mirror of
https://codeberg.org/grunfink/snac2.git
synced 2024-11-25 06:25:04 +00:00
Be more aggressive in HTML sanitization.
This commit is contained in:
parent
2b590cd90d
commit
5ee9504b18
3 changed files with 55 additions and 1 deletions
51
format.c
51
format.c
|
@ -150,3 +150,54 @@ d_char *not_really_markdown(char *content, d_char **f_content)
|
||||||
|
|
||||||
return *f_content;
|
return *f_content;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
const char *valid_tags[] = {
|
||||||
|
"a", "p", "br", "img", "blockquote", "ul", "li", "span", NULL
|
||||||
|
};
|
||||||
|
|
||||||
|
d_char *sanitize(d_char *content)
|
||||||
|
/* cleans dangerous HTML output */
|
||||||
|
{
|
||||||
|
d_char *s = xs_str_new(NULL);
|
||||||
|
xs *sl;
|
||||||
|
int n = 0;
|
||||||
|
char *p, *v;
|
||||||
|
|
||||||
|
sl = xs_regex_split(content, "</?[^>]+>");
|
||||||
|
|
||||||
|
p = sl;
|
||||||
|
|
||||||
|
while (xs_list_iter(&p, &v)) {
|
||||||
|
if (n & 0x1) {
|
||||||
|
xs *s1 = xs_strip(xs_crop(xs_dup(v), v[1] == '/' ? 2 : 1, -1));
|
||||||
|
xs *l1 = xs_split_n(s1, " ", 1);
|
||||||
|
xs *tag = xs_tolower(xs_dup(xs_list_get(l1, 0)));
|
||||||
|
int i;
|
||||||
|
|
||||||
|
/* check if it's one of the valid tags */
|
||||||
|
for (i = 0; valid_tags[i]; i++) {
|
||||||
|
if (strcmp(tag, valid_tags[i]) == 0)
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (valid_tags[i]) {
|
||||||
|
/* accepted tag */
|
||||||
|
s = xs_str_cat(s, v);
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
/* bad tag */
|
||||||
|
xs *s2 = xs_replace(v, "<", "<");
|
||||||
|
s = xs_str_cat(s, s2);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
/* non-tag */
|
||||||
|
s = xs_str_cat(s, v);
|
||||||
|
}
|
||||||
|
|
||||||
|
n++;
|
||||||
|
}
|
||||||
|
|
||||||
|
return s;
|
||||||
|
}
|
||||||
|
|
3
html.c
3
html.c
|
@ -600,8 +600,9 @@ d_char *html_entry(snac *snac, d_char *os, char *msg, xs_set *seen, int local, i
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
xs *sc = sanitize(c);
|
||||||
|
|
||||||
s = xs_str_cat(s, c);
|
s = xs_str_cat(s, sc);
|
||||||
}
|
}
|
||||||
|
|
||||||
s = xs_str_cat(s, "\n");
|
s = xs_str_cat(s, "\n");
|
||||||
|
|
2
snac.h
2
snac.h
|
@ -134,6 +134,8 @@ int activitypub_post_handler(d_char *req, char *q_path,
|
||||||
char **body, int *b_size, char **ctype);
|
char **body, int *b_size, char **ctype);
|
||||||
|
|
||||||
d_char *not_really_markdown(char *content, d_char **f_content);
|
d_char *not_really_markdown(char *content, d_char **f_content);
|
||||||
|
d_char *sanitize(d_char *str);
|
||||||
|
|
||||||
int html_get_handler(d_char *req, char *q_path, char **body, int *b_size, char **ctype);
|
int html_get_handler(d_char *req, char *q_path, char **body, int *b_size, char **ctype);
|
||||||
int html_post_handler(d_char *req, char *q_path, d_char *payload, int p_size,
|
int html_post_handler(d_char *req, char *q_path, d_char *payload, int p_size,
|
||||||
char **body, int *b_size, char **ctype);
|
char **body, int *b_size, char **ctype);
|
||||||
|
|
Loading…
Reference in a new issue