentation/utils/html_transformer/base/text_transformer.dart';
+import 'package:core/presentation/utils/html_transformer/sanitize_html.dart';
+
+class StandardizeHtmlSanitizingTransformers extends TextTransformer {
+
+  static const List<String> mailAllowedHtmlAttributes = [
+    'style',
+    'public-asset-id',
+    'data-filename',
+    'bgcolor',
+  ];
+
+  static const List<String> mailAllowedHtmlTags = [
+    'font',
+    'u',
+    'mcourbo@linagora.com',
+    'center',
+  ];
+
+  static const List<String> mailAllowedHtmlClassNames = [
+    'tmail-signature',
+    'tmail-signature-blocked',
+    'tmail-signature-button',
+    'tmail-signature-content',
+    'tmail_signature_prefix',
+  ];
+
+  const StandardizeHtmlSanitizingTransformers();
+
+  @override
+  String process(String text, HtmlEscape htmlEscape) =>
+    SanitizeHtml().process(
+      inputHtml: text,
+      allowAttributes: mailAllowedHtmlAttributes,
+      allowTags: mailAllowedHtmlTags,
+      allowClassNames: mailAllowedHtmlClassNames,
+    );
+}
diff --git a/core/lib/presentation/utils/html_transformer/transform_configuration.dart b/core/lib/presentation/utils/html_transformer/transform_configuration.dart
index 4b277d40c1..36cf86077a 100644
--- a/core/lib/presentation/utils/html_transformer/transform_configuration.dart
+++ b/core/lib/presentation/utils/html_transformer/transform_configuration.dart
@@ -15,7 +15,7 @@ import 'package:core/presentation/utils/html_transformer/dom/remove_tooltip_link
 import 'package:core/presentation/utils/html_transformer/dom/sanitize_hyper_link_tag_in_html_transformers.dart';
 import 'package:core/presentation/utils/html_transformer/dom/script_transformers.dart';
 import 'package:core/presentation/utils/html_transformer/dom/signature_transformers.dart';
-import 'package:core/presentation/utils/html_transformer/text/sanitize_autolink_html_transformers.dart';
+import 'package:core/presentation/utils/html_transformer/text/standardize_html_sanitizing_transformers.dart';
 import 'package:core/utils/platform_info.dart';
 
 /// Contains the configuration for all transformations.
@@ -37,7 +37,9 @@ class TransformConfiguration {
 
   factory TransformConfiguration.fromDomTransformers(List<DomTransformer> domTransformers) => TransformConfiguration(domTransformers, []);
 
-  factory TransformConfiguration.empty() => const TransformConfiguration([], []);
+  factory TransformConfiguration.fromTextTransformers(
+    List<TextTransformer> textTransformers
+  ) => TransformConfiguration([], textTransformers);
 
   factory TransformConfiguration.forReplyForwardEmail() => TransformConfiguration.fromDomTransformers([
     if (PlatformInfo.isWeb)
@@ -46,10 +48,15 @@ class TransformConfiguration {
     const RemoveCollapsedSignatureButtonTransformer(),
   ]);
 
-  factory TransformConfiguration.forDraftsEmail() => TransformConfiguration.fromDomTransformers([const ImageTransformer()]);
-  factory TransformConfiguration.forEditDraftsEmail() => TransformConfiguration.fromDomTransformers([
-    ...TransformConfiguration.forDraftsEmail().domTransformers,
-    const HideDraftSignatureTransformer()]);
+  factory TransformConfiguration.forDraftsEmail() => TransformConfiguration.create(
+    customDomTransformers: [const ImageTransformer()]
+  );
+  factory TransformConfiguration.forEditDraftsEmail() => TransformConfiguration.create(
+    customDomTransformers: [
+      ...TransformConfiguration.forDraftsEmail().domTransformers,
+      const HideDraftSignatureTransformer()
+    ]
+  );
 
   factory TransformConfiguration.forPreviewEmailOnWeb() => TransformConfiguration.create(
     customDomTransformers: [
@@ -65,7 +72,9 @@ class TransformConfiguration {
 
   factory TransformConfiguration.forPreviewEmail() => TransformConfiguration.standardConfiguration;
 
-  factory TransformConfiguration.forRestoreEmail() => TransformConfiguration.fromDomTransformers([const ImageTransformer()]);
+  factory TransformConfiguration.forRestoreEmail() => TransformConfiguration.create(
+    customDomTransformers: [const ImageTransformer()]
+  );
 
   factory TransformConfiguration.forPrintEmail() => TransformConfiguration.fromDomTransformers([
     if (PlatformInfo.isWeb)
@@ -115,6 +124,6 @@ class TransformConfiguration {
   ];
 
   static const List<TextTransformer> standardTextTransformers = [
-    SanitizeAutolinkHtmlTransformers()
+    StandardizeHtmlSanitizingTransformers(),
   ];
 }
\ No newline at end of file
diff --git a/core/pubspec.lock b/core/pubspec.lock
index b520f72981..287165a1e3 100644
--- a/core/pubspec.lock
+++ b/core/pubspec.lock
@@ -945,6 +945,15 @@ packages:
       url: "https://pub.dev"
     source: hosted
     version: "3.0.1"
+  sanitize_html:
+    dependency: "direct main"
+    description:
+      path: sanitize_html
+      ref: twake-supported
+      resolved-ref: "5b9986c42cc86c7e565c941648f875f2e1d2f7bd"
+      url: "https://github.com/dab246/dart-neats.git"
+    source: git
+    version: "2.1.0"
   shelf:
     dependency: transitive
     description:
diff --git a/core/pubspec.yaml b/core/pubspec.yaml
index b376cd7b9f..96529670d2 100644
--- a/core/pubspec.yaml
+++ b/core/pubspec.yaml
@@ -34,6 +34,12 @@ dependencies:
       url: https://github.com/dab246/languagetool_textfield.git
       ref: twake-supported
 
+  sanitize_html:
+    git:
+      url: https://github.com/dab246/dart-neats.git
+      ref: twake-supported
+      path: sanitize_html
+
   ### Dependencies from pub.dev ###
   cupertino_icons: 1.0.6
 
diff --git a/core/test/utils/standardize_html_sanitizing_transformers_test.dart b/core/test/utils/standardize_html_sanitizing_transformers_test.dart
new file mode 100644
index 0000000000..0f44b48025
--- /dev/null
+++ b/core/test/utils/standardize_html_sanitizing_transformers_test.dart
@@ -0,0 +1,40 @@
+import 'package:core/presentation/utils/html_transformer/text/standardize_html_sanitizing_transformers.dart';
+import 'package:flutter_test/flutter_test.dart';
+import 'dart:convert';
+
+void main() {
+  group('StandardizeHtmlSanitizingTransformers::test', () {
+    const transformer = StandardizeHtmlSanitizingTransformers();
+    const htmlEscape = HtmlEscape();
+
+    test('SHOULD remove attributes of IMG tag WHEN they are invalid', () {
+      const inputHtml = '<img src="1" href="1" onerror="javascript:alert(1)">';
+      final result = transformer.process(inputHtml, htmlEscape);
+
+      expect(result, equals('<img src="1">'));
+    });
+
+    test('SHOULD remove all SCRIPTS tags', () {
+      const inputHtml = '''
+        </script><img/*%00/src="worksinchrome&colon;prompt&#x28;1&#x29;"/%00*/onerror='eval(src)'>
+      ''';
+      final result = transformer.process(inputHtml, htmlEscape).trim();
+
+      expect(result, equals('<img>'));
+    });
+
+    test('SHOULD remove all IFRAME tags', () {
+      const inputHtml = '<iframe style="xg-p:absolute;top:0;left:0;width:100%;height:100%" onmouseover="prompt(1)">';
+      final result = transformer.process(inputHtml, htmlEscape);
+
+      expect(result, equals(''));
+    });
+
+    test('SHOULD remove href attribute of A tag WHEN it is invalid', () {
+      const inputHtml = '<a href="javas\x06cript:javascript:alert(1)" id="fuzzelement1">test</a>';
+      final result = transformer.process(inputHtml, htmlEscape);
+
+      expect(result, equals('<a>test</a>'));
+    });
+  });
+}
diff --git a/lib/features/email/data/local/html_analyzer.dart b/lib/features/email/data/local/html_analyzer.dart
index 904c320a05..5137e38ea0 100644
--- a/lib/features/email/data/local/html_analyzer.dart
+++ b/lib/features/email/data/local/html_analyzer.dart
@@ -1,6 +1,7 @@
 import 'package:collection/collection.dart';
 import 'package:core/data/constants/constant.dart';
 import 'package:core/presentation/utils/html_transformer/html_transform.dart';
+import 'package:core/presentation/utils/html_transformer/text/sanitize_autolink_html_transformers.dart';
 import 'package:core/presentation/utils/html_transformer/transform_configuration.dart';
 import 'package:core/utils/app_logger.dart';
 import 'package:dartz/dartz.dart';
@@ -35,7 +36,9 @@ class HtmlAnalyzer {
       case EmailContentType.textPlain:
         final message = _htmlTransform.transformToTextPlain(
           content: emailContent.content,
-          transformConfiguration: transformConfiguration
+          transformConfiguration: TransformConfiguration.fromTextTransformers([
+            const SanitizeAutolinkHtmlTransformers()
+          ]),
         );
         return EmailContent(emailContent.type, message);
       default:
diff --git a/model/pubspec.lock b/model/pubspec.lock
index d93d870fac..8ad08f59a3 100644
--- a/model/pubspec.lock
+++ b/model/pubspec.lock
@@ -969,6 +969,15 @@ packages:
       url: "https://pub.dev"
     source: hosted
     version: "3.2.1"
+  sanitize_html:
+    dependency: transitive
+    description:
+      path: sanitize_html
+      ref: twake-supported
+      resolved-ref: "5b9986c42cc86c7e565c941648f875f2e1d2f7bd"
+      url: "https://github.com/dab246/dart-neats.git"
+    source: git
+    version: "2.1.0"
   shelf:
     dependency: transitive
     description:
diff --git a/pubspec.lock b/pubspec.lock
index 69a0d59200..dff98beaf4 100644
--- a/pubspec.lock
+++ b/pubspec.lock
@@ -1714,6 +1714,15 @@ packages:
       url: "https://pub.dev"
     source: hosted
     version: "0.27.7"
+  sanitize_html:
+    dependency: transitive
+    description:
+      path: sanitize_html
+      ref: twake-supported
+      resolved-ref: "5b9986c42cc86c7e565c941648f875f2e1d2f7bd"
+      url: "https://github.com/dab246/dart-neats.git"
+    source: git
+    version: "2.1.0"
   server_settings:
     dependency: "direct main"
     description:

