Fossil SCM
Documentation improvements on the HTML safer. Only apply safe-html to Forum posts for the moment.
Commit
03ce4e70b62b93f42599d29c5ef995ef4902eb39c9753cbfd047a5daaf9a4faf
Parent
382f3731ee65dfd…
3 files changed
+1
-1
+3
-3
+36
-29
+1
-1
| --- src/doc.c | ||
| +++ src/doc.c | ||
| @@ -2,11 +2,11 @@ | ||
| 2 | 2 | ** Copyright (c) 2007 D. Richard Hipp |
| 3 | 3 | ** |
| 4 | 4 | ** This program is free software; you can redistribute it and/or |
| 5 | 5 | ** modify it under the terms of the Simplified BSD License (also |
| 6 | 6 | ** known as the "2-Clause License" or "FreeBSD License".) |
| 7 | - | |
| 7 | +** | |
| 8 | 8 | ** This program is distributed in the hope that it will be useful, |
| 9 | 9 | ** but without any warranty; without even the implied warranty of |
| 10 | 10 | ** merchantability or fitness for a particular purpose. |
| 11 | 11 | ** |
| 12 | 12 | ** Author contact information: |
| 13 | 13 |
| --- src/doc.c | |
| +++ src/doc.c | |
| @@ -2,11 +2,11 @@ | |
| 2 | ** Copyright (c) 2007 D. Richard Hipp |
| 3 | ** |
| 4 | ** This program is free software; you can redistribute it and/or |
| 5 | ** modify it under the terms of the Simplified BSD License (also |
| 6 | ** known as the "2-Clause License" or "FreeBSD License".) |
| 7 | |
| 8 | ** This program is distributed in the hope that it will be useful, |
| 9 | ** but without any warranty; without even the implied warranty of |
| 10 | ** merchantability or fitness for a particular purpose. |
| 11 | ** |
| 12 | ** Author contact information: |
| 13 |
| --- src/doc.c | |
| +++ src/doc.c | |
| @@ -2,11 +2,11 @@ | |
| 2 | ** Copyright (c) 2007 D. Richard Hipp |
| 3 | ** |
| 4 | ** This program is free software; you can redistribute it and/or |
| 5 | ** modify it under the terms of the Simplified BSD License (also |
| 6 | ** known as the "2-Clause License" or "FreeBSD License".) |
| 7 | ** |
| 8 | ** This program is distributed in the hope that it will be useful, |
| 9 | ** but without any warranty; without even the implied warranty of |
| 10 | ** merchantability or fitness for a particular purpose. |
| 11 | ** |
| 12 | ** Author contact information: |
| 13 |
+3
-3
| --- src/wiki.c | ||
| +++ src/wiki.c | ||
| @@ -561,11 +561,11 @@ | ||
| 561 | 561 | } |
| 562 | 562 | if( zBody[0]==0 ){ |
| 563 | 563 | @ <i>This page has been deleted</i> |
| 564 | 564 | }else{ |
| 565 | 565 | blob_init(&wiki, zBody, -1); |
| 566 | - wiki_render_by_mimetype(&wiki, zMimetype, WIKI_SAFE); | |
| 566 | + wiki_render_by_mimetype(&wiki, zMimetype, 0); | |
| 567 | 567 | blob_reset(&wiki); |
| 568 | 568 | } |
| 569 | 569 | attachment_list(zPageName, "<hr /><h2>Attachments:</h2><ul>"); |
| 570 | 570 | manifest_destroy(pWiki); |
| 571 | 571 | style_footer(); |
| @@ -748,11 +748,11 @@ | ||
| 748 | 748 | blob_append(&wiki, zBody, -1); |
| 749 | 749 | if( P("preview")!=0 ){ |
| 750 | 750 | havePreview = 1; |
| 751 | 751 | if( zBody[0] ){ |
| 752 | 752 | @ Preview:<hr /> |
| 753 | - wiki_render_by_mimetype(&wiki, zMimetype, WIKI_SAFE); | |
| 753 | + wiki_render_by_mimetype(&wiki, zMimetype, 0); | |
| 754 | 754 | @ <hr /> |
| 755 | 755 | blob_reset(&wiki); |
| 756 | 756 | } |
| 757 | 757 | } |
| 758 | 758 | for(n=2, z=zBody; z[0]; z++){ |
| @@ -1010,11 +1010,11 @@ | ||
| 1010 | 1010 | if( P("preview")!=0 ){ |
| 1011 | 1011 | Blob preview; |
