Skip to content

Add attachments to ai processing #601

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
elie222 merged 1 commit into from
Jul 28, 2025
Merged

Add attachments to ai processing #601

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 5 additions & 0 deletions apps/web/utils/get-email-from-message.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,5 +15,10 @@ export function getEmailForLLM(
subject: message.headers.subject,
content: emailToContent(message, contentOptions),
date: internalDateToDate(message.internalDate),
attachments: message.attachments?.map((attachment) => ({
filename: attachment.filename,
mimeType: attachment.mimeType,
size: attachment.size,
})),
};
}
10 changes: 10 additions & 0 deletions apps/web/utils/stringify-email.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,16 @@ export function stringifyEmail(email: EmailForLLM, maxLength: number) {
`<body>${truncate(removeExcessiveWhitespace(email.content), maxLength)}</body>`,
];

if (email.attachments && email.attachments.length > 0) {
const attachmentsXml = email.attachments
.map(
(att) =>
`<attachment filename="${att.filename}" type="${att.mimeType}" size="${att.size}" />`,
)
.join("\n");
emailParts.push(`<attachments>\n${attachmentsXml}\n</attachments>`);
}
Comment on lines +16 to +24
Copy link
Contributor

@coderabbitai coderabbitai bot Jul 28, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Verification agent

❓ Verification inconclusive

Fix XML attribute escaping for attachment metadata.

The attachment XML generation doesn't escape special characters in attribute values, which could break the XML structure if filenames contain quotes or other special characters.

Consider escaping the attribute values:

-          `<attachment filename="${att.filename}" type="${att.mimeType}" size="${att.size}" />`,
+          `<attachment filename="${att.filename.replace(/"/g, '&quot;')}" type="${att.mimeType.replace(/"/g, '&quot;')}" size="${att.size}" />`,

Or better yet, extract this to a utility function for proper XML attribute escaping.

Let me verify if there are existing XML escaping utilities in the codebase:

🏁 Script executed:

#!/bin/bash
# Search for XML/HTML escaping utilities in the codebase
rg -i "escape.*xml|xml.*escape|escapehtml|htmlescape" --type ts

Length of output: 65

Fix XML Attribute Escaping in stringifyEmail

The attachment serialization in apps/web/utils/stringify-email.ts does not escape special characters (e.g., quotes, ampersands) in XML attribute values. Unescaped values can break the XML structure or introduce injection risks.

Please update as follows:

• File: apps/web/utils/stringify-email.ts
Lines: ~16–24

• Introduce an xmlEscape() helper (e.g. in apps/web/utils/xml-utils.ts) that replaces &, <, >, " and ' with their XML entities.
• Use xmlEscape() when interpolating filename, mimeType, and (if string) size.

Example diff:

--- a/apps/web/utils/stringify-email.ts
+++ b/apps/web/utils/stringify-email.ts
@@ -13,8 +13,11 @@ export function stringifyEmail(email: Email): string[] {
   if (email.attachments && email.attachments.length > 0) {
     const attachmentsXml = email.attachments
       .map((att) =>
-        `<attachment filename="${att.filename}" type="${att.mimeType}" size="${att.size}" />`,
+        `<attachment ` +
+          `filename="${xmlEscape(att.filename)}" ` +
+          `type="${xmlEscape(att.mimeType)}" ` +
+          `size="${xmlEscape(String(att.size))}" ` +
+        `/>`,
       )
       .join("\n");
     emailParts.push(`<attachments>\n${attachmentsXml}\n</attachments>`);

If you’d rather not add a new file, you can place xmlEscape alongside other utilities in apps/web/utils/.

Committable suggestion skipped: line range outside the PR's diff.

🤖 Prompt for AI Agents 
In apps/web/utils/stringify-email.ts around lines 16 to 24, the XML attribute
values for attachments are not escaped, risking broken XML or injection issues.
Create an xmlEscape() helper function that replaces &, <, >, ", and ' with their
XML entity equivalents, either in a new file apps/web/utils/xml-utils.ts or
alongside existing utilities. Then apply xmlEscape() to filename, mimeType, and
size (if it is a string) when constructing the attachment XML attributes to
ensure all special characters are properly escaped.


return emailParts.filter(Boolean).join("\n");
}

Expand Down
5 changes: 5 additions & 0 deletions apps/web/utils/types.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -113,4 +113,9 @@ export type EmailForLLM = {
subject: string;
content: string;
date?: Date;
attachments?: Array<{
filename: string;
mimeType: string;
size: number;
}>;
};
Loading