From 3efed220cf02dd9ae4e1df1515d33e276805ef84 Mon Sep 17 00:00:00 2001
From: dab246 <tdvu@linagora.com>
Date: Wed, 23 Oct 2024 16:27:41 +0700
Subject: [PATCH 2/9] fixup! Standardize HTML sanitizing when preview email

---
 contact/pubspec.lock | 6 +++---
 core/pubspec.lock    | 6 +++---
 core/pubspec.yaml    | 7 +++++--
 model/pubspec.lock   | 6 +++---
 pubspec.lock         | 6 +++---
 5 files changed, 17 insertions(+), 14 deletions(-)

diff --git a/contact/pubspec.lock b/contact/pubspec.lock
index e92a2e3b7e..8c1611a664 100644
--- a/contact/pubspec.lock
+++ b/contact/pubspec.lock
@@ -996,9 +996,9 @@ packages:
     dependency: transitive
     description:
       path: sanitize_html
-      ref: twake-supported
-      resolved-ref: "5b9986c42cc86c7e565c941648f875f2e1d2f7bd"
-      url: "https://github.com/dab246/dart-neats.git"
+      ref: support_mail
+      resolved-ref: c663ad93a659fce3c0d209a048fa93c6465ebedc
+      url: "https://github.com/linagora/dart-neats.git"
     source: git
     version: "2.1.0"
   shelf:
diff --git a/core/pubspec.lock b/core/pubspec.lock
index 287165a1e3..4645538c8c 100644
--- a/core/pubspec.lock
+++ b/core/pubspec.lock
@@ -949,9 +949,9 @@ packages:
     dependency: "direct main"
     description:
       path: sanitize_html
-      ref: twake-supported
-      resolved-ref: "5b9986c42cc86c7e565c941648f875f2e1d2f7bd"
-      url: "https://github.com/dab246/dart-neats.git"
+      ref: support_mail
+      resolved-ref: c663ad93a659fce3c0d209a048fa93c6465ebedc
+      url: "https://github.com/linagora/dart-neats.git"
     source: git
     version: "2.1.0"
   shelf:
diff --git a/core/pubspec.yaml b/core/pubspec.yaml
index 96529670d2..2a37478ca8 100644
--- a/core/pubspec.yaml
+++ b/core/pubspec.yaml
@@ -34,10 +34,13 @@ dependencies:
       url: https://github.com/dab246/languagetool_textfield.git
       ref: twake-supported
 
+  # Sanitize_html is restricting Tags and Attributes. So some of our own tags and attributes (signature, public asset,...) will be lost when sanitizing html.
+  # TODO: We will change it when the PR in upstream repository will be merged
+  # https://github.com/google/dart-neats/pull/259
   sanitize_html:
     git:
-      url: https://github.com/dab246/dart-neats.git
-      ref: twake-supported
+      url: https://github.com/linagora/dart-neats.git
+      ref: support_mail
       path: sanitize_html
 
   ### Dependencies from pub.dev ###
diff --git a/model/pubspec.lock b/model/pubspec.lock
index 8ad08f59a3..7973afbcee 100644
--- a/model/pubspec.lock
+++ b/model/pubspec.lock
@@ -973,9 +973,9 @@ packages:
     dependency: transitive
     description:
       path: sanitize_html
-      ref: twake-supported
-      resolved-ref: "5b9986c42cc86c7e565c941648f875f2e1d2f7bd"
-      url: "https://github.com/dab246/dart-neats.git"
+      ref: support_mail
+      resolved-ref: c663ad93a659fce3c0d209a048fa93c6465ebedc
+      url: "https://github.com/linagora/dart-neats.git"
     source: git
     version: "2.1.0"
   shelf:
diff --git a/pubspec.lock b/pubspec.lock
index dff98beaf4..1482ff866f 100644
--- a/pubspec.lock
+++ b/pubspec.lock
@@ -1718,9 +1718,9 @@ packages:
     dependency: transitive
     description:
       path: sanitize_html
-      ref: twake-supported
-      resolved-ref: "5b9986c42cc86c7e565c941648f875f2e1d2f7bd"
-      url: "https://github.com/dab246/dart-neats.git"
+      ref: support_mail
+      resolved-ref: c663ad93a659fce3c0d209a048fa93c6465ebedc
+      url: "https://github.com/linagora/dart-neats.git"
     source: git
     version: "2.1.0"
   server_settings:

From ceb14bde87f5a4d4664cb83290780a64a3b0185a Mon Sep 17 00:00:00 2001
From: dab246 <tdvu@linagora.com>
Date: Wed, 23 Oct 2024 19:16:10 +0700
Subject: [PATCH 3/9] fixup! fixup! Standardize HTML sanitizing when preview
 email

---
 contact/pubspec.lock                            |  2 +-
 .../utils/html_transformer/sanitize_url.dart    |  2 --
 core/pubspec.lock                               |  2 +-
 ...rdize_html_sanitizing_transformers_test.dart | 14 ++++++++++++++
 .../upgrade_hive_database_steps_v12.dart        | 17 +++++++++++++++++
 lib/features/caching/caching_manager.dart       |  4 +++-
 lib/features/caching/config/cache_version.dart  |  2 +-
 .../caching/config/hive_cache_config.dart       |  2 ++
 model/pubspec.lock                              |  2 +-
 pubspec.lock                                    |  2 +-
 10 files changed, 41 insertions(+), 8 deletions(-)
 create mode 100644 lib/features/base/upgradeable/upgrade_hive_database_steps_v12.dart

diff --git a/contact/pubspec.lock b/contact/pubspec.lock
index 8c1611a664..e8a45aec2d 100644
--- a/contact/pubspec.lock
+++ b/contact/pubspec.lock
@@ -997,7 +997,7 @@ packages:
     description:
       path: sanitize_html
       ref: support_mail
-      resolved-ref: c663ad93a659fce3c0d209a048fa93c6465ebedc
+      resolved-ref: "01c37cde93640add2291655ef36d4949aff9dade"
       url: "https://github.com/linagora/dart-neats.git"
     source: git
     version: "2.1.0"
diff --git a/core/lib/presentation/utils/html_transformer/sanitize_url.dart b/core/lib/presentation/utils/html_transformer/sanitize_url.dart
index 3c835dc5ee..fc773655b7 100644
--- a/core/lib/presentation/utils/html_transformer/sanitize_url.dart
+++ b/core/lib/presentation/utils/html_transformer/sanitize_url.dart
@@ -1,4 +1,3 @@
-import 'package:core/utils/app_logger.dart';
 import 'package:get/get.dart';
 
 class SanitizeUrl {
@@ -24,7 +23,6 @@ class SanitizeUrl {
     } else {
       originalUrl = '';
     }
-    log('SanitizeUrl::process:originalUrl = $originalUrl');
     return originalUrl;
   }
 }
\ No newline at end of file
diff --git a/core/pubspec.lock b/core/pubspec.lock
index 4645538c8c..a5ad1c4bfb 100644
--- a/core/pubspec.lock
+++ b/core/pubspec.lock
@@ -950,7 +950,7 @@ packages:
     description:
       path: sanitize_html
       ref: support_mail
-      resolved-ref: c663ad93a659fce3c0d209a048fa93c6465ebedc
+      resolved-ref: "01c37cde93640add2291655ef36d4949aff9dade"
       url: "https://github.com/linagora/dart-neats.git"
     source: git
     version: "2.1.0"
diff --git a/core/test/utils/standardize_html_sanitizing_transformers_test.dart b/core/test/utils/standardize_html_sanitizing_transformers_test.dart
index 0f44b48025..c9e21d07c5 100644
--- a/core/test/utils/standardize_html_sanitizing_transformers_test.dart
+++ b/core/test/utils/standardize_html_sanitizing_transformers_test.dart
@@ -36,5 +36,19 @@ void main() {
 
