|
|
@@ -2,6 +2,7 @@
|
|
|
* Sapphire
|
|
|
*
|
|
|
* Copyright (C) 2018 eq
|
|
|
+ * Copyright (C) 2018 Alyssa Rosenzweig
|
|
|
*
|
|
|
* This program is free software; you can redistribute it and/or modify
|
|
|
* it under the terms of the GNU General Public License as published by
|
|
|
@@ -22,12 +23,15 @@
|
|
|
const sanitizationConfig = {
|
|
|
allowedElements: {
|
|
|
b: {},
|
|
|
+ strong: {},
|
|
|
i: {},
|
|
|
+ em: {},
|
|
|
u: {},
|
|
|
s: {},
|
|
|
- a: {href: 'protocol'},
|
|
|
+ br: {},
|
|
|
+ a: {href: 'href'},
|
|
|
},
|
|
|
- allowedProtocols: ['http', 'https', 'gopher']
|
|
|
+ allowedProtocols: ['http', 'https', 'mailto', 'gopher']
|
|
|
};
|
|
|
|
|
|
const isProtocolSafe = function(str) {
|
|
|
@@ -35,29 +39,74 @@ const isProtocolSafe = function(str) {
|
|
|
return s.length > 1 && sanitizationConfig.allowedProtocols.includes(s[0]);
|
|
|
};
|
|
|
|
|
|
+const stripProtocol = function(href) {
|
|
|
+ return href.split(':').slice(1).join(':');
|
|
|
+};
|
|
|
+
|
|
|
+const addSanitizedChildren = function(newElement, from) {
|
|
|
+ for (const node of from.childNodes) {
|
|
|
+ newElement.appendChild(sanitizeNode(node));
|
|
|
+ }
|
|
|
+};
|
|
|
+
|
|
|
// TODO: some sort of time limit so bad actors can't DDOS the client with huge
|
|
|
// element trees
|
|
|
const sanitizeElement = function(element) {
|
|
|
const tagName = element.tagName.toLowerCase();
|
|
|
if (sanitizationConfig.allowedElements[tagName]) {
|
|
|
- const newElement = document.createElement(tagName);
|
|
|
+ let newElement = document.createElement(tagName);
|
|
|
+
|
|
|
+ /* A link to append to the end */
|
|
|
+ let postfixLink = null;
|
|
|
|
|
|
for (const attr of element.getAttributeNames()) {
|
|
|
const attrType = sanitizationConfig.allowedElements[tagName][attr];
|
|
|
+ const attrVal = element.getAttribute(attr);
|
|
|
|
|
|
// TODO: other element types
|
|
|
- if (attrType === 'protocol' && isProtocolSafe(element.getAttribute(attr))) {
|
|
|
- newElement.setAttribute(attr, element.getAttribute(attr));
|
|
|
+ if (attrType === 'href' && isProtocolSafe(attrVal)) {
|
|
|
+ /* We have a link to a safe protocol. Check if the link text
|
|
|
+ * matches the destination (safe links), or at least the
|
|
|
+ * destination with the protocol stripped, common for mailto.
|
|
|
+ */
|
|
|
+
|
|
|
+ const text = element.innerText;
|
|
|
+
|
|
|
+ if (text == attrVal || text == stripProtocol(attrVal)) {
|
|
|
+ newElement.setAttribute(attr, attrVal);
|
|
|
+ } else {
|
|
|
+ /* This is a deceptive link destination, since the text
|
|
|
+ * doesn't match. Add a dedicated link to the side. There
|
|
|
+ * must be no existing properties for this to function */
|
|
|
+
|
|
|
+ postfixLink = attrVal;
|
|
|
+ newElement = document.createElement("span");
|
|
|
+ }
|
|
|
}
|
|
|
}
|
|
|
|
|
|
- for (const node of element.childNodes) {
|
|
|
- newElement.appendChild(sanitizeNode(node));
|
|
|
+ addSanitizedChildren(newElement, element);
|
|
|
+
|
|
|
+ if (postfixLink) {
|
|
|
+ /* Append a link destination */
|
|
|
+ const linkEl = document.createElement('a');
|
|
|
+ linkEl.setAttribute('href', postfixLink);
|
|
|
+ linkEl.innerText = postfixLink;
|
|
|
+
|
|
|
+ newElement.appendChild(document.createTextNode(' ('));
|
|
|
+ newElement.appendChild(linkEl);
|
|
|
+ newElement.appendChild(document.createTextNode(')'));
|
|
|
}
|
|
|
|
|
|
return newElement;
|
|
|
} else {
|
|
|
- return document.createTextNode(element.outerHTML);
|
|
|
+ /* The element was not allowed. Strip it, but still allow through its
|
|
|
+ * (sanitized) children */
|
|
|
+
|
|
|
+ const newElement = document.createElement("span");
|
|
|
+ addSanitizedChildren(newElement, element);
|
|
|
+
|
|
|
+ return newElement;
|
|
|
}
|
|
|
};
|
|
|
|
|
|
@@ -77,9 +126,7 @@ window.sanitizeHtmlString = function(str) {
|
|
|
|
|
|
element.innerHTML = str;
|
|
|
|
|
|
- for (const child of element.childNodes) {
|
|
|
- newElement.appendChild(sanitizeNode(child));
|
|
|
- }
|
|
|
+ addSanitizedChildren(newElement, element);
|
|
|
|
|
|
return newElement.innerHTML;
|
|
|
};
|
Alyssa Rosenzweig