Fix #13

git-svn-id: file:///srv/svn/repo/yukari/trunk@27 f3bd38d9-da89-464d-a02a-eb04e43141b5

morty.go

@@ -11,6 +11,7 @@ import (
 	"io"
 	"log"
 	"net/url"
+	"path"
 	"regexp"
 	"strings"
 	"time"
@@ -30,7 +31,7 @@ var CLIENT *fasthttp.Client = &fasthttp.Client{
 	MaxResponseBodySize: 10 * 1024 * 1024, // 10M
 }
 
-var CSS_URL_REGEXP *regexp.Regexp = regexp.MustCompile("url\\((['\"]?)([\u0009\u0021\u0023-\u0026\u0028\u002a-\u007E]+)(['\"]?)\\)?")
+var CSS_URL_REGEXP *regexp.Regexp = regexp.MustCompile("url\\((['\"]?)[ \\t\\f]*([\u0009\u0021\u0023-\u0026\u0028\u002a-\u007E]+)(['\"]?)\\)?")
 
 var UNSAFE_ELEMENTS [][]byte = [][]byte{
 	[]byte("applet"),
@@ -381,7 +382,7 @@ func sanitizeHTML(rc *RequestConfig, out io.Writer, htmlDoc []byte) {
 					for _, attr := range attrs {
 						if bytes.Equal(attr[0], []byte("action")) {
 							formURL, _ = url.Parse(string(attr[1]))
-							formURL = mergeURIs(rc.BaseURL, formURL)
+							mergeURIs(rc.BaseURL, formURL)
 							break
 						}
 					}
@@ -525,15 +526,19 @@ func sanitizeAttr(rc *RequestConfig, out io.Writer, attrName, attrValue, escaped
 	}
 }
 
-func mergeURIs(u1, u2 *url.URL) (*url.URL) {
+func mergeURIs(u1, u2 *url.URL) {
-	return u1.ResolveReference(u2)
+	if u2.Scheme == "" || u2.Scheme == "//" {
+		u2.Scheme = u1.Scheme
+	}
+	if u2.Host == "" && u1.Path != "" {
+		u2.Host = u1.Host
+		if len(u2.Path) == 0 || u2.Path[0] != '/' {
+			u2.Path = path.Join(u1.Path[:strings.LastIndexByte(u1.Path, byte('/'))], u2.Path)
+		}
+	}
 }
 
 func (rc *RequestConfig) ProxifyURI(uri string) (string, error) {
-	// remove javascript protocol
-	if strings.HasPrefix(uri, "javascript:") {
-		return "", nil
-	}
 	// TODO check malicious data: - e.g. data:script
 	if strings.HasPrefix(uri, "data:") {
 		return uri, nil
@@ -547,7 +552,7 @@ func (rc *RequestConfig) ProxifyURI(uri string) (string, error) {
 	if err != nil {
 		return "", err
 	}
-	u = mergeURIs(rc.BaseURL, u)
+	mergeURIs(rc.BaseURL, u)
 
 	uri = u.String()