| 1012 | 1012 | blob_zero(&preview); |
| 1013 | 1013 | appendRemark(&preview, zMimetype); |
| 1014 | 1014 | @ Preview:<hr /> |
| 1015 | - wiki_render_by_mimetype(&preview, zMimetype, WIKI_SAFE); | |
| 1015 | + wiki_render_by_mimetype(&preview, zMimetype, 0); | |
| 1016 | 1016 | @ <hr /> |
| 1017 | 1017 | blob_reset(&preview); |
| 1018 | 1018 | } |
| 1019 | 1019 | zUser = PD("u", g.zLogin); |
| 1020 | 1020 | form_begin(0, "%R/wikiappend"); |
| 1021 | 1021 |
| --- src/wiki.c | |
| +++ src/wiki.c | |
| @@ -561,11 +561,11 @@ | |
| 561 | } |
| 562 | if( zBody[0]==0 ){ |
| 563 | @ <i>This page has been deleted</i> |
| 564 | }else{ |
| 565 | blob_init(&wiki, zBody, -1); |
| 566 | wiki_render_by_mimetype(&wiki, zMimetype, WIKI_SAFE); |
| 567 | blob_reset(&wiki); |
| 568 | } |
| 569 | attachment_list(zPageName, "<hr /><h2>Attachments:</h2><ul>"); |
| 570 | manifest_destroy(pWiki); |
| 571 | style_footer(); |
| @@ -748,11 +748,11 @@ | |
| 748 | blob_append(&wiki, zBody, -1); |
| 749 | if( P("preview")!=0 ){ |
| 750 | havePreview = 1; |
| 751 | if( zBody[0] ){ |
| 752 | @ Preview:<hr /> |
| 753 | wiki_render_by_mimetype(&wiki, zMimetype, WIKI_SAFE); |
| 754 | @ <hr /> |
| 755 | blob_reset(&wiki); |
| 756 | } |
| 757 | } |
| 758 | for(n=2, z=zBody; z[0]; z++){ |
| @@ -1010,11 +1010,11 @@ | |
| 1010 | if( P("preview")!=0 ){ |
| 1011 | Blob preview; |
| 1012 | blob_zero(&preview); |
| 1013 | appendRemark(&preview, zMimetype); |
| 1014 | @ Preview:<hr /> |
| 1015 | wiki_render_by_mimetype(&preview, zMimetype, WIKI_SAFE); |
| 1016 | @ <hr /> |
| 1017 | blob_reset(&preview); |
| 1018 | } |
| 1019 | zUser = PD("u", g.zLogin); |
| 1020 | form_begin(0, "%R/wikiappend"); |
| 1021 |
| --- src/wiki.c | |
| +++ src/wiki.c | |
| @@ -561,11 +561,11 @@ | |
| 561 | } |
| 562 | if( zBody[0]==0 ){ |
| 563 | @ <i>This page has been deleted</i> |
| 564 | }else{ |
| 565 | blob_init(&wiki, zBody, -1); |
| 566 | wiki_render_by_mimetype(&wiki, zMimetype, 0); |
| 567 | blob_reset(&wiki); |
| 568 | } |
| 569 | attachment_list(zPageName, "<hr /><h2>Attachments:</h2><ul>"); |
| 570 | manifest_destroy(pWiki); |
| 571 | style_footer(); |
| @@ -748,11 +748,11 @@ | |
| 748 | blob_append(&wiki, zBody, -1); |
| 749 | if( P("preview")!=0 ){ |
| 750 | havePreview = 1; |
| 751 | if( zBody[0] ){ |
| 752 | @ Preview:<hr /> |
| 753 | wiki_render_by_mimetype(&wiki, zMimetype, 0); |
| 754 | @ <hr /> |
| 755 | blob_reset(&wiki); |
| 756 | } |
| 757 | } |
| 758 | for(n=2, z=zBody; z[0]; z++){ |
| @@ -1010,11 +1010,11 @@ | |
| 1010 | if( P("preview")!=0 ){ |
| 1011 | Blob preview; |
| 1012 | blob_zero(&preview); |
| 1013 | appendRemark(&preview, zMimetype); |
| 1014 | @ Preview:<hr /> |
| 1015 | wiki_render_by_mimetype(&preview, zMimetype, 0); |
| 1016 | @ <hr /> |
| 1017 | blob_reset(&preview); |
| 1018 | } |
| 1019 | zUser = PD("u", g.zLogin); |
| 1020 | form_begin(0, "%R/wikiappend"); |
| 1021 |
+36
-29
| --- src/wikiformat.c | ||
| +++ src/wikiformat.c | ||
| @@ -2508,37 +2508,20 @@ | ||
| 2508 | 2508 | } |
| 2509 | 2509 | }while( e!=eEnd && p->n>0 ); |
| 2510 | 2510 | } |
| 2511 | 2511 | |
| 2512 | 2512 | /* |
| 2513 | -** Append HTML text to a Blob object. | |
| 2514 | -** | |
| 2515 | -** If safe-html is enabled then the appended text is modified | |
| 2516 | -** changed in the following ways: | |
| 2517 | -** | |
