Closed
Bug 193929
Opened 22 years ago
Closed 22 years ago
HTML sanitizer should allow attached images
Categories
(MailNews Core :: MIME, defect)
Tracking
(Not tracked)
RESOLVED
FIXED
mozilla1.4alpha
People
(Reporter: emaijala+moz, Assigned: emaijala+moz)
References
Details
Attachments
(1 file, 3 obsolete files)
4.53 KB,
patch
|
bugzilla
:
review+
jst
:
superreview+
|
Details | Diff | Splinter Review |
Currently messages filtered using Simple HTML don't display even the images that are part of the message. Ben confirmed that this is not the intended behavior. I'm creating a patch to allow the src tag if the scheme is cid.
Assignee | ||
Updated•22 years ago
|
Target Milestone: --- → mozilla1.4alpha
Assignee | ||
Comment 1•22 years ago
|
||
This patch enables img tag's src attribute if the scheme is cid.
Assignee | ||
Comment 2•22 years ago
|
||
Comment on attachment 114824 [details] [diff] [review] Patch to enable img src with scheme cid Ben, could you check this? It's just a small extension to the list of allowed attributes (plus removal of few old debug blocks, if you don't mind :) )
Attachment #114824 -
Flags: review?(ben.bucksch)
Comment 3•22 years ago
|
||
Comment on attachment 114824 [details] [diff] [review] Patch to enable img src with scheme cid Thanks for looking into that, Ere. However, I don't think that's the right way to fix this. 1. What you are doing is probably slow. For *every* attribute (in allowed tags) which has been denied, you are searching for a colon, if you find it, construct another string and check again, if that is allowed. Also, the pref snytax you use for that might be needed later for another case (attr[fullvalue], not attr[scheme]). You have to hardcode knowledge about URLs anyways (the colon), so I would just hardcode this, like adding a function IsAllowedEmbeddedDoc(anURL) (would currently true for cid:, false otherwise) and then hardcoding knowledge about img src. I would check that *after* the attribute has been allowed, so that users have the option to entirely remove the src attribute of image. You could then safely allow the attribute of URLs for stylesheets, embedded plugins etc. and (only) if the user configured the tag/attribute pair as allowed and the URL is inline, it would work. So, I am imagining: If the tag and attribute is allowed (code as in CVS), check for a list of tag/attribute pairs (probably hardcoded) known to contain URLs (*not* including <a href>). If it is one of them, check IsAllowedEmbeededDoc(). If true, allow attribute and value. If false, ignore attribute and value. 2. I would not search for a color etc., but leave that to netwerk. Create an URI (nsIIOService->NewURI), get its scheme (->GetScheme(), IIRC), compare it with your list of accepted URL schemes (probably hardcoded, currently only "cid"). 3. Please leave that debug statement in, it's DEBUG_BenB, so it should not hurt, but might prove valueable in debugging the code.
Attachment #114824 -
Flags: review?(ben.bucksch) → review-
Comment 4•22 years ago
|
||
> compare it with your list of accepted URL schemes (probably hardcoded,
> currently only "cid").
If you want, you could maybe make that configurable, in another comma-delimited
pref. That would be useful, if we ever use the sanitzer for the browser, but I
don't know, if I or anybody else ever takes the time to implement that, so it's
not very important.
Comment 5•22 years ago
|
||
> I would check that *after* the attribute has been allowed
Ah, just hook up at SanitizeAttributeValue() IMHO.
E.g. before |return NS_OK;|, check, if aTag is img (or link or whatever) &&
attr_name is src (or ref or whatever). If the URL scheme is none of the allowed
ones, then return NS_ERROR_ILLEGAL_VALUE, otherwise go on (i.e. bump into
|return NS_OK;| in the end).
Assignee | ||
Comment 6•22 years ago
|
||
Comment on attachment 114824 [details] [diff] [review] Patch to enable img src with scheme cid Ben, thanks for the input. Will do better next time :)
Attachment #114824 -
Attachment is obsolete: true
Assignee | ||
Comment 7•22 years ago
|
||
Ben, is this anything like you were thinking about?