       expect(result, equals('<a>test</a>'));
     });
+
+    test('SHOULD persist value src attribute of IMG tag WHEN it is base64 string', () {
+      const inputHtml = '<img src="data:image/jpeg;base64,iVBORw0KGgoAAAANSUhEUgAAADwAAABECAYAAADdjVbeAAAABHNCSVQICAgIfAhkiAAACANJREFUeF7tWwlMFFcYnqUgyGHEoy5YAqIFglpbFY+qYL3a0OKVWEXrEQ1WU6XVWmtrq4GIjRFtQdQIqdXURjQxjQoUtCquqaWVQ6WKKIpHFQQBcRVE3N1+P51Zh9mZnV1YlDH7ki/zjv/97//eNW92/6dibBQMBoOqqKhoZlpaWuw/hYX+nT09G4cPG3ZkytSp0S4uLtfEmrl8+N3pyH8MHAqIyDKIydg6z9FWCisrK8OTkpJ+zkxPV7E6ndIOHnzf2dm5NzpjkEqlqhNpqxfyvgOOgvwyPC+AuIiY7bIcbKXqlEYzm0fWqHbXrl1BWq12iEQ73KiOR3kBkAjiXSRkbZJtM8L3a2u7i1l0obCQqa6uFi2DfDKQADwBnIClQDFILwZsNvv4dpkljKkYrL1dlnznTP7JmpLSvUiPzs7O5tc3xr29vUvFCkaPGcOo1errYmWYvjXI/wx4C8hkZbrhuQ3IBel3ALGqLc7j1lszBVhvjF6nC72SlpVRtDjGTX8by6+DA+O3JVrfb3bkIifXjinCFuvr6wckJCScTt6+3ZUrc/fwYJK2bj0yKjQ0HDp1wjr8NIiRLRHARiCALaMpfwBYic4R7VBzOsXKRAljJB3K888V5gyaEyys1C9948M+4RP8QKBKWFZRUdEvIyNjzc0bNwa7urrWDQ4J2RcWFhYP2XqhrFQaxJ1RFg18A3Ri5aj+JmDDjBWah/nFFqszaUaKsM/5nXtuXltAnd08dFn+ARO6KW4SSBwSllEanWXMppnS0gDiXqgbB8wBXmH13MJzFZCKEde3RLfUGjaoHKSMlcr/v3kiyaElBnF1QKgM8fnAcOA0m++D5y+ABh0S0pL1LUX4TvcB/QthuYnNPceFaZF5yqSgDTLonQycgepRwGzgX7aZEXj+CfwI0mprmjZlxNY26PUjrmYdy7y4JNZdd7WWUbk5Mr0Sl+n6zpwW5djR5SdrGrGVLMi5QxdN6eVAR1ZvLZ409RPROQ1ybUkSpopYjwF1FfeiH9y6HezareutTr6vJdfW1n5YWVHhJ1Ts0akT06NHj8WYznf4ZY2NjfNLS0snCRtydHJi/Pz8EiB/XKhLLg3i/pChDWYKwKkuRnwFkA7iksdUoR1m26INKScn59ysGTPeEAqujYlh5sydGwACV/hlOGVtCg4IWO7UoUOzKmPHj2eSU1LmQX63UJclaXb9joXsZoBvD73PaQYU0ZIQBqk1LJRrd2l2fR+DYYOBT4B7rJHv4XkW2IxO8RQarljCHBEQb5y8NJtOZkFAEtAI0HSij5FLIL0Q4F5rjOIJE/GL1xtoN6eDEJ3FBwG/Uz7Cq8AO4G+QDqNl8FIQZskRaUIh0hOAqcBVtmwgnieAVMenjxvW6Rpkd/Omek8eaBkftZc6KSGR1fPs4ePrSwn64nnhgd2lf8WI0gZGHydfAR7AdMfSbM3qi+FfttrIhvgFDPPmgHZBmCMD4vUgTT8w0Pl8LeU70AtLr3/aavDP0K3uPRsqYF9NxnP3S7WGLeknO2FLeknJMrb+3Wgi1jL9XGMM+CWkb3vqIJsSXh8XF1tQQD8+Pgt6vZ4RnqNfZAfYlHB1TQ2Tn5v7IvnItm3ftGS7SOEC9hFW+ADKmm8fYdkuUriAfYQVPoCy5ttHWLaLFC5gH2GFD6Cs+fYRlu0ihQvYR1jhAyhrvn2EZbtI4QL2EVb4AMqabx9h2S5SuICZn2kl/UJA2SrXkHbVRZKEA1NjGr1CBqbC2mbMtWVlEXkjPzbxnWhXrHjG4O9S8uR9m8uSJOzk4VbX2d93PrxsnnLC9Jfo40fac0i3e8IgSn4eiwD6X5jzwW6QJMzrJEVFyY8DgVweyJ2J/7/WYaRXvDSEj+4Yyfh6u70OUuSwNhHgNpoixMlvK5P+HFc84SHBbsyeDSPJzfhr4FPABaBAzuexwDYQJY/7pqBowqz/1UfgsR7wZjnRnrMT+BZEK9g848Nqwti3JP2Uo6KizkZGRj4UNiKWxm0XyjYxSExWmMeu02HI/wEYyivXIE5eOwWsb4ewqnUjHBQUxBxP3U/3jERDYGDgPBTQLt5mAWR7Qjl55swCuJPiDcTJFWk/67Ik2b5VI1xcTA6r5kNrvODNaQZRWpvkTsj5XJH4I4A2qY0gKnYvykSlVYRNagsyqkqyyEv9vFwvy+nhl0Mf7baTWWK92TI6DO0DVqEtGl2Lg00JPyr/i267TIOR9Bpo1S0zdp32hx56n47jMcpHnEZaI7VOzbFvi68leum36pYZyHaFji1AHo8sbXALgaEg2iKy1BGqqpJrVdWXLlO8WegaGKD17NOrD/9oSQIPysqz7uadJR/lZsFdrWZ0es2JurvpESjgvMHJh3kNkAIjjUdUYV0uDaLkuhgFxAB0YYsCvUO3ArFfxOfdP3iSc4tmS618qHA+NvoSC+o2eSUKNyG604R80c8lg0GvK0kPp7tONA2bznhsoJ2bpuEJsWnITl8x7/bfUOdzQNS7/Zl6y2OihlteXVySJUDHu3iAjnsUqAMPACuBUiLOyvkjLby/QFOOiJq9v0BKrQ1tQpgzAoTodEHHvdUAHf8o0OuDZgBNU3LoppHn31BZh/QWdIhlPs2k0YrQpoQ5O0DcC3E6/tHdI24J0Zrm3hJ0L3E3sBpEy62w32rR50KYrGKnL90j/h4wfpAj/gdAx8FcsfVtNSOZCs+NMGcHiNOmR8fCJQC51u8FUcnzuYz9Vhf/ByYOnXs1JOL1AAAAAElFTkSuQmCC">';
+      final result = transformer.process(inputHtml, htmlEscape);
+
+      expect(result, equals('<img src="data:image/jpeg;base64,iVBORw0KGgoAAAANSUhEUgAAADwAAABECAYAAADdjVbeAAAABHNCSVQICAgIfAhkiAAACANJREFUeF7tWwlMFFcYnqUgyGHEoy5YAqIFglpbFY+qYL3a0OKVWEXrEQ1WU6XVWmtrq4GIjRFtQdQIqdXURjQxjQoUtCquqaWVQ6WKKIpHFQQBcRVE3N1+P51Zh9mZnV1YlDH7ki/zjv/97//eNW92/6dibBQMBoOqqKhoZlpaWuw/hYX+nT09G4cPG3ZkytSp0S4uLtfEmrl8+N3pyH8MHAqIyDKIydg6z9FWCisrK8OTkpJ+zkxPV7E6ndIOHnzf2dm5NzpjkEqlqhNpqxfyvgOOgvwyPC+AuIiY7bIcbKXqlEYzm0fWqHbXrl1BWq12iEQ73KiOR3kBkAjiXSRkbZJtM8L3a2u7i1l0obCQqa6uFi2DfDKQADwBnIClQDFILwZsNvv4dpkljKkYrL1dlnznTP7JmpLSvUiPzs7O5tc3xr29vUvFCkaPGcOo1errYmWYvjXI/wx4C8hkZbrhuQ3IBel3ALGqLc7j1lszBVhvjF6nC72SlpVRtDjGTX8by6+DA+O3JVrfb3bkIifXjinCFuvr6wckJCScTt6+3ZUrc/fwYJK2bj0yKjQ0HDp1wjr8NIiRLRHARiCALaMpfwBYic4R7VBzOsXKRAljJB3K888V5gyaEyys1C9948M+4RP8QKBKWFZRUdEvIyNjzc0bNwa7urrWDQ4J2RcWFhYP2XqhrFQaxJ1RFg18A3Ri5aj+JmDDjBWah/nFFqszaUaKsM/5nXtuXltAnd08dFn+ARO6KW4SSBwSllEanWXMppnS0gDiXqgbB8wBXmH13MJzFZCKEde3RLfUGjaoHKSMlcr/v3kiyaElBnF1QKgM8fnAcOA0m++D5y+ABh0S0pL1LUX4TvcB/QthuYnNPceFaZF5yqSgDTLonQycgepRwGzgX7aZEXj+CfwI0mprmjZlxNY26PUjrmYdy7y4JNZdd7WWUbk5Mr0Sl+n6zpwW5djR5SdrGrGVLMi5QxdN6eVAR1ZvLZ409RPROQ1ybUkSpopYjwF1FfeiH9y6HezareutTr6vJdfW1n5YWVHhJ1Ts0akT06NHj8WYznf4ZY2NjfNLS0snCRtydHJi/Pz8EiB/XKhLLg3i/pChDWYKwKkuRnwFkA7iksdUoR1m26INKScn59ysGTPeEAqujYlh5sydGwACV/hlOGVtCg4IWO7UoUOzKmPHj2eSU1LmQX63UJclaXb9joXsZoBvD73PaQYU0ZIQBqk1LJRrd2l2fR+DYYOBT4B7rJHv4XkW2IxO8RQarljCHBEQb5y8NJtOZkFAEtAI0HSij5FLIL0Q4F5rjOIJE/GL1xtoN6eDEJ3FBwG/Uz7Cq8AO4G+QDqNl8FIQZskRaUIh0hOAqcBVtmwgnieAVMenjxvW6Rpkd/Omek8eaBkftZc6KSGR1fPs4ePrSwn64nnhgd2lf8WI0gZGHydfAR7AdMfSbM3qi+FfttrIhvgFDPPmgHZBmCMD4vUgTT8w0Pl8LeU70AtLr3/aavDP0K3uPRsqYF9NxnP3S7WGLeknO2FLeknJMrb+3Wgi1jL9XGMM+CWkb3vqIJsSXh8XF1tQQD8+Pgt6vZ4RnqNfZAfYlHB1TQ2Tn5v7IvnItm3ftGS7SOEC9hFW+ADKmm8fYdkuUriAfYQVPoCy5ttHWLaLFC5gH2GFD6Cs+fYRlu0ihQvYR1jhAyhrvn2EZbtI4QL2EVb4AMqabx9h2S5SuICZn2kl/UJA2SrXkHbVRZKEA1NjGr1CBqbC2mbMtWVlEXkjPzbxnWhXrHjG4O9S8uR9m8uSJOzk4VbX2d93PrxsnnLC9Jfo40fac0i3e8IgSn4eiwD6X5jzwW6QJMzrJEVFyY8DgVweyJ2J/7/WYaRXvDSEj+4Yyfh6u70OUuSwNhHgNpoixMlvK5P+HFc84SHBbsyeDSPJzfhr4FPABaBAzuexwDYQJY/7pqBowqz/1UfgsR7wZjnRnrMT+BZEK9g848Nqwti3JP2Uo6KizkZGRj4UNiKWxm0XyjYxSExWmMeu02HI/wEYyivXIE5eOwWsb4ewqnUjHBQUxBxP3U/3jERDYGDgPBTQLt5mAWR7Qjl55swCuJPiDcTJFWk/67Ik2b5VI1xcTA6r5kNrvODNaQZRWpvkTsj5XJH4I4A2qY0gKnYvykSlVYRNagsyqkqyyEv9vFwvy+nhl0Mf7baTWWK92TI6DO0DVqEtGl2Lg00JPyr/i267TIOR9Bpo1S0zdp32hx56n47jMcpHnEZaI7VOzbFvi68leum36pYZyHaFji1AHo8sbXALgaEg2iKy1BGqqpJrVdWXLlO8WegaGKD17NOrD/9oSQIPysqz7uadJR/lZsFdrWZ0es2JurvpESjgvMHJh3kNkAIjjUdUYV0uDaLkuhgFxAB0YYsCvUO3ArFfxOfdP3iSc4tmS618qHA+NvoSC+o2eSUKNyG604R80c8lg0GvK0kPp7tONA2bznhsoJ2bpuEJsWnITl8x7/bfUOdzQNS7/Zl6y2OihlteXVySJUDHu3iAjnsUqAMPACuBUiLOyvkjLby/QFOOiJq9v0BKrQ1tQpgzAoTodEHHvdUAHf8o0OuDZgBNU3LoppHn31BZh/QWdIhlPs2k0YrQpoQ5O0DcC3E6/tHdI24J0Zrm3hJ0L3E3sBpEy62w32rR50KYrGKnL90j/h4wfpAj/gdAx8FcsfVtNSOZCs+NMGcHiNOmR8fCJQC51u8FUcnzuYz9Vhf/ByYOnXs1JOL1AAAAAElFTkSuQmCC">'));
+    });
+
+    test('SHOULD persist value src attribute of IMG tag WHEN it is CID string', () {
+      const inputHtml = '<img src="cid:email123">';
+      final result = transformer.process(inputHtml, htmlEscape);
+
+      expect(result, equals('<img src="cid:email123">'));
+    });
   });
 }
diff --git a/lib/features/base/upgradeable/upgrade_hive_database_steps_v12.dart b/lib/features/base/upgradeable/upgrade_hive_database_steps_v12.dart
new file mode 100644
index 0000000000..603eec6329
--- /dev/null
+++ b/lib/features/base/upgradeable/upgrade_hive_database_steps_v12.dart
@@ -0,0 +1,17 @@
+
+import 'package:tmail_ui_user/features/base/upgradeable/upgrade_database_steps.dart';
+import 'package:tmail_ui_user/features/caching/caching_manager.dart';
+
+class UpgradeHiveDatabaseStepsV12 extends UpgradeDatabaseSteps {
+
+  final CachingManager _cachingManager;
+
+  UpgradeHiveDatabaseStepsV12(this._cachingManager);
+
+  @override
+  Future<void> onUpgrade(int oldVersion, int newVersion) async {
+    if (oldVersion > 0 && oldVersion < newVersion && newVersion == 12) {
+      await _cachingManager.clearEmailCacheAndAllStateCache();
+    }
+  }
+}
\ No newline at end of file
diff --git a/lib/features/caching/caching_manager.dart b/lib/features/caching/caching_manager.dart
index 0fb76098c3..613751f07a 100644
--- a/lib/features/caching/caching_manager.dart
+++ b/lib/features/caching/caching_manager.dart
@@ -106,6 +106,7 @@ class CachingManager {
     return Future.wait([
       _stateCacheClient.deleteItem(StateType.email.getTupleKeyStored(accountId, session.username)),
       _emailCacheClient.clearAllData(),
+      if (PlatformInfo.isMobile) clearAllFileInStorage(),
     ], eagerError: true);
   }
 