| 2518 | -** 1. Omit any elements that are not on the AllowedMarkup list. | |
| 2519 | -** | |
| 2520 | -** 2. Omit any attributes that are not on the AllowedMarkup list. | |
| 2521 | -** | |
| 2522 | -** 3. Omit any surplus close-tags. | |
| 2523 | -** | |
| 2524 | -** 4. Insert additional close-tags as necessary so that any | |
| 2525 | -** tag in the input that needs a close-tag has one. | |
| 2526 | -** | |
| 2527 | -** This modifications are intended to make the generated HTML safe | |
| 2528 | -** to be embedded in a larger HTML document, such that the embedded | |
| 2529 | -** HTML has no influence on the formatting and operation of the | |
| 2530 | -** larger document. | |
| 2531 | -** | |
| 2532 | -** When safe-html is eanbled, the input to this routine must be writable. | |
| 2513 | +** Append a safe translation of HTML text to a Blob object. | |
| 2514 | +** | |
| 2515 | +** Restriction: The input to this routine must be writable. | |
| 2533 | 2516 | * Temporary changes may be made to the input, but the input is restored |
| 2534 | 2517 | ** to its original state prior to returning. If zHtml[nHtml] is not a |
| 2535 | 2518 | ** zero character, then a zero might be written in that position |
| 2536 | 2519 | ** temporarily, but that slot will also be restored before this routine |
| 2537 | 2520 | ** returns. |
| 2538 | 2521 | */ |
| 2539 | -void safe_html_append(Blob *pBlob, char *zHtml, int nHtml){ | |
| 2522 | +static void safe_html_append(Blob *pBlob, char *zHtml, int nHtml){ | |
| 2540 | 2523 | char cLast; |
| 2541 | 2524 | int i, j, n; |
| 2542 | 2525 | HtmlTagStack s; |
| 2543 | 2526 | ParsedMarkup markup; |
| 2544 | 2527 | |
| @@ -2588,21 +2571,45 @@ | ||
| 2588 | 2571 | html_tagstack_clear(&s); |
| 2589 | 2572 | zHtml[nHtml] = cLast; |
| 2590 | 2573 | } |
| 2591 | 2574 | |
| 2592 | 2575 | /* |
| 2593 | -** The input blob consists of HTML. Convert it into "safe HTML". Safe | |
| 2594 | -** HTML has no potentially disruptive elements (ex: <script>, <style>) | |
| 2595 | -** and it is embeddable, meaning that it won't close any outer elements | |
| 2596 | -** from the script in which it is embedded, nor will it leave any open | |
| 2597 | -** elements to affect the tail of the outer script. | |
| 2576 | +** The input blob contains HTML. If safe-html is enabled, then | |
| 2577 | +** convert the input into "safe HTML". The following modifications | |
| 2578 | +** are made: | |
| 2579 | +** | |
| 2580 | +** 1. Remove any elements that are not on the AllowedMarkup list. | |
| 2581 | +** (ex: <script>, <form>, etc.) | |
| 2582 | +** | |
| 2583 | +** 2. Remove any attributes that are not on the AllowedMarkup list. | |
| 2584 | +** (ex: onload=, id=, etc.) | |
| 2585 | +** | |
| 2586 | +** 3. Omit any surplus close-tags. This prevents the script from | |
| 2587 | +** terminating an <div> or similar in the outer context. | |
| 2588 | +** | |
| 2589 | +** 4. Insert additional close-tags as necessary so that any | |
| 2590 | +** tag in the input that needs a close-tag has one. This | |
| 2591 | +** prevents tags in the embedded script from affecting the | |
| 2592 | +** display of content that follows this script in the enclosing | |
| 2593 | +** context. | |
| 2594 | +** | |
| 2595 | +** This modifications are intended to make the generated HTML safe | |
