Merge pull request #2460 from hunbernd/fix/imgembedlocalfiles

Filter html img tags that points to local files
This commit is contained in:
csoler 2021-08-26 17:30:37 +02:00 committed by GitHub
commit 6d56f3289b
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 25 additions and 0 deletions

View File

@ -334,6 +334,29 @@ void RsHtml::replaceAnchorWithImg(QDomDocument &doc, QDomElement &element, QText
element.appendChild(img); element.appendChild(img);
} }
void RsHtml::filterEmbeddedImages(QDomDocument &doc, QDomElement &currentElement)
{
QDomNodeList children = currentElement.childNodes();
for(uint index = 0; index < (uint)children.length(); index++) {
QDomNode node = children.item(index);
if(node.isElement()) {
QDomElement element = node.toElement();
if(element.tagName().toLower() == "img") {
if(element.hasAttribute("src")) {
QString src = element.attribute("src");
// Do not allow things in the image source, except these:
// :/ internal resource needed for emotes
// data:image base64 embedded image needed for stickers
if(!src.startsWith(":/") && !src.startsWith("data:image", Qt::CaseInsensitive)) {
element.setAttribute("src", ":/images/imageblocked_24.png");
}
}
}
filterEmbeddedImages(doc, element);
}
}
}
int RsHtml::indexInWithValidation(QRegExp &rx, const QString &text, EmbedInHtml &embedInfos, int pos) int RsHtml::indexInWithValidation(QRegExp &rx, const QString &text, EmbedInHtml &embedInfos, int pos)
{ {
int index = rx.indexIn(text, pos); int index = rx.indexIn(text, pos);
@ -636,6 +659,7 @@ QString RsHtml::formatText(QTextDocument *textDocument, const QString &text, ulo
} }
QDomElement body = doc.documentElement(); QDomElement body = doc.documentElement();
filterEmbeddedImages(doc, body); // This should be first, becuse it should not overwrite embedded custom smileys
if (flag & RSHTML_FORMATTEXT_EMBED_SMILEYS) { if (flag & RSHTML_FORMATTEXT_EMBED_SMILEYS) {
embedHtml(textDocument, doc, body, defEmbedImg, flag); embedHtml(textDocument, doc, body, defEmbedImg, flag);
} }

View File

@ -82,6 +82,7 @@ public:
protected: protected:
void embedHtml(QTextDocument *textDocument, QDomDocument &doc, QDomElement &currentElement, EmbedInHtml& embedInfos, ulong flag); void embedHtml(QTextDocument *textDocument, QDomDocument &doc, QDomElement &currentElement, EmbedInHtml& embedInfos, ulong flag);
void replaceAnchorWithImg(QDomDocument& doc, QDomElement &element, QTextDocument *textDocument, const RetroShareLink &link); void replaceAnchorWithImg(QDomDocument& doc, QDomElement &element, QTextDocument *textDocument, const RetroShareLink &link);
void filterEmbeddedImages(QDomDocument &doc, QDomElement &currentElement);
virtual bool canReplaceAnchor(QDomDocument &doc, QDomElement &element, const RetroShareLink &link); virtual bool canReplaceAnchor(QDomDocument &doc, QDomElement &element, const RetroShareLink &link);
virtual void anchorTextForImg(QDomDocument &doc, QDomElement &element, const RetroShareLink &link, QString &text); virtual void anchorTextForImg(QDomDocument &doc, QDomElement &element, const RetroShareLink &link, QString &text);