@@ -113,11 +114,12 @@ class CachingManager {
     return Future.wait([
       _stateCacheClient.clearAllData(),
       _emailCacheClient.clearAllData(),
+      if (PlatformInfo.isMobile) clearAllFileInStorage(),
     ], eagerError: true);
   }
 
   Future<bool> storeCacheVersion(int newVersion) async {
-    log('CachingManager::storeCacheVersion()');
+    log('CachingManager::storeCacheVersion():newVersion = $newVersion');
     return _hiveCacheVersionClient.storeVersion(newVersion);
   }
 
diff --git a/lib/features/caching/config/cache_version.dart b/lib/features/caching/config/cache_version.dart
index 304bfea834..7b70a1be9f 100644
--- a/lib/features/caching/config/cache_version.dart
+++ b/lib/features/caching/config/cache_version.dart
@@ -1,4 +1,4 @@
 
 class CacheVersion {
-  static const int hiveDBVersion = 11;
+  static const int hiveDBVersion = 12;
 }
\ No newline at end of file
diff --git a/lib/features/caching/config/hive_cache_config.dart b/lib/features/caching/config/hive_cache_config.dart
index 40f2333b0f..7d4d2e56fb 100644
--- a/lib/features/caching/config/hive_cache_config.dart
+++ b/lib/features/caching/config/hive_cache_config.dart
@@ -8,6 +8,7 @@ import 'package:hive/hive.dart';
 import 'package:path_provider/path_provider.dart' as path_provider;
 import 'package:tmail_ui_user/features/base/upgradeable/upgrade_hive_database_steps_v10.dart';
 import 'package:tmail_ui_user/features/base/upgradeable/upgrade_hive_database_steps_v11.dart';
+import 'package:tmail_ui_user/features/base/upgradeable/upgrade_hive_database_steps_v12.dart';
 import 'package:tmail_ui_user/features/base/upgradeable/upgrade_hive_database_steps_v7.dart';
 import 'package:tmail_ui_user/features/caching/caching_manager.dart';
 import 'package:tmail_ui_user/features/caching/config/cache_version.dart';
@@ -67,6 +68,7 @@ class HiveCacheConfig {
     await UpgradeHiveDatabaseStepsV7(cachingManager).onUpgrade(oldVersion, newVersion);
     await UpgradeHiveDatabaseStepsV10(cachingManager).onUpgrade(oldVersion, newVersion);
     await UpgradeHiveDatabaseStepsV11(cachingManager).onUpgrade(oldVersion, newVersion);
+    await UpgradeHiveDatabaseStepsV12(cachingManager).onUpgrade(oldVersion, newVersion);
 
