switch to the new whitelist

2025-05-24 00:33:14 +00:00 · 2021-04-01 12:14:06 +01:00 · 2021-04-01 12:14:06 +01:00 · 1f02bde5e1
commit 1f02bde5e1
parent 3e0c784744
3 changed files with 8 additions and 261 deletions
--- a/src/content/sanitizer/sanitizer.go
+++ b/src/content/sanitizer/sanitizer.go
@ -157,24 +157,13 @@ func getExtraAttributes(tagName string) ([]string, []string) {
 }
 func isValidTag(tagName string) bool {
-	for element := range getTagAllowList() {
+	return allowedTags.has(tagName)
 		if tagName == element {
 			return true
 		}
 	}
 	return false
 }
 func isValidAttribute(tagName, attributeName string) bool {
-	for element, attributes := range getTagAllowList() {
+	if attrs, ok := allowedAttrs[tagName]; ok {
-		if tagName == element {
+		return attrs.has(attributeName)
 			if inList(attributeName, attributes) {
 				return true
 			}
 		}
 	}
 	return false
 }
@ -213,52 +202,8 @@ func hasRequiredAttributes(tagName string, attributes []string) bool {
 // See https://www.iana.org/assignments/uri-schemes/uri-schemes.xhtml
 func hasValidURIScheme(src string) bool {
-	whitelist := []string{
+	scheme := strings.SplitN(src, ":", 2)[0]
-		"apt:",
+	return allowedURISchemes.has(scheme)
 		"bitcoin:",
 		"callto:",
 		"dav:",
 		"davs:",
 		"ed2k://",
 		"facetime://",
 		"feed:",
 		"ftp://",
 		"geo:",
 		"gopher://",
 		"git://",
 		"http://",
 		"https://",
 		"irc://",
 		"irc6://",
 		"ircs://",
 		"itms://",
 		"itms-apps://",
 		"magnet:",
 		"mailto:",
 		"news:",
 		"nntp:",
 		"rtmp://",
 		"sip:",
 		"sips:",
 		"skype:",
 		"spotify:",
 		"ssh://",
 		"sftp://",
 		"steam://",
 		"svn://",
 		"svn+ssh://",
 		"tel:",
 		"webcal://",
 		"xmpp:",
 	}
 	for _, prefix := range whitelist {
 		if strings.HasPrefix(src, prefix) {
 			return true
 		}
 	}
 	return false
 }
 func isBlockedResource(src string) bool {
--- a/src/content/sanitizer/sanitizer_test.go
+++ b/src/content/sanitizer/sanitizer_test.go
@ -114,7 +114,7 @@ func TestProtocolRelativeURL(t *testing.T) {
 }
 func TestInvalidTag(t *testing.T) {
-	input := `<p>My invalid <b>tag</b>.</p>`
+	input := `<p>My invalid <wtf>tag</wtf>.</p>`
 	expected := `<p>My invalid tag.</p>`
 	output := Sanitize("http://example.org/", input)
@ -154,7 +154,7 @@ func TestUnknownTag(t *testing.T) {
 }
 func TestInvalidNestedTag(t *testing.T) {
-	input := `<p>My invalid <b>tag with some <em>valid</em> tag</b>.</p>`
+	input := `<p>My invalid <wtf>tag with some <em>valid</em> tag</wtf>.</p>`
 	expected := `<p>My invalid tag with some <em>valid</em> tag.</p>`
 	output := Sanitize("http://example.org/", input)
@ -193,92 +193,6 @@ func TestInvalidURLScheme(t *testing.T) {
 	}
 }
 func TestAPTURIScheme(t *testing.T) {
 	input := `<p>This link is <a href="apt:some-package?channel=test">valid</a></p>`
 	expected := `<p>This link is <a href="apt:some-package?channel=test" rel="noopener noreferrer" target="_blank" referrerpolicy="no-referrer">valid</a></p>`
 	output := Sanitize("http://example.org/", input)
 	if expected != output {
 		t.Errorf(`Wrong output: "%s" != "%s"`, expected, output)
 	}
 }
 func TestBitcoinURIScheme(t *testing.T) {
 	input := `<p>This link is <a href="bitcoin:175tWpb8K1S7NmH4Zx6rewF9WQrcZv245W">valid</a></p>`
