Improve `href-sanitizer` scriptlet

This commit is contained in:
Raymond Hill 2023-05-30 09:13:46 -04:00
parent 848c539a57
commit f3b720d532
No known key found for this signature in database
GPG Key ID: 25E1490B761470C2
1 changed files with 31 additions and 13 deletions

View File

@ -2318,18 +2318,35 @@ function hrefSanitizer(
elem.setAttribute('href', text); elem.setAttribute('href', text);
} }
}; };
const validateURL = text => {
if ( text === '' ) { return ''; }
if ( /[^\x21-\x7e]/.test(text) ) { return ''; }
try {
const url = new URL(text, document.location);
return url.href;
} catch(ex) {
}
return '';
};
const extractText = (elem, source) => { const extractText = (elem, source) => {
if ( /^\[.*\]$/.test(source) ) { if ( /^\[.*\]$/.test(source) ) {
source = elem.getAttribute(source.slice(1,-1).trim()) || ''; return elem.getAttribute(source.slice(1,-1).trim()) || '';
} }
if ( source !== 'text' ) { return ''; } if ( source.startsWith('?') ) {
const text = elem.textContent try {
const url = new URL(elem.href, document.location);
return url.searchParams.get(source.slice(1)) || '';
} catch(x) {
}
return '';
}
if ( source === 'text' ) {
return elem.textContent
.replace(/^[^\x21-\x7e]+/, '') // remove leading invalid characters .replace(/^[^\x21-\x7e]+/, '') // remove leading invalid characters
.replace(/[^\x21-\x7e]+$/, '') // remove trailing invalid characters .replace(/[^\x21-\x7e]+$/, '') // remove trailing invalid characters
; ;
if ( /^https:\/\/./.test(text) === false ) { return ''; } }
if ( /[^\x21-\x7e]/.test(text) ) { return ''; } return '';
return text;
}; };
const sanitize = ( ) => { const sanitize = ( ) => {
let elems = []; let elems = [];
@ -2344,10 +2361,11 @@ function hrefSanitizer(
if ( elem.hasAttribute('href') === false ) { continue; } if ( elem.hasAttribute('href') === false ) { continue; }
const href = elem.getAttribute('href'); const href = elem.getAttribute('href');
const text = extractText(elem, source); const text = extractText(elem, source);
if ( text === '' ) { continue; } const hrefAfter = validateURL(text);
if ( href === text ) { continue; } if ( hrefAfter === '' ) { continue; }
elem.setAttribute('href', text); if ( hrefAfter === href ) { continue; }
sanitizeCopycats(href, text); elem.setAttribute('href', hrefAfter);
sanitizeCopycats(href, hrefAfter);
} }
return true; return true;
}; };