     if (oldVersion != newVersion) {
       await cachingManager.storeCacheVersion(newVersion);
diff --git a/model/pubspec.lock b/model/pubspec.lock
index 7973afbcee..a9484c572e 100644
--- a/model/pubspec.lock
+++ b/model/pubspec.lock
@@ -974,7 +974,7 @@ packages:
     description:
       path: sanitize_html
       ref: support_mail
-      resolved-ref: c663ad93a659fce3c0d209a048fa93c6465ebedc
+      resolved-ref: "01c37cde93640add2291655ef36d4949aff9dade"
       url: "https://github.com/linagora/dart-neats.git"
     source: git
     version: "2.1.0"
diff --git a/pubspec.lock b/pubspec.lock
index 1482ff866f..fb029a315b 100644
--- a/pubspec.lock
+++ b/pubspec.lock
@@ -1719,7 +1719,7 @@ packages:
     description:
       path: sanitize_html
       ref: support_mail
-      resolved-ref: c663ad93a659fce3c0d209a048fa93c6465ebedc
+      resolved-ref: "01c37cde93640add2291655ef36d4949aff9dade"
       url: "https://github.com/linagora/dart-neats.git"
     source: git
     version: "2.1.0"

From a038b8b5f7d42cdf1cb49d712f7a84f973d4afaf Mon Sep 17 00:00:00 2001
From: dab246 <tdvu@linagora.com>
Date: Thu, 24 Oct 2024 10:45:51 +0700
Subject: [PATCH 4/9] fixup! fixup! fixup! Standardize HTML sanitizing when
 preview email

---
 contact/pubspec.lock                               |  2 +-
 .../utils/html_transformer/sanitize_html.dart      |  7 ++++---
 .../standardize_html_sanitizing_transformers.dart  | 14 ++++----------
 core/pubspec.lock                                  |  2 +-
 ...ndardize_html_sanitizing_transformers_test.dart |  2 +-
 .../upgrade_hive_database_steps_v12.dart           |  2 +-
 lib/features/caching/config/cache_version.dart     |  2 +-
 model/pubspec.lock                                 |  2 +-
 pubspec.lock                                       |  2 +-
 9 files changed, 15 insertions(+), 20 deletions(-)

diff --git a/contact/pubspec.lock b/contact/pubspec.lock
index e8a45aec2d..09e768f070 100644
--- a/contact/pubspec.lock
+++ b/contact/pubspec.lock
@@ -997,7 +997,7 @@ packages:
     description:
       path: sanitize_html
       ref: support_mail
-      resolved-ref: "01c37cde93640add2291655ef36d4949aff9dade"
+      resolved-ref: fda32cde4d4baadaa988477f498ab6622ee79987
       url: "https://github.com/linagora/dart-neats.git"
     source: git
     version: "2.1.0"
diff --git a/core/lib/presentation/utils/html_transformer/sanitize_html.dart b/core/lib/presentation/utils/html_transformer/sanitize_html.dart
index b51e3ac6ad..b22e6aaa79 100644
--- a/core/lib/presentation/utils/html_transformer/sanitize_html.dart
+++ b/core/lib/presentation/utils/html_transformer/sanitize_html.dart
@@ -1,19 +1,20 @@
 import 'package:sanitize_html/sanitize_html.dart';
 
+import '../../../utils/app_logger.dart';
+
 class SanitizeHtml {
   String process({
     required String inputHtml,
     List<String>? allowAttributes,
     List<String>? allowTags,
-    List<String>? allowClassNames,
   }) {
+    log('SanitizeHtml::process:inputHtml = $inputHtml');
     final outputHtml = sanitizeHtml(
       inputHtml,
       allowAttributes: allowAttributes,
       allowTags: allowTags,
-      allowClassName: (className) =>
-        allowClassNames?.contains(className.toLowerCase()) == true
     );
+    log('SanitizeHtml::process:outputHtml = $outputHtml');
     return outputHtml;
   }
 }
\ No newline at end of file
diff --git a/core/lib/presentation/utils/html_transformer/text/standardize_html_sanitizing_transformers.dart b/core/lib/presentation/utils/html_transformer/text/standardize_html_sanitizing_transformers.dart
index 588ed66c15..474b14dac5 100644
--- a/core/lib/presentation/utils/html_transformer/text/standardize_html_sanitizing_transformers.dart
+++ b/core/lib/presentation/utils/html_transformer/text/standardize_html_sanitizing_transformers.dart
@@ -9,21 +9,16 @@ class StandardizeHtmlSanitizingTransformers extends TextTransformer {
     'public-asset-id',
     'data-filename',
     'bgcolor',
+    'id',
+    'class',
   ];
 
   static const List<String> mailAllowedHtmlTags = [
     'font',
     'u',
-    'mcourbo@linagora.com',
     'center',
-  ];
-
-  static const List<String> mailAllowedHtmlClassNames = [
-    'tmail-signature',
-    'tmail-signature-blocked',
-    'tmail-signature-button',
-    'tmail-signature-content',
-    'tmail_signature_prefix',
+    'style',
+    'body',
   ];
 
   const StandardizeHtmlSanitizingTransformers();
@@ -34,6 +29,5 @@ class StandardizeHtmlSanitizingTransformers extends TextTransformer {
       inputHtml: text,
       allowAttributes: mailAllowedHtmlAttributes,
       allowTags: mailAllowedHtmlTags,
-      allowClassNames: mailAllowedHtmlClassNames,
     );
 }
diff --git a/core/pubspec.lock b/core/pubspec.lock
index a5ad1c4bfb..e18fb8b14d 100644
--- a/core/pubspec.lock
+++ b/core/pubspec.lock
@@ -950,7 +950,7 @@ packages:
     description:
       path: sanitize_html
       ref: support_mail
-      resolved-ref: "01c37cde93640add2291655ef36d4949aff9dade"
+      resolved-ref: fda32cde4d4baadaa988477f498ab6622ee79987
       url: "https://github.com/linagora/dart-neats.git"
     source: git
     version: "2.1.0"
diff --git a/core/test/utils/standardize_html_sanitizing_transformers_test.dart b/core/test/utils/standardize_html_sanitizing_transformers_test.dart
index c9e21d07c5..f845341f27 100644
--- a/core/test/utils/standardize_html_sanitizing_transformers_test.dart
+++ b/core/test/utils/standardize_html_sanitizing_transformers_test.dart
@@ -34,7 +34,7 @@ void main() {
       const inputHtml = '<a href="javas\x06cript:javascript:alert(1)" id="fuzzelement1">test</a>';
       final result = transformer.process(inputHtml, htmlEscape);
 
-      expect(result, equals('<a>test</a>'));
+      expect(result, equals('<a id="fuzzelement1">test</a>'));
     });
 
     test('SHOULD persist value src attribute of IMG tag WHEN it is base64 string', () {
diff --git a/lib/features/base/upgradeable/upgrade_hive_database_steps_v12.dart b/lib/features/base/upgradeable/upgrade_hive_database_steps_v12.dart
index 603eec6329..f725890bcd 100644
--- a/lib/features/base/upgradeable/upgrade_hive_database_steps_v12.dart
+++ b/lib/features/base/upgradeable/upgrade_hive_database_steps_v12.dart
@@ -10,7 +10,7 @@ class UpgradeHiveDatabaseStepsV12 extends UpgradeDatabaseSteps {
 
