From de3ad227bda8c6953773249310434da6665d1265 Mon Sep 17 00:00:00 2001 From: hunbernd Date: Mon, 23 Aug 2021 01:16:36 +0200 Subject: [PATCH] Filter html img tags that points to local files --- retroshare-gui/src/util/HandleRichText.cpp | 24 ++++++++++++++++++++++ retroshare-gui/src/util/HandleRichText.h | 1 + 2 files changed, 25 insertions(+) diff --git a/retroshare-gui/src/util/HandleRichText.cpp b/retroshare-gui/src/util/HandleRichText.cpp index 409d37aa6..bba7c03af 100644 --- a/retroshare-gui/src/util/HandleRichText.cpp +++ b/retroshare-gui/src/util/HandleRichText.cpp @@ -334,6 +334,29 @@ void RsHtml::replaceAnchorWithImg(QDomDocument &doc, QDomElement &element, QText element.appendChild(img); } +void RsHtml::filterEmbeddedImages(QDomDocument &doc, QDomElement ¤tElement) +{ + QDomNodeList children = currentElement.childNodes(); + for(uint index = 0; index < (uint)children.length(); index++) { + QDomNode node = children.item(index); + if(node.isElement()) { + QDomElement element = node.toElement(); + if(element.tagName().toLower() == "img") { + if(element.hasAttribute("src")) { + QString src = element.attribute("src"); + // Do not allow things in the image source, except these: + // :/ internal resource needed for emotes + // data:image base64 embedded image needed for stickers + if(!src.startsWith(":/") && !src.startsWith("data:image", Qt::CaseInsensitive)) { + element.setAttribute("src", ":/images/imageblocked_24.png"); + } + } + } + filterEmbeddedImages(doc, element); + } + } +} + int RsHtml::indexInWithValidation(QRegExp &rx, const QString &text, EmbedInHtml &embedInfos, int pos) { int index = rx.indexIn(text, pos); @@ -636,6 +659,7 @@ QString RsHtml::formatText(QTextDocument *textDocument, const QString &text, ulo } QDomElement body = doc.documentElement(); + filterEmbeddedImages(doc, body); // This should be first, becuse it should not overwrite embedded custom smileys if (flag & RSHTML_FORMATTEXT_EMBED_SMILEYS) { embedHtml(textDocument, doc, body, defEmbedImg, flag); } diff --git a/retroshare-gui/src/util/HandleRichText.h b/retroshare-gui/src/util/HandleRichText.h index 8189e4ce1..9462ba865 100644 --- a/retroshare-gui/src/util/HandleRichText.h +++ b/retroshare-gui/src/util/HandleRichText.h @@ -82,6 +82,7 @@ public: protected: void embedHtml(QTextDocument *textDocument, QDomDocument &doc, QDomElement ¤tElement, EmbedInHtml& embedInfos, ulong flag); void replaceAnchorWithImg(QDomDocument& doc, QDomElement &element, QTextDocument *textDocument, const RetroShareLink &link); + void filterEmbeddedImages(QDomDocument &doc, QDomElement ¤tElement); virtual bool canReplaceAnchor(QDomDocument &doc, QDomElement &element, const RetroShareLink &link); virtual void anchorTextForImg(QDomDocument &doc, QDomElement &element, const RetroShareLink &link, QString &text);