 	expected := `<p>This link is <a href="bitcoin:175tWpb8K1S7NmH4Zx6rewF9WQrcZv245W" rel="noopener noreferrer" target="_blank" referrerpolicy="no-referrer">valid</a></p>`
 	output := Sanitize("http://example.org/", input)
 	if expected != output {
 		t.Errorf(`Wrong output: "%s" != "%s"`, expected, output)
 	}
 }
 func TestCallToURIScheme(t *testing.T) {
 	input := `<p>This link is <a href="callto:12345679">valid</a></p>`
 	expected := `<p>This link is <a href="callto:12345679" rel="noopener noreferrer" target="_blank" referrerpolicy="no-referrer">valid</a></p>`
 	output := Sanitize("http://example.org/", input)
 	if expected != output {
 		t.Errorf(`Wrong output: "%s" != "%s"`, expected, output)
 	}
 }
 func TestFeedURIScheme(t *testing.T) {
 	input := `<p>This link is <a href="feed://example.com/rss.xml">valid</a></p>`
 	expected := `<p>This link is <a href="feed://example.com/rss.xml" rel="noopener noreferrer" target="_blank" referrerpolicy="no-referrer">valid</a></p>`
 	output := Sanitize("http://example.org/", input)
 	if expected != output {
 		t.Errorf(`Wrong output: "%s" != "%s"`, expected, output)
 	}
 	input = `<p>This link is <a href="feed:https://example.com/rss.xml">valid</a></p>`
 	expected = `<p>This link is <a href="feed:https://example.com/rss.xml" rel="noopener noreferrer" target="_blank" referrerpolicy="no-referrer">valid</a></p>`
 	output = Sanitize("http://example.org/", input)
 	if expected != output {
 		t.Errorf(`Wrong output: "%s" != "%s"`, expected, output)
 	}
 }
 func TestGeoURIScheme(t *testing.T) {
 	input := `<p>This link is <a href="geo:13.4125,103.8667">valid</a></p>`
 	expected := `<p>This link is <a href="geo:13.4125,103.8667" rel="noopener noreferrer" target="_blank" referrerpolicy="no-referrer">valid</a></p>`
 	output := Sanitize("http://example.org/", input)
 	if expected != output {
 		t.Errorf(`Wrong output: "%s" != "%s"`, expected, output)
 	}
 }
 func TestItunesURIScheme(t *testing.T) {
 	input := `<p>This link is <a href="itms://itunes.com/apps/my-app-name">valid</a></p>`
 	expected := `<p>This link is <a href="itms://itunes.com/apps/my-app-name" rel="noopener noreferrer" target="_blank" referrerpolicy="no-referrer">valid</a></p>`
 	output := Sanitize("http://example.org/", input)
 	if expected != output {
 		t.Errorf(`Wrong output: "%s" != "%s"`, expected, output)
 	}
 	input = `<p>This link is <a href="itms-apps://itunes.com/apps/my-app-name">valid</a></p>`
 	expected = `<p>This link is <a href="itms-apps://itunes.com/apps/my-app-name" rel="noopener noreferrer" target="_blank" referrerpolicy="no-referrer">valid</a></p>`
 	output = Sanitize("http://example.org/", input)
 	if expected != output {
 		t.Errorf(`Wrong output: "%s" != "%s"`, expected, output)
 	}
 }
 func TestMagnetURIScheme(t *testing.T) {
 	input := `<p>This link is <a href="magnet:?xt.1=urn:sha1:YNCKHTQCWBTRNJIV4WNAE52SJUQCZO5C&amp;xt.2=urn:sha1:TXGCZQTH26NL6OUQAJJPFALHG2LTGBC7">valid</a></p>`
 	expected := `<p>This link is <a href="magnet:?xt.1=urn:sha1:YNCKHTQCWBTRNJIV4WNAE52SJUQCZO5C&amp;xt.2=urn:sha1:TXGCZQTH26NL6OUQAJJPFALHG2LTGBC7" rel="noopener noreferrer" target="_blank" referrerpolicy="no-referrer">valid</a></p>`
 	output := Sanitize("http://example.org/", input)
 	if expected != output {
