[1.2.0] Non-accessible resources (ex. mailto) blocked from embedded URIs (img src)

git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@528 48356398-32a2-884e-a903-53898d9a118a

NEWS

@@ -23,6 +23,7 @@ NEWS ( CHANGELOG and HISTORY )                                     HTMLPurifier
 ! Configuration documentation now has table of contents
 ! Added %URI.DisableExternal, which prevents links to external websites.  You
   can also use %URI.Host to permit absolute linking to subdomains
+! Non-accessible resources (ex. mailto) blocked from embedded URIs (img src)
 - Documentation updated
   + TODO added request Phalanger
   + TODO added request Native compression

TODO

@@ -5,8 +5,6 @@ TODO List
  - Make URI validation routines tighter (especially mailto)
  - More extensive URI filtering schemes (see URI in config-ideas.txt)
  - Allow for background-image and list-style-image (see above)
- - Distinguish between different types of URIs, for instance, a mailto URI
-   in IMG SRC is nonsensical
  - Error logging for filtering/cleanup procedures
  - Rich set* methods and config file loaders for HTMLPurifier_Config
 

library/HTMLPurifier/AttrDef/URI.php

@@ -43,10 +43,15 @@ class HTMLPurifier_AttrDef_URI extends HTMLPurifier_AttrDef
     
     var $host;
     var $PercentEncoder;
+    var $embeds;
     
-    function HTMLPurifier_AttrDef_URI() {
+    /**
+     * @param $embeds Does the URI here result in an extra HTTP request?
+     */
+    function HTMLPurifier_AttrDef_URI($embeds = false) {
         $this->host = new HTMLPurifier_AttrDef_Host();
         $this->PercentEncoder = new HTMLPurifier_PercentEncoder();
+        $this->embeds = (bool) $embeds;
     }
     
     function validate($uri, $config, &$context) {
@@ -100,6 +105,12 @@ class HTMLPurifier_AttrDef_URI extends HTMLPurifier_AttrDef
         }
         
         
+        // the URI we're processing embeds a resource in the page, but the URI
+        // it references cannot be located
+        if ($this->embeds && !$scheme_obj->browsable) {
+            return false;
+        }
+        
         
         if ($authority !== null) {
             

library/HTMLPurifier/HTMLDefinition.php

@@ -351,12 +351,14 @@ class HTMLPurifier_HTMLDefinition
         $e_URI = new HTMLPurifier_AttrDef_URI();
         $this->info['a']->attr['href'] =
         $this->info['img']->attr['longdesc'] =
-        $this->info['img']->attr['src'] =
         $this->info['del']->attr['cite'] =
         $this->info['ins']->attr['cite'] =
         $this->info['blockquote']->attr['cite'] =
         $this->info['q']->attr['cite'] = $e_URI;
         
+        // URI that causes HTTP request
+        $this->info['img']->attr['src'] = new HTMLPurifier_AttrDef_URI(true);
+        
         //////////////////////////////////////////////////////////////////////
         // info_tag_transform : transformations of tags
         

library/HTMLPurifier/URIScheme.php

@@ -12,6 +12,13 @@ class HTMLPurifier_URIScheme
      */
     var $default_port = null;
     
+    /**
+     * Whether or not URIs of this schem are locatable by a browser
+     * http and ftp are accessible, while mailto and news are not.
+     * @public
+     */
+    var $browsable = false;
+    
     /**
      * Validates the components of a URI
      * @note This implementation should be called by children if they define

library/HTMLPurifier/URIScheme/ftp.php

@@ -8,6 +8,7 @@ require_once 'HTMLPurifier/URIScheme.php';
 class HTMLPurifier_URIScheme_ftp extends HTMLPurifier_URIScheme {
     
     var $default_port = 21;
+    var $browsable = true; // usually
     
     function validateComponents(
         $userinfo, $host, $port, $path, $query, $config, &$context

library/HTMLPurifier/URIScheme/http.php

@@ -8,6 +8,7 @@ require_once 'HTMLPurifier/URIScheme.php';
 class HTMLPurifier_URIScheme_http extends HTMLPurifier_URIScheme {
     
     var $default_port = 80;
+    var $browsable = true;
     
     function validateComponents(
         $userinfo, $host, $port, $path, $query, $config, &$context

library/HTMLPurifier/URIScheme/mailto.php

@@ -13,6 +13,8 @@ require_once 'HTMLPurifier/URIScheme.php';
 
 class HTMLPurifier_URIScheme_mailto extends HTMLPurifier_URIScheme {
     
+    var $browsable = false;
+    
     function validateComponents(
         $userinfo, $host, $port, $path, $query, $config, &$context
     ) {

library/HTMLPurifier/URIScheme/news.php

@@ -7,6 +7,8 @@ require_once 'HTMLPurifier/URIScheme.php';
  */
 class HTMLPurifier_URIScheme_news extends HTMLPurifier_URIScheme {
     
+    var $browsable = false;
+    
     function validateComponents(
         $userinfo, $host, $port, $path, $query, $config, &$context
     ) {

library/HTMLPurifier/URIScheme/nntp.php

@@ -8,6 +8,7 @@ require_once 'HTMLPurifier/URIScheme.php';
 class HTMLPurifier_URIScheme_nntp extends HTMLPurifier_URIScheme {
     
     var $default_port = 119;
+    var $browsable = false;
     
     function validateComponents(
         $userinfo, $host, $port, $path, $query, $config, &$context

tests/HTMLPurifier/AttrDef/URITest.php

@@ -261,6 +261,16 @@ class HTMLPurifier_AttrDef_URITest extends HTMLPurifier_AttrDefHarness
         
     }
     
+    function testEmbeds() {
+        
+        // embedded URI
+        $this->def = new HTMLPurifier_AttrDef_URI(true);
+        
+        $this->assertDef('http://sub.example.com/alas?foo=asd');
+        $this->assertDef('mailto:foo@example.com', false);
+        
+    }
+    
 }
 
 ?>

tests/HTMLPurifier/Strategy/ValidateAttributesTest.php

@@ -163,6 +163,12 @@ class HTMLPurifier_Strategy_ValidateAttributesTest extends
             '<col />'
         );
         
+        // mailto in image is not allowed
+        $this->assertResult(
+            '<img src="mailto:foo@example.com" />',
+            '<img src="" alt="Invalid image" />'
+        );
+        
     }
     
 }