| 2596 | +** to be embedded in a larger HTML document, such that the embedded | |
| 2597 | +** HTML has no influence on the formatting and operation of the | |
| 2598 | +** larger document. | |
| 2599 | +** | |
| 2600 | +** If safe-html is disabled, then this routine is a no-op. | |
| 2598 | 2601 | */ |
| 2599 | 2602 | void safe_html(Blob *in){ |
| 2600 | - Blob out; | |
| 2601 | - char *z = blob_str(in); | |
| 2602 | - int n = blob_size(in); | |
| 2603 | + Blob out; /* Holding area for the revised text during construction */ | |
| 2604 | + char *z; /* Original input text */ | |
| 2605 | + int n; /* Number of bytes in the original input text */ | |
| 2603 | 2606 | int k; |
| 2607 | + | |
| 2608 | + /* if( safeHtml==0 ) return; TBD: Always used at this time */ | |
| 2609 | + z = blob_str(in); | |
| 2610 | + n = blob_size(in); | |
| 2604 | 2611 | blob_init(&out, 0, 0); |
| 2605 | 2612 | while( fossil_isspace(z[0]) ){ z++; n--; } |
| 2606 | 2613 | for(k=n-1; k>5 && fossil_isspace(z[k]); k--){} |
| 2607 | 2614 | |
| 2608 | 2615 | if( fossil_strnicmp(z, "<div",4)==0 && !fossil_isalpha(z[4]) |
| 2609 | 2616 |
| --- src/wikiformat.c | |
| +++ src/wikiformat.c | |
| @@ -2508,37 +2508,20 @@ | |
| 2508 | } |
| 2509 | }while( e!=eEnd && p->n>0 ); |
| 2510 | } |
| 2511 | |
| 2512 | /* |
| 2513 | ** Append HTML text to a Blob object. |
| 2514 | ** |
| 2515 | ** If safe-html is enabled then the appended text is modified |
| 2516 | ** changed in the following ways: |
| 2517 | ** |
| 2518 | ** 1. Omit any elements that are not on the AllowedMarkup list. |
| 2519 | ** |
| 2520 | ** 2. Omit any attributes that are not on the AllowedMarkup list. |
| 2521 | ** |
| 2522 | ** 3. Omit any surplus close-tags. |
| 2523 | ** |
| 2524 | ** 4. Insert additional close-tags as necessary so that any |
| 2525 | ** tag in the input that needs a close-tag has one. |
| 2526 | ** |
| 2527 | ** This modifications are intended to make the generated HTML safe |
| 2528 | ** to be embedded in a larger HTML document, such that the embedded |
| 2529 | ** HTML has no influence on the formatting and operation of the |
| 2530 | ** larger document. |
| 2531 | ** |
| 2532 | ** When safe-html is eanbled, the input to this routine must be writable. |
| 2533 | * Temporary changes may be made to the input, but the input is restored |
| 2534 | ** to its original state prior to returning. If zHtml[nHtml] is not a |
| 2535 | ** zero character, then a zero might be written in that position |
| 2536 | ** temporarily, but that slot will also be restored before this routine |
| 2537 | ** returns. |
| 2538 | */ |
| 2539 | void safe_html_append(Blob *pBlob, char *zHtml, int nHtml){ |
| 2540 | char cLast; |
| 2541 | int i, j, n; |
| 2542 | HtmlTagStack s; |
| 2543 | ParsedMarkup markup; |
| 2544 | |
| @@ -2588,21 +2571,45 @@ | |
| 2588 | html_tagstack_clear(&s); |
| 2589 | zHtml[nHtml] = cLast; |
| 2590 | } |
| 2591 | |
| 2592 | /* |
| 2593 | ** The input blob consists of HTML. Convert it into "safe HTML". Safe |
| 2594 | ** HTML has no potentially disruptive elements (ex: <script>, <style>) |
| 2595 | ** and it is embeddable, meaning that it won't close any outer elements |
| 2596 | ** from the script in which it is embedded, nor will it leave any open |
| 2597 | ** elements to affect the tail of the outer script. |
| 2598 | */ |
