diff --git a/morty.go b/morty.go
index 942dc7a..5df2a93 100644
--- a/morty.go
+++ b/morty.go
@@ -38,7 +38,9 @@ var UNSAFE_ELEMENTS [][]byte = [][]byte{
[]byte("canvas"),
[]byte("embed"),
//[]byte("iframe"),
+ []byte("math"),
[]byte("script"),
+ []byte("svg"),
}
var SAFE_ATTRIBUTES [][]byte = [][]byte{
@@ -58,6 +60,7 @@ var SAFE_ATTRIBUTES [][]byte = [][]byte{
[]byte("for"),
[]byte("height"),
[]byte("hidden"),
+ []byte("hreflang"),
[]byte("id"),
[]byte("lang"),
[]byte("media"),
@@ -95,6 +98,37 @@ var SELF_CLOSING_ELEMENTS [][]byte = [][]byte{
[]byte("wbr"),
}
+var LINK_REL_SAFE_VALUES [][]byte = [][]byte{
+ []byte("alternate"),
+ []byte("archives"),
+ []byte("author"),
+ []byte("copyright"),
+ []byte("first"),
+ []byte("help"),
+ []byte("icon"),
+ []byte("index"),
+ []byte("last"),
+ []byte("license"),
+ []byte("manifest"),
+ []byte("next"),
+ []byte("pingback"),
+ []byte("prev"),
+ []byte("publisher"),
+ []byte("search"),
+ []byte("shortcut icon"),
+ []byte("stylesheet"),
+ []byte("up"),
+}
+
+var LINK_HTTP_EQUIV_SAFE_VALUES [][]byte = [][]byte{
+ // X-UA-Compatible will be added automaticaly, so it can be skipped
+ []byte("date"),
+ []byte("last-modified"),
+ []byte("refresh"), // URL rewrite
+ // []byte("location"), TODO URL rewrite
+ []byte("content-language"),
+}
+
type Proxy struct {
Key []byte
RequestTimeout time.Duration
@@ -123,7 +157,9 @@ input[type=checkbox]#mortytoggle:checked ~ div { display: none; }
`
-var HTML_META_CONTENT_TYPE string = ""
+var HTML_HEAD_CONTENT_TYPE string = `
+
+`
func (p *Proxy) RequestHandler(ctx *fasthttp.RequestCtx) {
@@ -166,11 +202,18 @@ func (p *Proxy) RequestHandler(ctx *fasthttp.RequestCtx) {
defer fasthttp.ReleaseRequest(req)
req.SetConnectionClose()
- requestURIStr := string(requestURI)
+ reqQuery := parsedURI.Query()
+ ctx.QueryArgs().VisitAll(func(key, value []byte) {
+ reqQuery.Add(string(key), string(value))
+ })
- log.Println("getting", requestURIStr)
+ parsedURI.RawQuery = reqQuery.Encode()
- req.SetRequestURI(requestURIStr)
+ uriStr := parsedURI.String()
+
+ log.Println("getting", uriStr)
+
+ req.SetRequestURI(uriStr)
req.Header.SetUserAgentBytes([]byte("Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.143 Safari/537.36"))
resp := fasthttp.AcquireResponse()
@@ -209,7 +252,7 @@ func (p *Proxy) RequestHandler(ctx *fasthttp.RequestCtx) {
}
}
}
- error_message := fmt.Sprintf("invalid response: %d (%s)", resp.StatusCode(), requestURIStr)
+ error_message := fmt.Sprintf("invalid response: %d", resp.StatusCode())
p.serveMainPage(ctx, resp.StatusCode(), errors.New(error_message))
return
}
@@ -408,7 +451,7 @@ func sanitizeHTML(rc *RequestConfig, out io.Writer, htmlDoc []byte) {
}
if bytes.Equal(tag, []byte("head")) {
- fmt.Fprintf(out, HTML_META_CONTENT_TYPE)
+ fmt.Fprintf(out, HTML_HEAD_CONTENT_TYPE)
}
if bytes.Equal(tag, []byte("form")) {
@@ -486,7 +529,7 @@ func sanitizeLinkTag(rc *RequestConfig, out io.Writer, attrs [][][]byte) {
attrName := attr[0]
attrValue := attr[1]
if bytes.Equal(attrName, []byte("rel")) {
- if bytes.Equal(attrValue, []byte("dns-prefetch")) {
+ if !inArray(attrValue, LINK_REL_SAFE_VALUES) {
exclude = true
break
}
@@ -517,6 +560,10 @@ func sanitizeMetaTag(rc *RequestConfig, out io.Writer, attrs [][][]byte) {
attrValue := attr[1]
if bytes.Equal(attrName, []byte("http-equiv")) {
http_equiv = bytes.ToLower(attrValue)
+ // exclude some
+ if !inArray(http_equiv, LINK_HTTP_EQUIV_SAFE_VALUES) {
+ return
+ }
}
if bytes.Equal(attrName, []byte("content")) {
content = attrValue
@@ -527,10 +574,6 @@ func sanitizeMetaTag(rc *RequestConfig, out io.Writer, attrs [][][]byte) {
}
}
- if bytes.Equal(http_equiv, []byte("content-type")) {
- return
- }
-
out.Write([]byte(" 0 {
+ fmt.Fprintf(out, ` http-equiv="%s"`, http_equiv)
+ }
sanitizeAttrs(rc, out, attrs)
}
out.Write([]byte(">"))
@@ -605,7 +651,6 @@ func (rc *RequestConfig) ProxifyURI(uri string) (string, error) {
if rc.Key == nil {
return fmt.Sprintf("./?mortyurl=%s", url.QueryEscape(uri)), nil
}
-
return fmt.Sprintf("./?mortyhash=%s&mortyurl=%s", hash(uri, rc.Key), url.QueryEscape(uri)), nil
}