From ac39623d667999cfae1444b46508a9a423b0df1b Mon Sep 17 00:00:00 2001 From: John MacFarlane Date: Mon, 13 Jul 2015 09:21:35 -0700 Subject: Added `CMARK_OPT_SAFE` option and `--safe` command-line flag. * Added `CMARK_OPT_SAFE`. This option disables rendering of raw HTML and potentially dangerous links. * Added `--safe` option in command-line program. * Updated `cmark.3` man page. * Added `scan_dangerous_url` to scanners. * In HTML, suppress rendering of raw HTML and potentially dangerous links if `CMARK_OPT_SAFE`. Dangerous URLs are those that begin with `javascript:`, `vbscript:`, `file:`, or `data:` (except for `image/png`, `image/gif`, `image/jpeg`, or `image/webp` mime types). * Added `api_test` for `OPT_CMARK_SAFE`. * Rewrote `README.md` on security. --- src/scanners.re | 14 ++++++++++++++ 1 file changed, 14 insertions(+) (limited to 'src/scanners.re') diff --git a/src/scanners.re b/src/scanners.re index efa6731..fbe3283 100644 --- a/src/scanners.re +++ b/src/scanners.re @@ -315,3 +315,17 @@ bufsize_t _scan_entity(const unsigned char *p) .? { return 0; } */ } + +// Returns positive value if a URL begins in a way that is potentially +// dangerous, with javascript:, vbscript:, file:, or data:, otherwise 0. +bufsize_t _scan_dangerous_url(const unsigned char *p) +{ + const unsigned char *marker = NULL; + const unsigned char *start = p; +/*!re2c + 'data:image/' ('png'|'gif'|'jpeg'|'webp') { return 0; } + 'javascript:' | 'vbscript:' | 'file:' | 'data:' { return (bufsize_t)(p - start); } + .? { return 0; } +*/ +} + -- cgit v1.2.3