summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorGravatar default2022-11-16 16:53:59 +0100
committerGravatar default2022-11-16 16:53:59 +0100
commitbdc689e594c535e95c8809cd16988a706c3b56d3 (patch)
tree2ec775ddcc3ecbf78cd0c56ba727ea3bdd6a6f19
parentCall sanitize() as soon as possible. (diff)
downloadpenes-snac2-bdc689e594c535e95c8809cd16988a706c3b56d3.tar.gz
penes-snac2-bdc689e594c535e95c8809cd16988a706c3b56d3.tar.xz
penes-snac2-bdc689e594c535e95c8809cd16988a706c3b56d3.zip
In sanitize(), rebuild the accepted tags with only the accepted attributes.
Diffstat
-rw-r--r--format.c15
1 files changed, 10 insertions, 5 deletions
diff --git a/format.c b/format.c
index 80e62d1..07a9b5d 100644
--- a/format.c
+++ b/format.c
@@ -185,6 +185,7 @@ d_char *sanitize(const char *content)
185 xs *s1 = xs_strip(xs_crop(xs_dup(v), v[1] == '/' ? 2 : 1, -1)); 185 xs *s1 = xs_strip(xs_crop(xs_dup(v), v[1] == '/' ? 2 : 1, -1));
186 xs *l1 = xs_split_n(s1, " ", 1); 186 xs *l1 = xs_split_n(s1, " ", 1);
187 xs *tag = xs_tolower(xs_dup(xs_list_get(l1, 0))); 187 xs *tag = xs_tolower(xs_dup(xs_list_get(l1, 0)));
188 xs *s2 = NULL;
188 int i; 189 int i;
189 190
190 /* check if it's one of the valid tags */ 191 /* check if it's one of the valid tags */
@@ -194,14 +195,18 @@ d_char *sanitize(const char *content)
194 } 195 }
195 196
196 if (valid_tags[i]) { 197 if (valid_tags[i]) {
197 /* accepted tag */ 198 /* accepted tag: rebuild it with only the accepted elements */
198 s = xs_str_cat(s, v); 199 xs *el = xs_regex_match(v, "(href|rel|class|target)=\"[^\"]*\"");
200 xs *s3 = xs_join(el, " ");
201
202 s2 = xs_fmt("<%s%s %s>", v[1] == '/' ? "/" : "", tag, s3);
199 } 203 }
200 else { 204 else {
201 /* bad tag */ 205 /* bad tag: escape it */
202 xs *s2 = xs_replace(v, "<", "&lt;"); 206 s2 = xs_replace(v, "<", "&lt;");
203 s = xs_str_cat(s, s2);
204 } 207 }
208
209 s = xs_str_cat(s, s2);
205 } 210 }
206 else { 211 else {
207 /* non-tag */ 212 /* non-tag */
HIC SVNT DRACONES