loop
/
alps
1
0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
A webmail client. Forked from https://git.sr.ht/~migadu/alps
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
226 Commits
1 Branch
708 KiB
 
 
 
 
Tree: b891a95fcf
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'b891a95fcf'
${ noResults }
alps/plugins/viewhtml/sanitize.go

238 lines
5.1 KiB
Raw Blame History 

  1. package alpsviewhtml

  2. 

  3. import (

  4. 	"bytes"

  5. 	"fmt"

  6. 	"net/url"

  7. 	"regexp"

  8. 	"strings"

  9. 

  10. 	alpsbase "git.sr.ht/~emersion/alps/plugins/base"

  11. 	"github.com/aymerick/douceur/css"

  12. 	cssparser "github.com/chris-ramon/douceur/parser"

  13. 	"github.com/microcosm-cc/bluemonday"

  14. 	"golang.org/x/net/html"

  15. )

  16. 

  17. // TODO: this doesn't accomodate for quoting

  18. var (

  19. 	cssURLRegexp  = regexp.MustCompile(`url\([^)]*\)`)

  20. 	cssExprRegexp = regexp.MustCompile(`expression\([^)]*\)`)

  21. )

  22. 

  23. var allowedStyles = map[string]bool{

  24. 	"direction":       true,

  25. 	"font":            true,

  26. 	"font-family":     true,

  27. 	"font-style":      true,

  28. 	"font-variant":    true,

  29. 	"font-size":       true,

  30. 	"font-weight":     true,

  31. 	"letter-spacing":  true,

  32. 	"line-height":     true,

  33. 	"text-align":      true,

  34. 	"text-decoration": true,

  35. 	"text-indent":     true,

  36. 	"text-overflow":   true,

  37. 	"text-shadow":     true,

  38. 	"text-transform":  true,

  39. 	"white-space":     true,

  40. 	"word-spacing":    true,

  41. 	"word-wrap":       true,

  42. 	"vertical-align":  true,

  43. 

  44. 	"color":             true,

  45. 	"background":        true,

  46. 	"background-color":  true,

  47. 	"background-image":  true,

  48. 	"background-repeat": true,

  49. 

  50. 	"border":        true,

  51. 	"border-color":  true,

  52. 	"border-radius": true,

  53. 	"height":        true,

  54. 	"margin":        true,

  55. 	"padding":       true,

  56. 	"width":         true,

  57. 	"max-width":     true,

  58. 	"min-width":     true,

  59. 

  60. 	"clear": true,

  61. 	"float": true,

  62. 

  63. 	"border-collapse": true,

  64. 	"border-spacing":  true,

  65. 	"caption-side":    true,

  66. 	"empty-cells":     true,

  67. 	"table-layout":    true,

  68. 

  69. 	"list-style-type":     true,

  70. 	"list-style-position": true,

  71. }

  72. 

  73. type sanitizer struct {

  74. 	msg                  *alpsbase.IMAPMessage

  75. 	allowRemoteResources bool

  76. 	hasRemoteResources   bool

  77. }

  78. 

  79. func (san *sanitizer) sanitizeImageURL(src string) string {

  80. 	u, err := url.Parse(src)

  81. 	if err != nil {

  82. 		return "about:blank"

  83. 	}

  84. 

  85. 	switch strings.ToLower(u.Scheme) {

  86. 	// TODO: mid support?

  87. 	case "cid":

  88. 		if san.msg == nil {

  89. 			return "about:blank"

  90. 		}

  91. 

  92. 		part := san.msg.PartByID(u.Opaque)

  93. 		if part == nil || !strings.HasPrefix(part.MIMEType, "image/") {

  94. 			return "about:blank"

  95. 		}

  96. 

  97. 		return part.URL(true).String()

  98. 	case "https":

  99. 		san.hasRemoteResources = true

  100. 

  101. 		if !proxyEnabled || !san.allowRemoteResources {

  102. 			return "about:blank"

  103. 		}

  104. 

  105. 		proxyURL := url.URL{Path: "/proxy"}

  106. 		proxyQuery := make(url.Values)

  107. 		proxyQuery.Set("src", u.String())

  108. 		proxyURL.RawQuery = proxyQuery.Encode()

  109. 		return proxyURL.String()

  110. 	default:

  111. 		return "about:blank"

  112. 	}

  113. }

  114. 