   @override
   Future<void> onUpgrade(int oldVersion, int newVersion) async {
-    if (oldVersion > 0 && oldVersion < newVersion && newVersion == 12) {
+    if (oldVersion > 0 && oldVersion < newVersion && newVersion == 17) {
       await _cachingManager.clearEmailCacheAndAllStateCache();
     }
   }
diff --git a/lib/features/caching/config/cache_version.dart b/lib/features/caching/config/cache_version.dart
index 7b70a1be9f..c79ad831af 100644
--- a/lib/features/caching/config/cache_version.dart
+++ b/lib/features/caching/config/cache_version.dart
@@ -1,4 +1,4 @@
 
 class CacheVersion {
-  static const int hiveDBVersion = 12;
+  static const int hiveDBVersion = 17;
 }
\ No newline at end of file
diff --git a/model/pubspec.lock b/model/pubspec.lock
index a9484c572e..9f33346d4d 100644
--- a/model/pubspec.lock
+++ b/model/pubspec.lock
@@ -974,7 +974,7 @@ packages:
     description:
       path: sanitize_html
       ref: support_mail
-      resolved-ref: "01c37cde93640add2291655ef36d4949aff9dade"
+      resolved-ref: fda32cde4d4baadaa988477f498ab6622ee79987
       url: "https://github.com/linagora/dart-neats.git"
     source: git
     version: "2.1.0"
diff --git a/pubspec.lock b/pubspec.lock
index fb029a315b..7cdc98a582 100644
--- a/pubspec.lock
+++ b/pubspec.lock
@@ -1719,7 +1719,7 @@ packages:
     description:
       path: sanitize_html
       ref: support_mail
-      resolved-ref: "01c37cde93640add2291655ef36d4949aff9dade"
+      resolved-ref: fda32cde4d4baadaa988477f498ab6622ee79987
       url: "https://github.com/linagora/dart-neats.git"
     source: git
     version: "2.1.0"

From 342f5e190dad279da505aa7acd6888f98270fd9a Mon Sep 17 00:00:00 2001
From: dab246 <tdvu@linagora.com>
Date: Thu, 24 Oct 2024 10:53:46 +0700
Subject: [PATCH 5/9] fixup! fixup! fixup! fixup! Standardize HTML sanitizing
 when preview email

---
 .../utils/html_transformer/sanitize_html.dart      |  4 ----
 ...ndardize_html_sanitizing_transformers_test.dart | 14 ++++++--------
 2 files changed, 6 insertions(+), 12 deletions(-)

diff --git a/core/lib/presentation/utils/html_transformer/sanitize_html.dart b/core/lib/presentation/utils/html_transformer/sanitize_html.dart
index b22e6aaa79..0d3e5ed673 100644
--- a/core/lib/presentation/utils/html_transformer/sanitize_html.dart
+++ b/core/lib/presentation/utils/html_transformer/sanitize_html.dart
@@ -1,20 +1,16 @@
 import 'package:sanitize_html/sanitize_html.dart';
 
-import '../../../utils/app_logger.dart';
-
 class SanitizeHtml {
   String process({
     required String inputHtml,
     List<String>? allowAttributes,
     List<String>? allowTags,
   }) {
-    log('SanitizeHtml::process:inputHtml = $inputHtml');
     final outputHtml = sanitizeHtml(
       inputHtml,
       allowAttributes: allowAttributes,
       allowTags: allowTags,
     );
-    log('SanitizeHtml::process:outputHtml = $outputHtml');
     return outputHtml;
   }
 }
\ No newline at end of file
diff --git a/core/test/utils/standardize_html_sanitizing_transformers_test.dart b/core/test/utils/standardize_html_sanitizing_transformers_test.dart
index f845341f27..ca96e03e70 100644
--- a/core/test/utils/standardize_html_sanitizing_transformers_test.dart
+++ b/core/test/utils/standardize_html_sanitizing_transformers_test.dart
@@ -15,12 +15,10 @@ void main() {
     });
 
     test('SHOULD remove all SCRIPTS tags', () {
-      const inputHtml = '''
-        </script><img/*%00/src="worksinchrome&colon;prompt&#x28;1&#x29;"/%00*/onerror='eval(src)'>
-      ''';
+      const inputHtml = '<script>alert("This is an alert message!");</script>';
       final result = transformer.process(inputHtml, htmlEscape).trim();
 
-      expect(result, equals('<img>'));
+      expect(result, equals(''));
     });
 
     test('SHOULD remove all IFRAME tags', () {
@@ -31,17 +29,17 @@ void main() {
     });
 
     test('SHOULD remove href attribute of A tag WHEN it is invalid', () {
-      const inputHtml = '<a href="javas\x06cript:javascript:alert(1)" id="fuzzelement1">test</a>';
+      const inputHtml = '<a href="javascript:alert(1)" id="id1">test</a>';
       final result = transformer.process(inputHtml, htmlEscape);
 
-      expect(result, equals('<a id="fuzzelement1">test</a>'));
+      expect(result, equals('<a id="id1">test</a>'));
     });
 
     test('SHOULD persist value src attribute of IMG tag WHEN it is base64 string', () {
-      const inputHtml = '<img src="data:image/jpeg;base64,iVBORw0KGgoAAAANSUhEUgAAADwAAABECAYAAADdjVbeAAAABHNCSVQICAgIfAhkiAAACANJREFUeF7tWwlMFFcYnqUgyGHEoy5YAqIFglpbFY+qYL3a0OKVWEXrEQ1WU6XVWmtrq4GIjRFtQdQIqdXURjQxjQoUtCquqaWVQ6WKKIpHFQQBcRVE3N1+P51Zh9mZnV1YlDH7ki/zjv/97//eNW92/6dibBQMBoOqqKhoZlpaWuw/hYX+nT09G4cPG3ZkytSp0S4uLtfEmrl8+N3pyH8MHAqIyDKIydg6z9FWCisrK8OTkpJ+zkxPV7E6ndIOHnzf2dm5NzpjkEqlqhNpqxfyvgOOgvwyPC+AuIiY7bIcbKXqlEYzm0fWqHbXrl1BWq12iEQ73KiOR3kBkAjiXSRkbZJtM8L3a2u7i1l0obCQqa6uFi2DfDKQADwBnIClQDFILwZsNvv4dpkljKkYrL1dlnznTP7JmpLSvUiPzs7O5tc3xr29vUvFCkaPGcOo1errYmWYvjXI/wx4C8hkZbrhuQ3IBel3ALGqLc7j1lszBVhvjF6nC72SlpVRtDjGTX8by6+DA+O3JVrfb3bkIifXjinCFuvr6wckJCScTt6+3ZUrc/fwYJK2bj0yKjQ0HDp1wjr8NIiRLRHARiCALaMpfwBYic4R7VBzOsXKRAljJB3K888V5gyaEyys1C9948M+4RP8QKBKWFZRUdEvIyNjzc0bNwa7urrWDQ4J2RcWFhYP2XqhrFQaxJ1RFg18A3Ri5aj+JmDDjBWah/nFFqszaUaKsM/5nXtuXltAnd08dFn+ARO6KW4SSBwSllEanWXMppnS0gDiXqgbB8wBXmH13MJzFZCKEde3RLfUGjaoHKSMlcr/v3kiyaElBnF1QKgM8fnAcOA0m++D5y+ABh0S0pL1LUX4TvcB/QthuYnNPceFaZF5yqSgDTLonQycgepRwGzgX7aZEXj+CfwI0mprmjZlxNY26PUjrmYdy7y4JNZdd7WWUbk5Mr0Sl+n6zpwW5djR5SdrGrGVLMi5QxdN6eVAR1ZvLZ409RPROQ1ybUkSpopYjwF1FfeiH9y6HezareutTr6vJdfW1n5YWVHhJ1Ts0akT06NHj8WYznf4ZY2NjfNLS0snCRtydHJi/Pz8EiB/XKhLLg3i/pChDWYKwKkuRnwFkA7iksdUoR1m26INKScn59ysGTPeEAqujYlh5sydGwACV/hlOGVtCg4IWO7UoUOzKmPHj2eSU1LmQX63UJclaXb9joXsZoBvD73PaQYU0ZIQBqk1LJRrd2l2fR+DYYOBT4B7rJHv4XkW2IxO8RQarljCHBEQb5y8NJtOZkFAEtAI0HSij5FLIL0Q4F5rjOIJE/GL1xtoN6eDEJ3FBwG/Uz7Cq8AO4G+QDqNl8FIQZskRaUIh0hOAqcBVtmwgnieAVMenjxvW6Rpkd/Omek8eaBkftZc6KSGR1fPs4ePrSwn64nnhgd2lf8WI0gZGHydfAR7AdMfSbM3qi+FfttrIhvgFDPPmgHZBmCMD4vUgTT8w0Pl8LeU70AtLr3/aavDP0K3uPRsqYF9NxnP3S7WGLeknO2FLeknJMrb+3Wgi1jL9XGMM+CWkb3vqIJsSXh8XF1tQQD8+Pgt6vZ4RnqNfZAfYlHB1TQ2Tn5v7IvnItm3ftGS7SOEC9hFW+ADKmm8fYdkuUriAfYQVPoCy5ttHWLaLFC5gH2GFD6Cs+fYRlu0ihQvYR1jhAyhrvn2EZbtI4QL2EVb4AMqabx9h2S5SuICZn2kl/UJA2SrXkHbVRZKEA1NjGr1CBqbC2mbMtWVlEXkjPzbxnWhXrHjG4O9S8uR9m8uSJOzk4VbX2d93PrxsnnLC9Jfo40fac0i3e8IgSn4eiwD6X5jzwW6QJMzrJEVFyY8DgVweyJ2J/7/WYaRXvDSEj+4Yyfh6u70OUuSwNhHgNpoixMlvK5P+HFc84SHBbsyeDSPJzfhr4FPABaBAzuexwDYQJY/7pqBowqz/1UfgsR7wZjnRnrMT+BZEK9g848Nqwti3JP2Uo6KizkZGRj4UNiKWxm0XyjYxSExWmMeu02HI/wEYyivXIE5eOwWsb4ewqnUjHBQUxBxP3U/3jERDYGDgPBTQLt5mAWR7Qjl55swCuJPiDcTJFWk/67Ik2b5VI1xcTA6r5kNrvODNaQZRWpvkTsj5XJH4I4A2qY0gKnYvykSlVYRNagsyqkqyyEv9vFwvy+nhl0Mf7baTWWK92TI6DO0DVqEtGl2Lg00JPyr/i267TIOR9Bpo1S0zdp32hx56n47jMcpHnEZaI7VOzbFvi68leum36pYZyHaFji1AHo8sbXALgaEg2iKy1BGqqpJrVdWXLlO8WegaGKD17NOrD/9oSQIPysqz7uadJR/lZsFdrWZ0es2JurvpESjgvMHJh3kNkAIjjUdUYV0uDaLkuhgFxAB0YYsCvUO3ArFfxOfdP3iSc4tmS618qHA+NvoSC+o2eSUKNyG604R80c8lg0GvK0kPp7tONA2bznhsoJ2bpuEJsWnITl8x7/bfUOdzQNS7/Zl6y2OihlteXVySJUDHu3iAjnsUqAMPACuBUiLOyvkjLby/QFOOiJq9v0BKrQ1tQpgzAoTodEHHvdUAHf8o0OuDZgBNU3LoppHn31BZh/QWdIhlPs2k0YrQpoQ5O0DcC3E6/tHdI24J0Zrm3hJ0L3E3sBpEy62w32rR50KYrGKnL90j/h4wfpAj/gdAx8FcsfVtNSOZCs+NMGcHiNOmR8fCJQC51u8FUcnzuYz9Vhf/ByYOnXs1JOL1AAAAAElFTkSuQmCC">';
+      const inputHtml = '<img src="data:image/jpeg;base64,iVBORw0KGgoAAAANSUhEUgAAAAUA">';
       final result = transformer.process(inputHtml, htmlEscape);
 
