From d9217584061980e5311874711f6fd3a10d300ec1 Mon Sep 17 00:00:00 2001
From: Mihai Moldovan <ionic@ionic.de>
Date: Wed, 17 Apr 2024 12:05:33 +0200
Subject: [PATCH 1/2] js/mailhops.js: lower case Received-SPF state.

Some MTAs pass a non-lowercase state, so make sure we sanitize it before
we select the icon or the description.
---
 js/mailhops.js | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/js/mailhops.js b/js/mailhops.js
index 46e8822..d041643 100644
--- a/js/mailhops.js
+++ b/js/mailhops.js
@@ -308,8 +308,8 @@ class MailHops {
       auth.push({
         type: 'SPF',
         color: 'green',
-        icon: '/images/auth/' + headerSPFArr[0] + '.png',
-        copy: header_spf + '\n' + MailHopsUtils.spf(headerSPFArr[0]).trim()
+        icon: '/images/auth/' + headerSPFArr[0].toLowerCase () + '.png',
+        copy: header_spf + '\n' + MailHopsUtils.spf(headerSPFArr[0].toLowerCase ()).trim()
       });
     }
     //Authentication-Results

From 889b4b6e630b9b7cf72bee6b8938c11ff8b7ab70 Mon Sep 17 00:00:00 2001
From: Mihai Moldovan <ionic@ionic.de>
Date: Wed, 17 Apr 2024 12:21:14 +0200
Subject: [PATCH 2/2] js/mailhops.js: rework Received-SPF header parsing.

Instead of just extracting the state itself, we'll also fetch the reason
(typically parenthesis-enclosed) and use the rest of the header as
additional data, which is only shown if the extrainfo preference has
been turned on.
---
 js/mailhops.js | 33 ++++++++++++++++++++++++++++++---
 1 file changed, 30 insertions(+), 3 deletions(-)

diff --git a/js/mailhops.js b/js/mailhops.js
index d041643..63bb086 100644
--- a/js/mailhops.js
+++ b/js/mailhops.js
@@ -299,17 +299,44 @@ class MailHops {
     browser.messageDisplayAction.setTitle({ title: this.message.sender.title, tabId: this.tabId });
   }
 
+  sanitizeString(str) {
+    return str.replace (/\t/g, ' ').replace (/\s+/g, ' ').replace (/</g, '&lt;').replace (/>/g, '&gt;').trim ();
+  }
+
   auth(header_xmailer, header_useragent, header_xmimeole, header_auth, header_spf, header_unsubscribe) {
     let auth = [];
     //SPF
     if (header_spf) {
-      header_spf = header_spf.replace(/^\s+/, "");
+      // Compact whitespace, make sure addresses enclosed in <> parse as valid
+      // XHTMl later on.
+      header_spf = this.sanitizeString (header_spf);
+
+      // Split value on whitespace. We'll extract data from this.
       var headerSPFArr = header_spf.split(' ');
+
+      // First element should always indicate the state.
+      var spfState = headerSPFArr.shift ();
+
+      // Additionally, we might have a reason description, enclosed in parenthesis.
+      // Example: spfState = "Pass", reason description: "(mailfrom)"
+      var spfStateReason = '';
+      if (-1 != headerSPFArr[0].search (/^\(.*\)$/)) {
+        spfStateReason = ' ' + headerSPFArr.shift ();
+      }
+
+      // Put it all together, with extra information if requested.
+      var copy = spfState + spfStateReason;
+      if (this.options.extrainfo) {
+        copy += '\n<br />' + headerSPFArr.join (' ') + '\n<br />';
+      }
+      copy += '\n<br />' + MailHopsUtils.spf(spfState.toLowerCase ()).trim ();
+
+      this.LOG ("SPF state and data: " + copy);
       auth.push({
         type: 'SPF',
         color: 'green',
-        icon: '/images/auth/' + headerSPFArr[0].toLowerCase () + '.png',
-        copy: header_spf + '\n' + MailHopsUtils.spf(headerSPFArr[0].toLowerCase ()).trim()
+        icon: '/images/auth/' + spfState.toLowerCase () + '.png',
+        copy: copy
       });
     }
     //Authentication-Results