| 2599 | void safe_html(Blob *in){ |
| 2600 | Blob out; |
| 2601 | char *z = blob_str(in); |
| 2602 | int n = blob_size(in); |
| 2603 | int k; |
| 2604 | blob_init(&out, 0, 0); |
| 2605 | while( fossil_isspace(z[0]) ){ z++; n--; } |
| 2606 | for(k=n-1; k>5 && fossil_isspace(z[k]); k--){} |
| 2607 | |
| 2608 | if( fossil_strnicmp(z, "<div",4)==0 && !fossil_isalpha(z[4]) |
| 2609 |
| --- src/wikiformat.c | |
| +++ src/wikiformat.c | |
| @@ -2508,37 +2508,20 @@ | |
| 2508 | } |
| 2509 | }while( e!=eEnd && p->n>0 ); |
| 2510 | } |
| 2511 | |
| 2512 | /* |
| 2513 | ** Append a safe translation of HTML text to a Blob object. |
| 2514 | ** |
| 2515 | ** Restriction: The input to this routine must be writable. |
| 2516 | * Temporary changes may be made to the input, but the input is restored |
| 2517 | ** to its original state prior to returning. If zHtml[nHtml] is not a |
| 2518 | ** zero character, then a zero might be written in that position |
| 2519 | ** temporarily, but that slot will also be restored before this routine |
| 2520 | ** returns. |
| 2521 | */ |
| 2522 | static void safe_html_append(Blob *pBlob, char *zHtml, int nHtml){ |
| 2523 | char cLast; |
| 2524 | int i, j, n; |
| 2525 | HtmlTagStack s; |
| 2526 | ParsedMarkup markup; |
| 2527 | |
| @@ -2588,21 +2571,45 @@ | |
| 2571 | html_tagstack_clear(&s); |
| 2572 | zHtml[nHtml] = cLast; |
| 2573 | } |
| 2574 | |
| 2575 | /* |
| 2576 | ** The input blob contains HTML. If safe-html is enabled, then |
| 2577 | ** convert the input into "safe HTML". The following modifications |
| 2578 | ** are made: |
| 2579 | ** |
| 2580 | ** 1. Remove any elements that are not on the AllowedMarkup list. |
| 2581 | ** (ex: <script>, <form>, etc.) |
| 2582 | ** |
| 2583 | ** 2. Remove any attributes that are not on the AllowedMarkup list. |
| 2584 | ** (ex: onload=, id=, etc.) |
| 2585 | ** |
| 2586 | ** 3. Omit any surplus close-tags. This prevents the script from |
| 2587 | ** terminating an <div> or similar in the outer context. |
| 2588 | ** |
| 2589 | ** 4. Insert additional close-tags as necessary so that any |
| 2590 | ** tag in the input that needs a close-tag has one. This |
| 2591 | ** prevents tags in the embedded script from affecting the |
| 2592 | ** display of content that follows this script in the enclosing |
| 2593 | ** context. |
| 2594 | ** |
| 2595 | ** This modifications are intended to make the generated HTML safe |
| 2596 | ** to be embedded in a larger HTML document, such that the embedded |
| 2597 | ** HTML has no influence on the formatting and operation of the |
| 2598 | ** larger document. |
| 2599 | ** |
| 2600 | ** If safe-html is disabled, then this routine is a no-op. |
| 2601 | */ |
| 2602 | void safe_html(Blob *in){ |
| 2603 | Blob out; /* Holding area for the revised text during construction */ |
| 2604 | char *z; /* Original input text */ |
| 2605 | int n; /* Number of bytes in the original input text */ |
| 2606 | int k; |
| 2607 | |
| 2608 | /* if( safeHtml==0 ) return; TBD: Always used at this time */ |
| 2609 | z = blob_str(in); |
| 2610 | n = blob_size(in); |
| 2611 | blob_init(&out, 0, 0); |
| 2612 | while( fossil_isspace(z[0]) ){ z++; n--; } |
| 2613 | for(k=n-1; k>5 && fossil_isspace(z[k]); k--){} |
| 2614 | |
| 2615 | if( fossil_strnicmp(z, "<div",4)==0 && !fossil_isalpha(z[4]) |
| 2616 |