mirrors/snac2
3
0
Fork 0
mirror of https://codeberg.org/grunfink/snac2.git synced 2024-09-20 02:10:22 +03:00
Code Issues Packages Projects Releases Wiki Activity

In sanitize(), rebuild the accepted tags with only the accepted attributes.

Browse Source
This commit is contained in:
default 2022-11-16 16:53:59 +01:00
parent 236ca9af6b
commit bdc689e594
1 changed files with 10 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
format.c
View File

@ -185,6 +185,7 @@ d_char *sanitize(const char *content)
xs *s1 = xs_strip(xs_crop(xs_dup(v), v[1] == '/' ? 2 : 1, -1)); xs *s1 = xs_strip(xs_crop(xs_dup(v), v[1] == '/' ? 2 : 1, -1));
xs *l1 = xs_split_n(s1, " ", 1); xs *l1 = xs_split_n(s1, " ", 1);
xs *tag = xs_tolower(xs_dup(xs_list_get(l1, 0))); xs *tag = xs_tolower(xs_dup(xs_list_get(l1, 0)));
xs *s2 = NULL;
int i; int i;
/* check if it's one of the valid tags */ /* check if it's one of the valid tags */
@ -194,14 +195,18 @@ d_char *sanitize(const char *content)
} }
if (valid_tags[i]) { if (valid_tags[i]) {
/* accepted tag */ /* accepted tag: rebuild it with only the accepted elements */
s = xs_str_cat(s, v); xs *el = xs_regex_match(v, "(href|rel|class|target)=\"[^\"]*\"");
xs *s3 = xs_join(el, " ");
s2 = xs_fmt("<%s%s %s>", v[1] == '/' ? "/" : "", tag, s3);
} }
else { else {
/* bad tag */ /* bad tag: escape it */
xs *s2 = xs_replace(v, "<", "&lt;"); s2 = xs_replace(v, "<", "&lt;");
s = xs_str_cat(s, s2);
} }
s = xs_str_cat(s, s2);
} }
else { else {
/* non-tag */ /* non-tag */