Comment 8•22 years ago
|
||
Yes, that looks good :-). The old code wasn't "bad", though :). I haven't thoroughly checked the code, though (running etc.) Are you sure that you need the case insensitive comparisons (maybe the attribute and schemes are always delivered lower case)?
Assignee | ||
Comment 9•22 years ago
|
||
At least it comes to the sanitizer just as it's written. Having said that, it seems that we have a bug somewhere that makes images with uppercase CID scheme to not load completely. Using original HTML, it seems that it gets the image dimensions but doesn't show it. Uppercase HTTP works correctly. I'll try to find this bug too.
Assignee | ||
Comment 10•22 years ago
|
||
A correction to my previous comment. Images with CID scheme don't load at all. The dimensions are of course from the message itself. According to RFC 1738: For resiliency, programs interpreting URLs should treat upper case letters as equivalent to lower case in scheme names (e.g., allow "HTTP" as well as "http").
Status: NEW → ASSIGNED
Assignee | ||
Comment 11•22 years ago
|
||
Added a fix for upper/mixedcase CID handling.
Attachment #114932 -
Attachment is obsolete: true
Comment 12•22 years ago
|
||
ok, great, don't worry about that casing. just wanted to make sure :). I still didn't run it yet, but will do so, on Windows and Linux.
Comment 13•22 years ago
|
||
+ nsCOMPtr<nsIIOService> ioService; + ioService = do_GetIOService(&rv); Make that nsCOMPtr<nsIIOService> ioService = do_GetIOService(&rv); + // Check img src scheme Make that /* Allow only cid: URLs for <img src="...">, i.e. images embedded in multipart/related MIME messages */ I'll attach a new patch with those changes. With that, r=BenB. Thanks for the nice code. I couldn't compile and run it yet, because I have to recompile all of Mozilla :-(. I'll notify you about how it went.
Comment 14•22 years ago
|
||
Please let ducarroz review the libmime part, he is the module owner for that
Attachment #115038 -
Attachment is obsolete: true
Updated•22 years ago
|
Attachment #115105 -
Attachment filename: 193929-3.diff → 193929-4.diff
Attachment #115105 -
Flags: review?(ducarroz)
Comment 15•22 years ago
|
||
It works great on Linux trunk. Thanks :-). It doesn't work on the 1.0 branch with Beonex Communicator patches (Linux and Windows). It compiles and runs, but the fix has no effect. That code is probably too old, so don't worry. At least we know that your code doesn't break VC++. r=BenB for the complete v2.2. You'll still need review from ducarroz, because he is the module owner for libmime. Plus superreview of course.
Comment 16•22 years ago
|
||
Comment on attachment 115105 [details] [diff] [review] Patch, v2.2 R=ducarroz
Attachment #115105 -
Flags: review?(ducarroz) → review+
Assignee | ||
Comment 17•22 years ago
|
||
Comment on attachment 115105 [details] [diff] [review] Patch, v2.2 Jst, would you be able to sr this? Thanks.
Attachment #115105 -
Flags: superreview?(jst)
Comment 18•22 years ago
|
||
Comment on attachment 115105 [details] [diff] [review] Patch, v2.2 sr=jst
Attachment #115105 -
Flags: superreview?(jst) → superreview+
Assignee | ||
Comment 19•22 years ago
|
||
Fix checked in to trunk.
Status: ASSIGNED → RESOLVED
Closed: 22 years ago
Resolution: --- → FIXED
Comment 20•21 years ago
|
||
*** Bug 138249 has been marked as a duplicate of this bug. ***
Updated•20 years ago
|
Product: MailNews → Core
Updated•16 years ago
|
Product: Core → MailNews Core
You need to log in
before you can comment on or make changes to this bug.
Description
•