Strip dangerous control codes in sanitize().

author: default 2023-03-06 11:06:35 +0100
committer: default 2023-03-06 11:06:35 +0100
commit: 49f2f498de0ad3b2c8df1203ff444c1794617ecb (patch)
tree: 2186b34f807ee238770f799ba4a290ea9716577b /format.c
parent: Reject MUTEd actor messages ASAP with a 403 status. (diff)
download: penes-snac2-49f2f498de0ad3b2c8df1203ff444c1794617ecb.tar.gz
penes-snac2-49f2f498de0ad3b2c8df1203ff444c1794617ecb.tar.xz
penes-snac2-49f2f498de0ad3b2c8df1203ff444c1794617ecb.zip
1 files changed, 10 insertions, 1 deletions
diff --git a/format.c b/format.c
index 37c03fa..b1c84ba 100644
--- a/format.c
+++ b/format.c
@@ -179,11 +179,20 @@ d_char *sanitize(const char *content)
    xs *sl;
    int n = 0;
    char *p, *v;
+    xs *content2 = xs_dup(content);
-    sl = xs_regex_split(content, "</?[^>]+>");
+    /* strip dangerous control codes */
+    for (n = 0; content2[n]; n++) {
+        if (content2[n] > 0x0   && content2[n] < 0x20 &&
+            content2[n] != '\r' && content2[n] != '\n')
+            content2[n] = ' ';
+    }
+    sl = xs_regex_split(content2, "</?[^>]+>");
    p = sl;
+    n = 0;
    while (xs_list_iter(&p, &v)) {
        if (n & 0x1) {
            xs *s1  = xs_strip_i(xs_crop_i(xs_dup(v), v[1] == '/' ? 2 : 1, -1));
author	default	2023-03-06 11:06:35 +0100
committer	default	2023-03-06 11:06:35 +0100
commit	49f2f498de0ad3b2c8df1203ff444c1794617ecb (patch)
tree	2186b34f807ee238770f799ba4a290ea9716577b /format.c
parent	Reject MUTEd actor messages ASAP with a 403 status. (diff)
download	penes-snac2-49f2f498de0ad3b2c8df1203ff444c1794617ecb.tar.gz penes-snac2-49f2f498de0ad3b2c8df1203ff444c1794617ecb.tar.xz penes-snac2-49f2f498de0ad3b2c8df1203ff444c1794617ecb.zip