-      expect(result, equals('<img src="data:image/jpeg;base64,iVBORw0KGgoAAAANSUhEUgAAADwAAABECAYAAADdjVbeAAAABHNCSVQICAgIfAhkiAAACANJREFUeF7tWwlMFFcYnqUgyGHEoy5YAqIFglpbFY+qYL3a0OKVWEXrEQ1WU6XVWmtrq4GIjRFtQdQIqdXURjQxjQoUtCquqaWVQ6WKKIpHFQQBcRVE3N1+P51Zh9mZnV1YlDH7ki/zjv/97//eNW92/6dibBQMBoOqqKhoZlpaWuw/hYX+nT09G4cPG3ZkytSp0S4uLtfEmrl8+N3pyH8MHAqIyDKIydg6z9FWCisrK8OTkpJ+zkxPV7E6ndIOHnzf2dm5NzpjkEqlqhNpqxfyvgOOgvwyPC+AuIiY7bIcbKXqlEYzm0fWqHbXrl1BWq12iEQ73KiOR3kBkAjiXSRkbZJtM8L3a2u7i1l0obCQqa6uFi2DfDKQADwBnIClQDFILwZsNvv4dpkljKkYrL1dlnznTP7JmpLSvUiPzs7O5tc3xr29vUvFCkaPGcOo1errYmWYvjXI/wx4C8hkZbrhuQ3IBel3ALGqLc7j1lszBVhvjF6nC72SlpVRtDjGTX8by6+DA+O3JVrfb3bkIifXjinCFuvr6wckJCScTt6+3ZUrc/fwYJK2bj0yKjQ0HDp1wjr8NIiRLRHARiCALaMpfwBYic4R7VBzOsXKRAljJB3K888V5gyaEyys1C9948M+4RP8QKBKWFZRUdEvIyNjzc0bNwa7urrWDQ4J2RcWFhYP2XqhrFQaxJ1RFg18A3Ri5aj+JmDDjBWah/nFFqszaUaKsM/5nXtuXltAnd08dFn+ARO6KW4SSBwSllEanWXMppnS0gDiXqgbB8wBXmH13MJzFZCKEde3RLfUGjaoHKSMlcr/v3kiyaElBnF1QKgM8fnAcOA0m++D5y+ABh0S0pL1LUX4TvcB/QthuYnNPceFaZF5yqSgDTLonQycgepRwGzgX7aZEXj+CfwI0mprmjZlxNY26PUjrmYdy7y4JNZdd7WWUbk5Mr0Sl+n6zpwW5djR5SdrGrGVLMi5QxdN6eVAR1ZvLZ409RPROQ1ybUkSpopYjwF1FfeiH9y6HezareutTr6vJdfW1n5YWVHhJ1Ts0akT06NHj8WYznf4ZY2NjfNLS0snCRtydHJi/Pz8EiB/XKhLLg3i/pChDWYKwKkuRnwFkA7iksdUoR1m26INKScn59ysGTPeEAqujYlh5sydGwACV/hlOGVtCg4IWO7UoUOzKmPHj2eSU1LmQX63UJclaXb9joXsZoBvD73PaQYU0ZIQBqk1LJRrd2l2fR+DYYOBT4B7rJHv4XkW2IxO8RQarljCHBEQb5y8NJtOZkFAEtAI0HSij5FLIL0Q4F5rjOIJE/GL1xtoN6eDEJ3FBwG/Uz7Cq8AO4G+QDqNl8FIQZskRaUIh0hOAqcBVtmwgnieAVMenjxvW6Rpkd/Omek8eaBkftZc6KSGR1fPs4ePrSwn64nnhgd2lf8WI0gZGHydfAR7AdMfSbM3qi+FfttrIhvgFDPPmgHZBmCMD4vUgTT8w0Pl8LeU70AtLr3/aavDP0K3uPRsqYF9NxnP3S7WGLeknO2FLeknJMrb+3Wgi1jL9XGMM+CWkb3vqIJsSXh8XF1tQQD8+Pgt6vZ4RnqNfZAfYlHB1TQ2Tn5v7IvnItm3ftGS7SOEC9hFW+ADKmm8fYdkuUriAfYQVPoCy5ttHWLaLFC5gH2GFD6Cs+fYRlu0ihQvYR1jhAyhrvn2EZbtI4QL2EVb4AMqabx9h2S5SuICZn2kl/UJA2SrXkHbVRZKEA1NjGr1CBqbC2mbMtWVlEXkjPzbxnWhXrHjG4O9S8uR9m8uSJOzk4VbX2d93PrxsnnLC9Jfo40fac0i3e8IgSn4eiwD6X5jzwW6QJMzrJEVFyY8DgVweyJ2J/7/WYaRXvDSEj+4Yyfh6u70OUuSwNhHgNpoixMlvK5P+HFc84SHBbsyeDSPJzfhr4FPABaBAzuexwDYQJY/7pqBowqz/1UfgsR7wZjnRnrMT+BZEK9g848Nqwti3JP2Uo6KizkZGRj4UNiKWxm0XyjYxSExWmMeu02HI/wEYyivXIE5eOwWsb4ewqnUjHBQUxBxP3U/3jERDYGDgPBTQLt5mAWR7Qjl55swCuJPiDcTJFWk/67Ik2b5VI1xcTA6r5kNrvODNaQZRWpvkTsj5XJH4I4A2qY0gKnYvykSlVYRNagsyqkqyyEv9vFwvy+nhl0Mf7baTWWK92TI6DO0DVqEtGl2Lg00JPyr/i267TIOR9Bpo1S0zdp32hx56n47jMcpHnEZaI7VOzbFvi68leum36pYZyHaFji1AHo8sbXALgaEg2iKy1BGqqpJrVdWXLlO8WegaGKD17NOrD/9oSQIPysqz7uadJR/lZsFdrWZ0es2JurvpESjgvMHJh3kNkAIjjUdUYV0uDaLkuhgFxAB0YYsCvUO3ArFfxOfdP3iSc4tmS618qHA+NvoSC+o2eSUKNyG604R80c8lg0GvK0kPp7tONA2bznhsoJ2bpuEJsWnITl8x7/bfUOdzQNS7/Zl6y2OihlteXVySJUDHu3iAjnsUqAMPACuBUiLOyvkjLby/QFOOiJq9v0BKrQ1tQpgzAoTodEHHvdUAHf8o0OuDZgBNU3LoppHn31BZh/QWdIhlPs2k0YrQpoQ5O0DcC3E6/tHdI24J0Zrm3hJ0L3E3sBpEy62w32rR50KYrGKnL90j/h4wfpAj/gdAx8FcsfVtNSOZCs+NMGcHiNOmR8fCJQC51u8FUcnzuYz9Vhf/ByYOnXs1JOL1AAAAAElFTkSuQmCC">'));
+      expect(result, equals('<img src="data:image/jpeg;base64,iVBORw0KGgoAAAANSUhEUgAAAAUA">'));
     });
 
     test('SHOULD persist value src attribute of IMG tag WHEN it is CID string', () {

From 14040ad9b9659934c75d4bf2cf6e8acf89dffbbe Mon Sep 17 00:00:00 2001
From: dab246 <tdvu@linagora.com>
Date: Thu, 24 Oct 2024 10:55:45 +0700
Subject: [PATCH 6/9] fixup! fixup! fixup! fixup! fixup! Standardize HTML
 sanitizing when preview email

