Loading k9mail/src/main/java/com/fsck/k9/message/html/HtmlSanitizer.java +2 −1 Original line number Diff line number Diff line Loading @@ -25,7 +25,8 @@ public class HtmlSanitizer { "align", "bgcolor", "colspan", "headers", "height", "nowrap", "rowspan", "scope", "valign", "width") .addAttributes(":all", "class", "style", "id") .addProtocols("img", "src", "http", "https", "cid", "data"); .addProtocols("img", "src", "http", "https", "cid", "data") .addProtocols("a", "href", "tel", "sip", "bitcoin", "ethereum", "rtsp"); cleaner = new Cleaner(whitelist); headCleaner = new HeadCleaner(); Loading k9mail/src/test/java/com/fsck/k9/message/html/HtmlSanitizerTest.java +27 −0 Original line number Diff line number Diff line Loading @@ -213,4 +213,31 @@ public class HtmlSanitizerTest { "<center><font face=\"Arial\" color=\"red\" size=\"12\">A</font></center>" + "</body></html>", toCompactString(result)); } @Test public void shouldKeepUris() { String html = "<html><body>" + "<a href=\"http://example.com/index.html\">HTTP</a>" + "<a href=\"https://example.com/default.html\">HTTPS</a>" + "<a href=\"mailto:user@example.com\">Mailto</a>" + "<a href=\"tel:00442079460111\">Telephone</a>" + "<a href=\"sip:user@example.com\">SIP</a>" + "<a href=\"bitcoin:12A1MyfXbW6RhdRAZEqofac5jCQQjwEPBu\">Bitcoin</a>" + "<a href=\"ethereum:0x89205A3A3b2A69De6Dbf7f01ED13B2108B2c43e7\">Ethereum</a>" + "<a href=\"rtsp://example.com/media.mp4\">RTSP</a>" + "</body></html>"; Document result = htmlSanitizer.sanitize(html); assertEquals("<html><head></head><body>" + "<a href=\"http://example.com/index.html\">HTTP</a>" + "<a href=\"https://example.com/default.html\">HTTPS</a>" + "<a href=\"mailto:user@example.com\">Mailto</a>" + "<a href=\"tel:00442079460111\">Telephone</a>" + "<a href=\"sip:user@example.com\">SIP</a>" + "<a href=\"bitcoin:12A1MyfXbW6RhdRAZEqofac5jCQQjwEPBu\">Bitcoin</a>" + "<a href=\"ethereum:0x89205A3A3b2A69De6Dbf7f01ED13B2108B2c43e7\">Ethereum</a>" + "<a href=\"rtsp://example.com/media.mp4\">RTSP</a>" + "</body></html>", toCompactString(result)); } } Loading
k9mail/src/main/java/com/fsck/k9/message/html/HtmlSanitizer.java +2 −1 Original line number Diff line number Diff line Loading @@ -25,7 +25,8 @@ public class HtmlSanitizer { "align", "bgcolor", "colspan", "headers", "height", "nowrap", "rowspan", "scope", "valign", "width") .addAttributes(":all", "class", "style", "id") .addProtocols("img", "src", "http", "https", "cid", "data"); .addProtocols("img", "src", "http", "https", "cid", "data") .addProtocols("a", "href", "tel", "sip", "bitcoin", "ethereum", "rtsp"); cleaner = new Cleaner(whitelist); headCleaner = new HeadCleaner(); Loading
k9mail/src/test/java/com/fsck/k9/message/html/HtmlSanitizerTest.java +27 −0 Original line number Diff line number Diff line Loading @@ -213,4 +213,31 @@ public class HtmlSanitizerTest { "<center><font face=\"Arial\" color=\"red\" size=\"12\">A</font></center>" + "</body></html>", toCompactString(result)); } @Test public void shouldKeepUris() { String html = "<html><body>" + "<a href=\"http://example.com/index.html\">HTTP</a>" + "<a href=\"https://example.com/default.html\">HTTPS</a>" + "<a href=\"mailto:user@example.com\">Mailto</a>" + "<a href=\"tel:00442079460111\">Telephone</a>" + "<a href=\"sip:user@example.com\">SIP</a>" + "<a href=\"bitcoin:12A1MyfXbW6RhdRAZEqofac5jCQQjwEPBu\">Bitcoin</a>" + "<a href=\"ethereum:0x89205A3A3b2A69De6Dbf7f01ED13B2108B2c43e7\">Ethereum</a>" + "<a href=\"rtsp://example.com/media.mp4\">RTSP</a>" + "</body></html>"; Document result = htmlSanitizer.sanitize(html); assertEquals("<html><head></head><body>" + "<a href=\"http://example.com/index.html\">HTTP</a>" + "<a href=\"https://example.com/default.html\">HTTPS</a>" + "<a href=\"mailto:user@example.com\">Mailto</a>" + "<a href=\"tel:00442079460111\">Telephone</a>" + "<a href=\"sip:user@example.com\">SIP</a>" + "<a href=\"bitcoin:12A1MyfXbW6RhdRAZEqofac5jCQQjwEPBu\">Bitcoin</a>" + "<a href=\"ethereum:0x89205A3A3b2A69De6Dbf7f01ED13B2108B2c43e7\">Ethereum</a>" + "<a href=\"rtsp://example.com/media.mp4\">RTSP</a>" + "</body></html>", toCompactString(result)); } }
