Loading k9mail/src/main/java/com/fsck/k9/message/html/HtmlSanitizer.java +5 −1 Original line number Diff line number Diff line Loading @@ -13,7 +13,7 @@ public class HtmlSanitizer { HtmlSanitizer() { Whitelist whitelist = Whitelist.relaxed() .addTags("font", "hr", "ins", "del", "center") .addTags("font", "hr", "ins", "del", "center", "map", "area") .addAttributes("font", "color", "face", "size") .addAttributes("table", "align", "background", "bgcolor", "border", "cellpadding", "cellspacing", "width") Loading @@ -24,6 +24,10 @@ public class HtmlSanitizer { .addAttributes("td", "align", "bgcolor", "colspan", "headers", "height", "nowrap", "rowspan", "scope", "valign", "width") .addAttributes("map", "name") .addAttributes("area", "shape", "coords", "href", "alt") .addProtocols("area", "href", "http", "https") .addAttributes("img", "usemap") .addAttributes(":all", "class", "style", "id") .addProtocols("img", "src", "http", "https", "cid", "data") .addProtocols("a", "href", "tel", "sip", "bitcoin", "ethereum", "rtsp"); Loading k9mail/src/test/java/com/fsck/k9/message/html/HtmlSanitizerTest.java +22 −0 Original line number Diff line number Diff line Loading @@ -177,6 +177,28 @@ public class HtmlSanitizerTest { assertEquals(html, toCompactString(result)); } @Test public void shouldKeepMapAreaTags() { String html = "<html><head></head><body><map name=\"planetmap\">\n" + " <area shape=\"rect\" coords=\"0,0,82,126\" href=\"sun.htm\" alt=\"Sun\">\n" + " <area shape=\"circle\" coords=\"90,58,3\" href=\"mercur.htm\" alt=\"Mercury\">\n" + " <area shape=\"circle\" coords=\"124,58,8\" href=\"venus.htm\" alt=\"Venus\">\n" + "</map></body></html>"; Document result = htmlSanitizer.sanitize(html); assertEquals(html, toCompactString(result)); } @Test public void shouldKeepImgUsemap() { String html = "<html><head></head><body><img src=\"image.jpg\" usemap=\"#planetmap\"></body></html>"; Document result = htmlSanitizer.sanitize(html); assertEquals(html, toCompactString(result)); } @Test public void shouldKeepWhitelistedElementsInHeadAndSkipTheRest() { String html = "<html><head>" + Loading Loading
k9mail/src/main/java/com/fsck/k9/message/html/HtmlSanitizer.java +5 −1 Original line number Diff line number Diff line Loading @@ -13,7 +13,7 @@ public class HtmlSanitizer { HtmlSanitizer() { Whitelist whitelist = Whitelist.relaxed() .addTags("font", "hr", "ins", "del", "center") .addTags("font", "hr", "ins", "del", "center", "map", "area") .addAttributes("font", "color", "face", "size") .addAttributes("table", "align", "background", "bgcolor", "border", "cellpadding", "cellspacing", "width") Loading @@ -24,6 +24,10 @@ public class HtmlSanitizer { .addAttributes("td", "align", "bgcolor", "colspan", "headers", "height", "nowrap", "rowspan", "scope", "valign", "width") .addAttributes("map", "name") .addAttributes("area", "shape", "coords", "href", "alt") .addProtocols("area", "href", "http", "https") .addAttributes("img", "usemap") .addAttributes(":all", "class", "style", "id") .addProtocols("img", "src", "http", "https", "cid", "data") .addProtocols("a", "href", "tel", "sip", "bitcoin", "ethereum", "rtsp"); Loading
k9mail/src/test/java/com/fsck/k9/message/html/HtmlSanitizerTest.java +22 −0 Original line number Diff line number Diff line Loading @@ -177,6 +177,28 @@ public class HtmlSanitizerTest { assertEquals(html, toCompactString(result)); } @Test public void shouldKeepMapAreaTags() { String html = "<html><head></head><body><map name=\"planetmap\">\n" + " <area shape=\"rect\" coords=\"0,0,82,126\" href=\"sun.htm\" alt=\"Sun\">\n" + " <area shape=\"circle\" coords=\"90,58,3\" href=\"mercur.htm\" alt=\"Mercury\">\n" + " <area shape=\"circle\" coords=\"124,58,8\" href=\"venus.htm\" alt=\"Venus\">\n" + "</map></body></html>"; Document result = htmlSanitizer.sanitize(html); assertEquals(html, toCompactString(result)); } @Test public void shouldKeepImgUsemap() { String html = "<html><head></head><body><img src=\"image.jpg\" usemap=\"#planetmap\"></body></html>"; Document result = htmlSanitizer.sanitize(html); assertEquals(html, toCompactString(result)); } @Test public void shouldKeepWhitelistedElementsInHeadAndSkipTheRest() { String html = "<html><head>" + Loading
