Changeset 9 in code
- Timestamp:
- Oct 23, 2016, 5:30:02 PM (9 years ago)
- File:
-
- 1 edited
-
trunk/morty.go (modified) (13 diffs)
Legend:
- Unmodified
- Added
- Removed
-
trunk/morty.go
r8 r9 241 241 } 242 242 243 func sanitizeCSS(rc *RequestConfig, ctx *fasthttp.RequestCtx, css []byte) {243 func sanitizeCSS(rc *RequestConfig, out io.Writer, css []byte) { 244 244 // TODO 245 245 … … 247 247 248 248 if urlSlices == nil { 249 ctx.Write(css)249 out.Write(css) 250 250 return 251 251 } … … 258 258 259 259 if uri, err := proxifyURI(rc, string(css[urlStart:urlEnd])); err == nil { 260 ctx.Write(css[startIndex:urlStart])261 ctx.Write([]byte(uri))260 out.Write(css[startIndex:urlStart]) 261 out.Write([]byte(uri)) 262 262 startIndex = urlEnd 263 263 } else { … … 266 266 } 267 267 if startIndex < len(css) { 268 ctx.Write(css[startIndex:len(css)])269 } 270 } 271 272 func sanitizeHTML(rc *RequestConfig, ctx *fasthttp.RequestCtx, htmlDoc []byte) {268 out.Write(css[startIndex:len(css)]) 269 } 270 } 271 272 func sanitizeHTML(rc *RequestConfig, out io.Writer, htmlDoc []byte) { 273 273 r := bytes.NewReader(htmlDoc) 274 274 decoder := html.NewTokenizer(r) … … 307 307 } 308 308 var attrs [][][]byte 309 fmt.Fprintf( ctx, "<%s", tag)309 fmt.Fprintf(out, "<%s", tag) 310 310 if hasAttrs { 311 311 for { … … 317 317 } 318 318 if bytes.Equal(tag, []byte("meta")) { 319 sanitizeMetaAttrs(rc, ctx, attrs)319 sanitizeMetaAttrs(rc, out, attrs) 320 320 } else { 321 sanitizeAttrs(rc, ctx, attrs)321 sanitizeAttrs(rc, out, attrs) 322 322 } 323 323 } 324 324 if token == html.SelfClosingTagToken { 325 fmt.Fprintf( ctx, " />")325 fmt.Fprintf(out, " />") 326 326 } else { 327 fmt.Fprintf( ctx, ">")327 fmt.Fprintf(out, ">") 328 328 if bytes.Equal(tag, []byte("style")) { 329 329 state = STATE_IN_STYLE … … 347 347 key = hash(urlStr, rc.Key) 348 348 } 349 fmt.Fprintf( ctx, HTML_FORM_EXTENSION, urlStr, key)349 fmt.Fprintf(out, HTML_FORM_EXTENSION, urlStr, key) 350 350 351 351 } … … 356 356 switch string(tag) { 357 357 case "body": 358 fmt.Fprintf( ctx, HTML_BODY_EXTENSION, rc.baseURL.String())358 fmt.Fprintf(out, HTML_BODY_EXTENSION, rc.baseURL.String()) 359 359 case "style": 360 360 state = STATE_DEFAULT … … 365 365 // skip noscript tags - only the tag, not the content, because javascript is sanitized 366 366 if writeEndTag { 367 fmt.Fprintf( ctx, "</%s>", tag)367 fmt.Fprintf(out, "</%s>", tag) 368 368 } 369 369 … … 371 371 switch state { 372 372 case STATE_DEFAULT: 373 fmt.Fprintf( ctx, "%s", decoder.Raw())373 fmt.Fprintf(out, "%s", decoder.Raw()) 374 374 case STATE_IN_STYLE: 375 sanitizeCSS(rc, ctx, decoder.Raw())375 sanitizeCSS(rc, out, decoder.Raw()) 376 376 case STATE_IN_NOSCRIPT: 377 sanitizeHTML(rc, ctx, decoder.Raw())377 sanitizeHTML(rc, out, decoder.Raw()) 378 378 } 379 379 380 380 case html.DoctypeToken, html.CommentToken: 381 ctx.Write(decoder.Raw())381 out.Write(decoder.Raw()) 382 382 } 383 383 } else { … … 399 399 } 400 400 401 func sanitizeMetaAttrs(rc *RequestConfig, ctx *fasthttp.RequestCtx, attrs [][][]byte) {401 func sanitizeMetaAttrs(rc *RequestConfig, out io.Writer, attrs [][][]byte) { 402 402 var http_equiv []byte 403 403 var content []byte … … 417 417 parts := bytes.SplitN(content, []byte(";url="), 2) 418 418 if uri, err := proxifyURI(rc, string(parts[1])); err == nil { 419 fmt.Fprintf( ctx, ` http-equiv="refresh" content="%s;%s"`, parts[0], uri)419 fmt.Fprintf(out, ` http-equiv="refresh" content="%s;%s"`, parts[0], uri) 420 420 } 421 421 } else { 422 sanitizeAttrs(rc, ctx, attrs)423 } 424 425 } 426 427 func sanitizeAttrs(rc *RequestConfig, ctx *fasthttp.RequestCtx, attrs [][][]byte) {422 sanitizeAttrs(rc, out, attrs) 423 } 424 425 } 426 427 func sanitizeAttrs(rc *RequestConfig, out io.Writer, attrs [][][]byte) { 428 428 for _, attr := range attrs { 429 sanitizeAttr(rc, ctx, attr[0], attr[1])430 } 431 } 432 433 func sanitizeAttr(rc *RequestConfig, ctx *fasthttp.RequestCtx, attrName, attrValue []byte) {429 sanitizeAttr(rc, out, attr[0], attr[1]) 430 } 431 } 432 433 func sanitizeAttr(rc *RequestConfig, out io.Writer, attrName, attrValue []byte) { 434 434 if inArray(attrName, SAFE_ATTRIBUTES) { 435 fmt.Fprintf( ctx, " %s=\"%s\"", attrName, attrValue)435 fmt.Fprintf(out, " %s=\"%s\"", attrName, attrValue) 436 436 return 437 437 } … … 439 439 case "src", "href", "action": 440 440 if uri, err := proxifyURI(rc, string(attrValue)); err == nil { 441 fmt.Fprintf( ctx, " %s=\"%s\"", attrName, uri)441 fmt.Fprintf(out, " %s=\"%s\"", attrName, uri) 442 442 } else { 443 443 log.Println("cannot proxify uri:", attrValue) 444 444 } 445 445 case "style": 446 fmt.Fprintf( ctx, " %s=\"", attrName)447 sanitizeCSS(rc, ctx, attrValue)448 ctx.Write([]byte("\""))446 fmt.Fprintf(out, " %s=\"", attrName) 447 sanitizeCSS(rc, out, attrValue) 448 out.Write([]byte("\"")) 449 449 } 450 450 }
Note:
See TracChangeset
for help on using the changeset viewer.