---
 .../base/upgradeable/upgrade_hive_database_steps_v12.dart       | 2 +-
 lib/features/caching/config/cache_version.dart                  | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/lib/features/base/upgradeable/upgrade_hive_database_steps_v12.dart b/lib/features/base/upgradeable/upgrade_hive_database_steps_v12.dart
index f725890bcd..603eec6329 100644
--- a/lib/features/base/upgradeable/upgrade_hive_database_steps_v12.dart
+++ b/lib/features/base/upgradeable/upgrade_hive_database_steps_v12.dart
@@ -10,7 +10,7 @@ class UpgradeHiveDatabaseStepsV12 extends UpgradeDatabaseSteps {
 
   @override
   Future<void> onUpgrade(int oldVersion, int newVersion) async {
-    if (oldVersion > 0 && oldVersion < newVersion && newVersion == 17) {
+    if (oldVersion > 0 && oldVersion < newVersion && newVersion == 12) {
       await _cachingManager.clearEmailCacheAndAllStateCache();
     }
   }
diff --git a/lib/features/caching/config/cache_version.dart b/lib/features/caching/config/cache_version.dart
index c79ad831af..7b70a1be9f 100644
--- a/lib/features/caching/config/cache_version.dart
+++ b/lib/features/caching/config/cache_version.dart
@@ -1,4 +1,4 @@
 
 class CacheVersion {
-  static const int hiveDBVersion = 17;
+  static const int hiveDBVersion = 12;
 }
\ No newline at end of file

From 4ffca69ec292a017b5aecee3a38db9d924e74444 Mon Sep 17 00:00:00 2001
From: dab246 <tdvu@linagora.com>
Date: Thu, 24 Oct 2024 13:40:35 +0700
Subject: [PATCH 7/9] fixup! fixup! fixup! fixup! fixup! fixup! Standardize
 HTML sanitizing when preview email

---
 docs/adr/0053-standardize-html-sanitizing.md | 21 ++++++++++++++++++++
 1 file changed, 21 insertions(+)
 create mode 100644 docs/adr/0053-standardize-html-sanitizing.md

diff --git a/docs/adr/0053-standardize-html-sanitizing.md b/docs/adr/0053-standardize-html-sanitizing.md
new file mode 100644
index 0000000000..ad78d60f1c
--- /dev/null
+++ b/docs/adr/0053-standardize-html-sanitizing.md
@@ -0,0 +1,21 @@
+# 53. Standardize HTML sanitizing
+
+Date: 2024-10-24
+
+## Status
+
+Accepted
+
+## Context
+
+- The email content contains many unnecessary html attribute tags. We want to display the email content best on multiple platforms.
+
+## Decision
+
+- We sanitize the html before displaying the email.
+  - Customize the `sanitize html` library to allow `attributes`, `tags` and `className` to be used.
+  - The processing order is from `tags` -> `attributes` -> `className`
+
+## Consequences
+
+- Email content is cleaner. Displays well on all platforms. Any changes to sanitize html are updated here

From d5dff909bd09b35e4d306761cee9dc8c3ecf71cf Mon Sep 17 00:00:00 2001
From: dab246 <tdvu@linagora.com>
Date: Thu, 24 Oct 2024 14:38:54 +0700
Subject: [PATCH 8/9] fixup! fixup! fixup! fixup! fixup! fixup! fixup!
 Standardize HTML sanitizing when preview email

---
 ...ize_html_sanitizing_transformers_test.dart | 68 +++++++++++++++++++
 1 file changed, 68 insertions(+)

diff --git a/core/test/utils/standardize_html_sanitizing_transformers_test.dart b/core/test/utils/standardize_html_sanitizing_transformers_test.dart
index ca96e03e70..f9a9ef8777 100644
--- a/core/test/utils/standardize_html_sanitizing_transformers_test.dart
+++ b/core/test/utils/standardize_html_sanitizing_transformers_test.dart
@@ -7,6 +7,74 @@ void main() {
     const transformer = StandardizeHtmlSanitizingTransformers();
     const htmlEscape = HtmlEscape();
 
+    test('SHOULD remove all `on*` attributes tag', () {
+      const listOnEventAttributes = [
+        'mousedown',
+        'mouseenter',
+        'mouseleave',
+        'mousemove',
+        'mouseover',
+        'mouseout',
+        'mouseup',
+        'load',
+        'unload',
+        'loadstart',
+        'loadeddata',
+        'loadedmetadata',
+        'playing',
+        'show',
+        'error',
+        'message',
+        'focus',
+        'focusin',
+        'focusout',
+        'keydown',
+        'keydpress',
+        'keydup',
+        'input',
+        'ended',
+        'drag',
+        'drop',
+        'dragstart',
+        'dragover',
+        'dragleave',
+        'dragend',
+        'dragenter',
+        'beforeunload',
+        'beforeprint',
+        'afterprint',
+        'blur',
+        'click',
+        'change',
+        'contextmenu',
+        'cut',
+        'copy',
+        'dblclick',
+        'abort',
+        'durationchange',
+        'progress',
+        'resize',
+        'reset',
+        'scroll',
+        'seeked',
+        'select',
+        'submit',
+        'toggle',
+        'volumechange',
+        'touchstart',
+        'touchmove',
+        'touchend',
+        'touchcancel'
+      ];
+
+      for (var i = 0; i < listOnEventAttributes.length; i++) {
+        final inputHtml = '<img src="1" href="1" on${listOnEventAttributes[i]}="javascript:alert(1)">';
+        final result = transformer.process(inputHtml, htmlEscape);
+
+        expect(result, equals('<img src="1">'));
+      }
+    });
+
     test('SHOULD remove attributes of IMG tag WHEN they are invalid', () {
       const inputHtml = '<img src="1" href="1" onerror="javascript:alert(1)">';
       final result = transformer.process(inputHtml, htmlEscape);

From f19ac7d4cc317a47eccc611ecdb259fdb38b56ec Mon Sep 17 00:00:00 2001
From: dab246 <tdvu@linagora.com>
Date: Thu, 24 Oct 2024 15:46:22 +0700
Subject: [PATCH 9/9] fixup! fixup! fixup! fixup! fixup! fixup! fixup! fixup!
 Standardize HTML sanitizing when preview email

---
 ...ize_html_sanitizing_transformers_test.dart | 27 +++++++++++++++++++
 1 file changed, 27 insertions(+)

diff --git a/core/test/utils/standardize_html_sanitizing_transformers_test.dart b/core/test/utils/standardize_html_sanitizing_transformers_test.dart
index f9a9ef8777..2249cac95e 100644
--- a/core/test/utils/standardize_html_sanitizing_transformers_test.dart
+++ b/core/test/utils/standardize_html_sanitizing_transformers_test.dart
@@ -75,6 +75,33 @@ void main() {
       }
     });
 
+    test('SHOULD remove all `on*` attributes for any tags', () {
+      const listOnEventAttributes = [
+        'mousedown', 'mouseenter', 'mouseleave', 'mousemove', 'mouseover',
+        'mouseout', 'mouseup', 'load', 'unload', 'loadstart', 'loadeddata',
+        'loadedmetadata', 'playing', 'show', 'error', 'message', 'focus',
+        'focusin', 'focusout', 'keydown', 'keypress', 'keyup', 'input', 'ended',
+        'drag', 'drop', 'dragstart', 'dragover', 'dragleave', 'dragend', 'dragenter',
+        'beforeunload', 'beforeprint', 'afterprint', 'blur', 'click', 'change',
+        'contextmenu', 'cut', 'copy', 'dblclick', 'abort', 'durationchange',
+        'progress', 'resize', 'reset', 'scroll', 'seeked', 'select', 'submit',
+        'toggle', 'volumechange', 'touchstart', 'touchmove', 'touchend', 'touchcancel'
+      ];
+
+      const listHTMLTags = [
+        'div', 'span', 'p', 'a', 'u', 'i', 'table'
+      ];
+
+      for (var tag in listHTMLTags) {
+        for (var event in listOnEventAttributes) {
+          final inputHtml = '<$tag on$event="javascript:alert(1)"></$tag>';
+          final result = transformer.process(inputHtml, htmlEscape);
+
+          expect(result, equals('<$tag></$tag>'));
+        }
+      }
+    });
+
     test('SHOULD remove attributes of IMG tag WHEN they are invalid', () {
       const inputHtml = '<img src="1" href="1" onerror="javascript:alert(1)">';
       final result = transformer.process(inputHtml, htmlEscape);