Loading app/html-cleaner/src/main/java/app/k9mail/html/cleaner/BodyCleaner.kt +3 −1 Original line number Diff line number Diff line Loading @@ -36,7 +36,9 @@ internal class BodyCleaner { .addAttributes("img", "usemap") .addAttributes(":all", "class", "style", "id", "dir") .addProtocols("img", "src", "http", "https", "cid", "data") .addProtocols("a", "href", "tel", "sip", "bitcoin", "ethereum", "rtsp") // Allow all URI schemes in links .removeProtocols("a", "href", "ftp", "http", "https", "mailto") cleaner = Cleaner(allowList) } Loading app/html-cleaner/src/test/java/app/k9mail/html/cleaner/HtmlSanitizerTest.kt +6 −4 Original line number Diff line number Diff line Loading @@ -301,6 +301,8 @@ class HtmlSanitizerTest { ) } // This test will fail when jsoup updates its list of allowed "protocols" for the a.href attribute. // When that happens, please adjust the removeProtocols("a", "href", …) line in BodyCleaner. @Test fun shouldKeepUris() { val html = Loading @@ -311,9 +313,9 @@ class HtmlSanitizerTest { <a href="https://example.com/default.html">HTTPS</a> <a href="mailto:user@example.com">Mailto</a> <a href="tel:00442079460111">Telephone</a> <a href="sms:00442079460111">SMS</a> <a href="sip:user@example.com">SIP</a> <a href="bitcoin:12A1MyfXbW6RhdRAZEqofac5jCQQjwEPBu">Bitcoin</a> <a href="ethereum:0x89205A3A3b2A69De6Dbf7f01ED13B2108B2c43e7">Ethereum</a> <a href="unknown:foobar">Unknown</a> <a href="rtsp://example.com/media.mp4">RTSP</a> </body> </html> Loading @@ -330,9 +332,9 @@ class HtmlSanitizerTest { <a href="https://example.com/default.html">HTTPS</a> <a href="mailto:user@example.com">Mailto</a> <a href="tel:00442079460111">Telephone</a> <a href="sms:00442079460111">SMS</a> <a href="sip:user@example.com">SIP</a> <a href="bitcoin:12A1MyfXbW6RhdRAZEqofac5jCQQjwEPBu">Bitcoin</a> <a href="ethereum:0x89205A3A3b2A69De6Dbf7f01ED13B2108B2c43e7">Ethereum</a> <a href="unknown:foobar">Unknown</a> <a href="rtsp://example.com/media.mp4">RTSP</a> </body> </html> Loading Loading
app/html-cleaner/src/main/java/app/k9mail/html/cleaner/BodyCleaner.kt +3 −1 Original line number Diff line number Diff line Loading @@ -36,7 +36,9 @@ internal class BodyCleaner { .addAttributes("img", "usemap") .addAttributes(":all", "class", "style", "id", "dir") .addProtocols("img", "src", "http", "https", "cid", "data") .addProtocols("a", "href", "tel", "sip", "bitcoin", "ethereum", "rtsp") // Allow all URI schemes in links .removeProtocols("a", "href", "ftp", "http", "https", "mailto") cleaner = Cleaner(allowList) } Loading
app/html-cleaner/src/test/java/app/k9mail/html/cleaner/HtmlSanitizerTest.kt +6 −4 Original line number Diff line number Diff line Loading @@ -301,6 +301,8 @@ class HtmlSanitizerTest { ) } // This test will fail when jsoup updates its list of allowed "protocols" for the a.href attribute. // When that happens, please adjust the removeProtocols("a", "href", …) line in BodyCleaner. @Test fun shouldKeepUris() { val html = Loading @@ -311,9 +313,9 @@ class HtmlSanitizerTest { <a href="https://example.com/default.html">HTTPS</a> <a href="mailto:user@example.com">Mailto</a> <a href="tel:00442079460111">Telephone</a> <a href="sms:00442079460111">SMS</a> <a href="sip:user@example.com">SIP</a> <a href="bitcoin:12A1MyfXbW6RhdRAZEqofac5jCQQjwEPBu">Bitcoin</a> <a href="ethereum:0x89205A3A3b2A69De6Dbf7f01ED13B2108B2c43e7">Ethereum</a> <a href="unknown:foobar">Unknown</a> <a href="rtsp://example.com/media.mp4">RTSP</a> </body> </html> Loading @@ -330,9 +332,9 @@ class HtmlSanitizerTest { <a href="https://example.com/default.html">HTTPS</a> <a href="mailto:user@example.com">Mailto</a> <a href="tel:00442079460111">Telephone</a> <a href="sms:00442079460111">SMS</a> <a href="sip:user@example.com">SIP</a> <a href="bitcoin:12A1MyfXbW6RhdRAZEqofac5jCQQjwEPBu">Bitcoin</a> <a href="ethereum:0x89205A3A3b2A69De6Dbf7f01ED13B2108B2c43e7">Ethereum</a> <a href="unknown:foobar">Unknown</a> <a href="rtsp://example.com/media.mp4">RTSP</a> </body> </html> Loading
