DXR will be turned off on Tuesday, December 29th. It will redirect to Searchfox.
See the announcement on Discourse.

DXR is a code search and navigation tool aimed at making sense of large projects. It supports full-text and regex searches as well as structural queries.

Header

Mercurial (af5845922999)

VCS Links

Line Code
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144
/* -*- Mode: C; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
/* This Source Code Form is subject to the terms of the Mozilla Public
 * License, v. 2.0. If a copy of the MPL was not distributed with this
 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */

/* Most of this code is copied from mimethpl; see there for source comments.
   If you find a bug here, check that class, too.
*/

/* The MimeInlineTextHTMLSanitized class cleans up HTML

   This removes offending HTML features that have no business in mail.
   It is a low-level stop gap for many classes of attacks,
   and intended for security conscious users.
   Paranoia is a feature here, and has served very well in practice.

   It has already prevented countless serious exploits.

   It pushes the HTML that we get from the sender of the message
   through a sanitizer (nsTreeSanitizer), which lets only allowed tags through.
   With the appropriate configuration, this protects from most of the
   security and visual-formatting problems that otherwise usually come with HTML
   (and which partly gave HTML in email the bad reputation that it has).

   However, due to the parsing and serializing (and later parsing again)
   required, there is an inherent, significant performance hit, when doing the
   santinizing here at the MIME / HTML source level. But users of this class
   will most likely find it worth the cost.
 */

#include "mimethsa.h"
#include "prmem.h"
#include "prlog.h"
#include "msgCore.h"
#include "mimemoz2.h"
#include "nsIPrefBranch.h"
#include "nsString.h"
#include "mimethtm.h"

#define MIME_SUPERCLASS mimeInlineTextHTMLClass
MimeDefClass(MimeInlineTextHTMLSanitized, MimeInlineTextHTMLSanitizedClass,
       mimeInlineTextHTMLSanitizedClass, &MIME_SUPERCLASS);

static int MimeInlineTextHTMLSanitized_parse_line(const char *, int32_t,
                                                  MimeObject *);
static int MimeInlineTextHTMLSanitized_parse_begin(MimeObject *obj);
static int MimeInlineTextHTMLSanitized_parse_eof(MimeObject *, bool);
static void MimeInlineTextHTMLSanitized_finalize(MimeObject *obj);

static int
MimeInlineTextHTMLSanitizedClassInitialize(MimeInlineTextHTMLSanitizedClass *clazz)
{
  MimeObjectClass *oclass = (MimeObjectClass *)clazz;
  NS_ASSERTION(!oclass->class_initialized, "problem with superclass");
  oclass->parse_line  = MimeInlineTextHTMLSanitized_parse_line;
  oclass->parse_begin = MimeInlineTextHTMLSanitized_parse_begin;
  oclass->parse_eof   = MimeInlineTextHTMLSanitized_parse_eof;
  oclass->finalize    = MimeInlineTextHTMLSanitized_finalize;

  return 0;
}

static int
MimeInlineTextHTMLSanitized_parse_begin(MimeObject *obj)
{
  MimeInlineTextHTMLSanitized *me = (MimeInlineTextHTMLSanitized *)obj;
  me->complete_buffer = new nsString();
  int status = ((MimeObjectClass*)&MIME_SUPERCLASS)->parse_begin(obj);
  if (status < 0)
    return status;

  return 0;
}

static int
MimeInlineTextHTMLSanitized_parse_eof(MimeObject *obj, bool abort_p)
{
  if (obj->closed_p)
    return 0;
  int status = ((MimeObjectClass*)&MIME_SUPERCLASS)->parse_eof(obj, abort_p);
  if (status < 0)
    return status;
  MimeInlineTextHTMLSanitized *me = (MimeInlineTextHTMLSanitized *)obj;

  // We have to cache all lines and parse the whole document at once.
  // There's a useful sounding function parseFromStream(), but it only allows XML
  // mimetypes, not HTML. Methinks that's because the HTML soup parser
  // needs the entire doc to make sense of the gibberish that people write.
  if (!me || !me->complete_buffer)
    return 0;

  nsString& cb = *(me->complete_buffer);
  if (cb.IsEmpty())
    return 0;
  nsString sanitized;

  // Sanitize.
  HTMLSanitize(cb, sanitized);

  // Write it out.
  NS_ConvertUTF16toUTF8 resultCStr(sanitized);
  MimeInlineTextHTML_insert_lang_div(obj, resultCStr);
  // Call to MimeInlineTextHTML_remove_plaintext_tag() not needed since
  // sanitization already removes that tag.
  status = ((MimeObjectClass*)&MIME_SUPERCLASS)->parse_line(
                             resultCStr.BeginWriting(),
                             resultCStr.Length(),
                             obj);
  cb.Truncate();
  return status;
}

void
MimeInlineTextHTMLSanitized_finalize(MimeObject *obj)
{
  MimeInlineTextHTMLSanitized *me = (MimeInlineTextHTMLSanitized *)obj;

  if (me && me->complete_buffer)
  {
    obj->clazz->parse_eof(obj, false);
    delete me->complete_buffer;
    me->complete_buffer = NULL;
  }

  ((MimeObjectClass*)&MIME_SUPERCLASS)->finalize(obj);
}

static int
MimeInlineTextHTMLSanitized_parse_line(const char *line, int32_t length,
                                       MimeObject *obj)
{
  MimeInlineTextHTMLSanitized *me = (MimeInlineTextHTMLSanitized *)obj;

  if (!me || !(me->complete_buffer))
    return -1;

  nsCString linestr(line, length);
  NS_ConvertUTF8toUTF16 line_ucs2(linestr.get());
  if (length && line_ucs2.IsEmpty())
    CopyASCIItoUTF16(linestr, line_ucs2);
  (me->complete_buffer)->Append(line_ucs2);

  return 0;
}