 		t.Errorf(`Wrong output: "%s" != "%s"`, expected, output)
 	}
 }
 func TestMailtoURIScheme(t *testing.T) {
 	input := `<p>This link is <a href="mailto:jsmith@example.com?subject=A%20Test&amp;body=My%20idea%20is%3A%20%0A">valid</a></p>`
 	expected := `<p>This link is <a href="mailto:jsmith@example.com?subject=A%20Test&amp;body=My%20idea%20is%3A%20%0A" rel="noopener noreferrer" target="_blank" referrerpolicy="no-referrer">valid</a></p>`
@ -289,108 +203,6 @@ func TestMailtoURIScheme(t *testing.T) {
 	}
 }
 func TestNewsURIScheme(t *testing.T) {
 	input := `<p>This link is <a href="news://news.server.example/*">valid</a></p>`
 	expected := `<p>This link is <a href="news://news.server.example/*" rel="noopener noreferrer" target="_blank" referrerpolicy="no-referrer">valid</a></p>`
 	output := Sanitize("http://example.org/", input)
 	if expected != output {
 		t.Errorf(`Wrong output: "%s" != "%s"`, expected, output)
 	}
 	input = `<p>This link is <a href="news:example.group.this">valid</a></p>`
 	expected = `<p>This link is <a href="news:example.group.this" rel="noopener noreferrer" target="_blank" referrerpolicy="no-referrer">valid</a></p>`
 	output = Sanitize("http://example.org/", input)
 	if expected != output {
 		t.Errorf(`Wrong output: "%s" != "%s"`, expected, output)
 	}
 	input = `<p>This link is <a href="nntp://news.server.example/example.group.this">valid</a></p>`
 	expected = `<p>This link is <a href="nntp://news.server.example/example.group.this" rel="noopener noreferrer" target="_blank" referrerpolicy="no-referrer">valid</a></p>`
 	output = Sanitize("http://example.org/", input)
 	if expected != output {
 		t.Errorf(`Wrong output: "%s" != "%s"`, expected, output)
 	}
 }
 func TestRTMPURIScheme(t *testing.T) {
 	input := `<p>This link is <a href="rtmp://mycompany.com/vod/mp4:mycoolvideo.mov">valid</a></p>`
 	expected := `<p>This link is <a href="rtmp://mycompany.com/vod/mp4:mycoolvideo.mov" rel="noopener noreferrer" target="_blank" referrerpolicy="no-referrer">valid</a></p>`
 	output := Sanitize("http://example.org/", input)
 	if expected != output {
 		t.Errorf(`Wrong output: "%s" != "%s"`, expected, output)
 	}
 }
 func TestSIPURIScheme(t *testing.T) {
 	input := `<p>This link is <a href="sip:+1-212-555-1212:1234@gateway.com;user=phone">valid</a></p>`
 	expected := `<p>This link is <a href="sip:+1-212-555-1212:1234@gateway.com;user=phone" rel="noopener noreferrer" target="_blank" referrerpolicy="no-referrer">valid</a></p>`
 	output := Sanitize("http://example.org/", input)
 	if expected != output {
 		t.Errorf(`Wrong output: "%s" != "%s"`, expected, output)
 	}
 	input = `<p>This link is <a href="sips:alice@atlanta.com?subject=project%20x&amp;priority=urgent">valid</a></p>`
 	expected = `<p>This link is <a href="sips:alice@atlanta.com?subject=project%20x&amp;priority=urgent" rel="noopener noreferrer" target="_blank" referrerpolicy="no-referrer">valid</a></p>`
 	output = Sanitize("http://example.org/", input)
 	if expected != output {
 		t.Errorf(`Wrong output: "%s" != "%s"`, expected, output)
 	}
 }
 func TestSkypeURIScheme(t *testing.T) {
 	input := `<p>This link is <a href="skype:echo123?call">valid</a></p>`