  115. func (san *sanitizer) sanitizeCSSDecls(decls []*css.Declaration) []*css.Declaration {

  116. 	sanitized := make([]*css.Declaration, 0, len(decls))

  117. 	for _, decl := range decls {

  118. 		if !allowedStyles[decl.Property] {

  119. 			continue

  120. 		}

  121. 		if cssExprRegexp.FindStringIndex(decl.Value) != nil {

  122. 			continue

  123. 		}

  124. 

  125. 		// TODO: more robust CSS declaration parsing

  126. 		decl.Value = cssURLRegexp.ReplaceAllString(decl.Value, "url(about:blank)")

  127. 

  128. 		sanitized = append(sanitized, decl)

  129. 	}

  130. 	return sanitized

  131. }

  132. 

  133. func (san *sanitizer) sanitizeCSSRule(rule *css.Rule) {

  134. 	// Disallow @import

  135. 	if rule.Kind == css.AtRule && strings.EqualFold(rule.Name, "@import") {

  136. 		rule.Prelude = "url(about:blank)"

  137. 	}

  138. 

  139. 	rule.Declarations = san.sanitizeCSSDecls(rule.Declarations)

  140. 

  141. 	for _, child := range rule.Rules {

  142. 		san.sanitizeCSSRule(child)

  143. 	}

  144. }

  145. 

  146. func (san *sanitizer) sanitizeNode(n *html.Node) {

  147. 	if n.Type == html.ElementNode {

  148. 		if strings.EqualFold(n.Data, "img") {

  149. 			for i := range n.Attr {

  150. 				attr := &n.Attr[i]

  151. 				if strings.EqualFold(attr.Key, "src") {

  152. 					attr.Val = san.sanitizeImageURL(attr.Val)

  153. 				}

  154. 			}

  155. 		} else if strings.EqualFold(n.Data, "style") {

  156. 			var s string

  157. 			c := n.FirstChild

  158. 			for c != nil {

  159. 				if c.Type == html.TextNode {

  160. 					s += c.Data

  161. 				}

  162. 

  163. 				next := c.NextSibling

  164. 				n.RemoveChild(c)

  165. 				c = next

  166. 			}

  167. 

  168. 			stylesheet, err := cssparser.Parse(s)

  169. 			if err != nil {

  170. 				s = ""

  171. 			} else {

  172. 				for _, rule := range stylesheet.Rules {

  173. 					san.sanitizeCSSRule(rule)

  174. 				}

  175. 

  176. 				s = stylesheet.String()

  177. 			}

  178. 

  179. 			n.AppendChild(&html.Node{

  180. 				Type: html.TextNode,

  181. 				Data: s,

  182. 			})

  183. 		}

  184. 

  185. 		for i := range n.Attr {

  186. 			// Don't use `i, attr := range n.Attr` since `attr` would be a copy

  187. 			attr := &n.Attr[i]

  188. 

  189. 			if strings.EqualFold(attr.Key, "style") {

  190. 				decls, err := cssparser.ParseDeclarations(attr.Val)

  191. 				if err != nil {

  192. 					attr.Val = ""

  193. 					continue

  194. 				}

  195. 

  196. 				decls = san.sanitizeCSSDecls(decls)

  197. 

  198. 				attr.Val = ""

  199. 				for _, d := range decls {

  200. 					attr.Val += d.String()

  201. 				}

  202. 			}

  203. 		}

  204. 	}

  205. 

  206. 	for c := n.FirstChild; c != nil; c = c.NextSibling {

  207. 		san.sanitizeNode(c)

  208. 	}

  209. }

  210. 

  211. func (san *sanitizer) sanitizeHTML(b []byte) ([]byte, error) {

  212. 	doc, err := html.Parse(bytes.NewReader(b))

  213. 	if err != nil {

  214. 		return nil, fmt.Errorf("failed to parse HTML: %v", err)

  215. 	}

  216. 

  217. 	san.sanitizeNode(doc)

  218. 

  219. 	var buf bytes.Buffer

  220. 	if err := html.Render(&buf, doc); err != nil {

  221. 		return nil, fmt.Errorf("failed to render HTML: %v", err)

  222. 	}

  223. 	b = buf.Bytes()

  224. 

  225. 	// bluemonday must always be run last

  226. 	p := bluemonday.UGCPolicy()

  227. 

  228. 	// TODO: use bluemonday's AllowStyles once it's released and

  229. 	// supports <style>

  230. 	p.AllowElements("style")

  231. 	p.AllowAttrs("style").Globally()

  232. 

  233. 	p.AddTargetBlankToFullyQualifiedLinks(true)

  234. 	p.RequireNoFollowOnLinks(true)

  235. 

  236. 	return p.SanitizeBytes(b), nil

  237. }