yakumo.izuru/yukari
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix #13

Browse Source 
git-svn-id: file:///srv/svn/repo/yukari/trunk@27 f3bd38d9-da89-464d-a02a-eb04e43141b5
This commit is contained in:
alex 2016-11-21 22:36:58 +00:00
parent 4752853978
commit afebd341aa
1 changed files with 14 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
morty.go
View File

@ -11,6 +11,7 @@ import (
"io"
"log"
"net/url"
"path"
"regexp"
"strings"
"time"
@ -30,7 +31,7 @@ var CLIENT *fasthttp.Client = &fasthttp.Client{
MaxResponseBodySize: 10 * 1024 * 1024, // 10M
}
var CSS_URL_REGEXP *regexp.Regexp = regexp.MustCompile("url\\((['\"]?)([\u0009\u0021\u0023-\u0026\u0028\u002a-\u007E]+)(['\"]?)\\)?")
var CSS_URL_REGEXP *regexp.Regexp = regexp.MustCompile("url\\((['\"]?)[ \\t\\f]*([\u0009\u0021\u0023-\u0026\u0028\u002a-\u007E]+)(['\"]?)\\)?")
var UNSAFE_ELEMENTS [][]byte = [][]byte{
[]byte("applet"),
@ -381,7 +382,7 @@ func sanitizeHTML(rc *RequestConfig, out io.Writer, htmlDoc []byte) {
for _, attr := range attrs {
if bytes.Equal(attr[0], []byte("action")) {
formURL, _ = url.Parse(string(attr[1]))
formURL = mergeURIs(rc.BaseURL, formURL)
mergeURIs(rc.BaseURL, formURL)
break
}
}
@ -525,15 +526,19 @@ func sanitizeAttr(rc *RequestConfig, out io.Writer, attrName, attrValue, escaped
}
}
func mergeURIs(u1, u2 *url.URL) (*url.URL) {
return u1.ResolveReference(u2)
func mergeURIs(u1, u2 *url.URL) {
if u2.Scheme == "" || u2.Scheme == "//" {
u2.Scheme = u1.Scheme
}
if u2.Host == "" && u1.Path != "" {
u2.Host = u1.Host
if len(u2.Path) == 0 || u2.Path[0] != '/' {
u2.Path = path.Join(u1.Path[:strings.LastIndexByte(u1.Path, byte('/'))], u2.Path)
}
}
}
func (rc *RequestConfig) ProxifyURI(uri string) (string, error) {
// remove javascript protocol
if strings.HasPrefix(uri, "javascript:") {
return "", nil
}
// TODO check malicious data: - e.g. data:script
if strings.HasPrefix(uri, "data:") {
return uri, nil
@ -547,7 +552,7 @@ func (rc *RequestConfig) ProxifyURI(uri string) (string, error) {
if err != nil {
return "", err
}
u = mergeURIs(rc.BaseURL, u)
mergeURIs(rc.BaseURL, u)
uri = u.String()