 	expected := `<p>This link is <a href="skype:echo123?call" rel="noopener noreferrer" target="_blank" referrerpolicy="no-referrer">valid</a></p>`
 	output := Sanitize("http://example.org/", input)
 	if expected != output {
 		t.Errorf(`Wrong output: "%s" != "%s"`, expected, output)
 	}
 }
 func TestSpotifyURIScheme(t *testing.T) {
 	input := `<p>This link is <a href="spotify:track:2jCnn1QPQ3E8ExtLe6INsx">valid</a></p>`
 	expected := `<p>This link is <a href="spotify:track:2jCnn1QPQ3E8ExtLe6INsx" rel="noopener noreferrer" target="_blank" referrerpolicy="no-referrer">valid</a></p>`
 	output := Sanitize("http://example.org/", input)
 	if expected != output {
 		t.Errorf(`Wrong output: "%s" != "%s"`, expected, output)
 	}
 }
 func TestSteamURIScheme(t *testing.T) {
 	input := `<p>This link is <a href="steam://settings/account">valid</a></p>`
 	expected := `<p>This link is <a href="steam://settings/account" rel="noopener noreferrer" target="_blank" referrerpolicy="no-referrer">valid</a></p>`
 	output := Sanitize("http://example.org/", input)
 	if expected != output {
 		t.Errorf(`Wrong output: "%s" != "%s"`, expected, output)
 	}
 }
 func TestSubversionURIScheme(t *testing.T) {
 	input := `<p>This link is <a href="svn://example.org">valid</a></p>`
 	expected := `<p>This link is <a href="svn://example.org" rel="noopener noreferrer" target="_blank" referrerpolicy="no-referrer">valid</a></p>`
 	output := Sanitize("http://example.org/", input)
 	if expected != output {
 		t.Errorf(`Wrong output: "%s" != "%s"`, expected, output)
 	}
 	input = `<p>This link is <a href="svn+ssh://example.org">valid</a></p>`
 	expected = `<p>This link is <a href="svn+ssh://example.org" rel="noopener noreferrer" target="_blank" referrerpolicy="no-referrer">valid</a></p>`
 	output = Sanitize("http://example.org/", input)
 	if expected != output {
 		t.Errorf(`Wrong output: "%s" != "%s"`, expected, output)
 	}
 }
 func TestTelURIScheme(t *testing.T) {
 	input := `<p>This link is <a href="tel:+1-201-555-0123">valid</a></p>`
 	expected := `<p>This link is <a href="tel:+1-201-555-0123" rel="noopener noreferrer" target="_blank" referrerpolicy="no-referrer">valid</a></p>`
@ -401,16 +213,6 @@ func TestTelURIScheme(t *testing.T) {
 	}
 }
 func TestWebcalURIScheme(t *testing.T) {
 	input := `<p>This link is <a href="webcal://example.com/calendar.ics">valid</a></p>`
 	expected := `<p>This link is <a href="webcal://example.com/calendar.ics" rel="noopener noreferrer" target="_blank" referrerpolicy="no-referrer">valid</a></p>`
 	output := Sanitize("http://example.org/", input)
 	if expected != output {
 		t.Errorf(`Wrong output: "%s" != "%s"`, expected, output)
 	}
 }
 func TestXMPPURIScheme(t *testing.T) {
 	input := `<p>This link is <a href="xmpp:user@host?subscribe&amp;type=subscribed">valid</a></p>`
 	expected := `<p>This link is <a href="xmpp:user@host?subscribe&amp;type=subscribed" rel="noopener noreferrer" target="_blank" referrerpolicy="no-referrer">valid</a></p>`
--- a/src/content/sanitizer/whitelist.go
+++ b/src/content/sanitizer/whitelist.go
@ -76,6 +76,7 @@ var allowedTags = sset([]string{
 	"hr",
 	"html",
 	"i",
 	"iframe",
 	"img",
 	"input",
 	"ins",
@ -115,7 +116,6 @@ var allowedTags = sset([]string{
 	"span",
 	"strike",
 	"strong",
 	"style",
 	"sub",
 	"summary",
 	"sup",