diff options
| author | John MacFarlane <jgm@berkeley.edu> | 2015-07-13 09:21:35 -0700 |
|---|---|---|
| committer | John MacFarlane <jgm@berkeley.edu> | 2015-07-13 10:15:55 -0700 |
| commit | ac39623d667999cfae1444b46508a9a423b0df1b (patch) | |
| tree | 40579cea4365b373fdc2831c2e43c2288671d028 /src/html.c | |
| parent | 6dcd2beafdfbc9f694916bcdfa822b896aa44177 (diff) | |
Added `CMARK_OPT_SAFE` option and `--safe` command-line flag.
* Added `CMARK_OPT_SAFE`. This option disables rendering of raw HTML
and potentially dangerous links.
* Added `--safe` option in command-line program.
* Updated `cmark.3` man page.
* Added `scan_dangerous_url` to scanners.
* In HTML, suppress rendering of raw HTML and potentially dangerous
links if `CMARK_OPT_SAFE`. Dangerous URLs are those that begin
with `javascript:`, `vbscript:`, `file:`, or `data:` (except for
`image/png`, `image/gif`, `image/jpeg`, or `image/webp` mime types).
* Added `api_test` for `OPT_CMARK_SAFE`.
* Rewrote `README.md` on security.
Diffstat (limited to 'src/html.c')
| -rw-r--r-- | src/html.c | 38 |
1 files changed, 29 insertions, 9 deletions
@@ -8,6 +8,7 @@ #include "node.h" #include "buffer.h" #include "houdini.h" +#include "scanners.h" // Functions to convert cmark_nodes to HTML strings. @@ -174,7 +175,13 @@ S_render_node(cmark_node *node, cmark_event_type ev_type, case CMARK_NODE_HTML: cr(html); - cmark_strbuf_put(html, node->as.literal.data, node->as.literal.len); + if (options & CMARK_OPT_SAFE) { + cmark_strbuf_puts(html, "<!-- raw HTML omitted -->"); + } else { + cmark_strbuf_put(html, node->as.literal.data, + node->as.literal.len); + } + cr(html); break; case CMARK_NODE_HRULE: @@ -228,7 +235,12 @@ S_render_node(cmark_node *node, cmark_event_type ev_type, break; case CMARK_NODE_INLINE_HTML: - cmark_strbuf_put(html, node->as.literal.data, node->as.literal.len); + if (options & CMARK_OPT_SAFE) { + cmark_strbuf_puts(html, "<!-- raw HTML omitted -->"); + } else { + cmark_strbuf_put(html, node->as.literal.data, + node->as.literal.len); + } break; case CMARK_NODE_STRONG: @@ -250,15 +262,19 @@ S_render_node(cmark_node *node, cmark_event_type ev_type, case CMARK_NODE_LINK: if (entering) { cmark_strbuf_puts(html, "<a href=\""); - houdini_escape_href(html, node->as.link.url.data, - node->as.link.url.len); + if (!((options & CMARK_OPT_SAFE) && + scan_dangerous_url(&node->as.link.url, 0))) { + houdini_escape_href(html, + node->as.link.url.data, + node->as.link.url.len); + } if (node->as.link.title.len) { cmark_strbuf_puts(html, "\" title=\""); - escape_html(html, node->as.link.title.data, - node->as.link.title.len); + escape_html(html, + node->as.link.title.data, + node->as.link.title.len); } - cmark_strbuf_puts(html, "\">"); } else { cmark_strbuf_puts(html, "</a>"); @@ -268,9 +284,13 @@ S_render_node(cmark_node *node, cmark_event_type ev_type, case CMARK_NODE_IMAGE: if (entering) { cmark_strbuf_puts(html, "<img src=\""); - houdini_escape_href(html, node->as.link.url.data, - node->as.link.url.len); + if (!((options & CMARK_OPT_SAFE) && + scan_dangerous_url(&node->as.link.url, 0))) { + houdini_escape_href(html, + node->as.link.url.data, + node->as.link.url.len); + } cmark_strbuf_puts(html, "\" alt=\""); state->plain = node; } else { |