debian-mirror-gitlab/lib/banzai/filter/sanitization_filter.rb

# frozen_string_literal: true

module Banzai
  module Filter
    # Sanitize HTML
    #
    # Extends HTML::Pipeline::SanitizationFilter with a custom whitelist.
    class SanitizationFilter < HTML::Pipeline::SanitizationFilter
      include Gitlab::Utils::StrongMemoize

      UNSAFE_PROTOCOLS = %w(data javascript vbscript).freeze
      TABLE_ALIGNMENT_PATTERN = /text-align: (?<alignment>center|left|right)/

      def whitelist
        strong_memoize(:whitelist) do
          customize_whitelist(super.deep_dup)
        end
      end

      private

      def customize_whitelist(whitelist)
        # Allow table alignment; we whitelist specific text-align values in a
        # transformer below
        whitelist[:attributes]['th'] = %w(style)
        whitelist[:attributes]['td'] = %w(style)
        whitelist[:css] = { properties: ['text-align'] }

        # Allow span elements
        whitelist[:elements].push('span')

        # Allow data-math-style attribute in order to support LaTeX formatting
        whitelist[:attributes]['code'] = %w(data-math-style)
        whitelist[:attributes]['pre'] = %w(data-math-style)

        # Allow html5 details/summary elements
        whitelist[:elements].push('details')
        whitelist[:elements].push('summary')

        # Allow abbr elements with title attribute
        whitelist[:elements].push('abbr')
        whitelist[:attributes]['abbr'] = %w(title)

        # Disallow `name` attribute globally, allow on `a`
        whitelist[:attributes][:all].delete('name')
        whitelist[:attributes]['a'].push('name')

        # Allow any protocol in `a` elements...
        whitelist[:protocols].delete('a')

        # ...but then remove links with unsafe protocols
        whitelist[:transformers].push(self.class.remove_unsafe_links)

        # Remove `rel` attribute from `a` elements
        whitelist[:transformers].push(self.class.remove_rel)

        # Remove any `style` properties not required for table alignment
        whitelist[:transformers].push(self.class.remove_unsafe_table_style)

        whitelist
      end

      class << self
        def remove_unsafe_links
          lambda do |env|
            node = env[:node]

            return unless node.name == 'a'
            return unless node.has_attribute?('href')

            begin
              node['href'] = node['href'].strip
              uri = Addressable::URI.parse(node['href'])

              return unless uri.scheme

              # Remove all invalid scheme characters before checking against the
              # list of unsafe protocols.
              #
              # See https://tools.ietf.org/html/rfc3986#section-3.1
              scheme = uri.scheme
                .strip
                .downcase
                .gsub(/[^A-Za-z0-9\+\.\-]+/, '')

              node.remove_attribute('href') if UNSAFE_PROTOCOLS.include?(scheme)
            rescue Addressable::URI::InvalidURIError
              node.remove_attribute('href')
            end
          end
        end

        def remove_rel
          lambda do |env|
            if env[:node_name] == 'a'
              env[:node].remove_attribute('rel')
            end
          end
        end

        def remove_unsafe_table_style
          lambda do |env|
            node = env[:node]

            return unless node.name == 'th' || node.name == 'td'
            return unless node.has_attribute?('style')

            if node['style'] =~ TABLE_ALIGNMENT_PATTERN
              node['style'] = "text-align: #{$~[:alignment]}"
            else
              node.remove_attribute('style')
            end
          end
        end
      end
    end
  end
end
New upstream version 11.2.8+dfsg 2018-11-18 11:00:15 +05:30			`# frozen_string_literal: true`

Imported Upstream version 8.3.0+dfsg 2015-12-23 02:04:40 +05:30			`module Banzai`
			`module Filter`
Imported Upstream version 7.14.3 2015-09-11 14:41:01 +05:30			`# Sanitize HTML`
			`#`
			`# Extends HTML::Pipeline::SanitizationFilter with a custom whitelist.`
			`class SanitizationFilter < HTML::Pipeline::SanitizationFilter`
New upstream version 11.1.8+dfsg 2018-11-08 19:23:39 +05:30			`include Gitlab::Utils::StrongMemoize`

Imported Upstream version 8.8.2+dfsg 2016-06-02 11:05:42 +05:30			`UNSAFE_PROTOCOLS = %w(data javascript vbscript).freeze`
New upstream version 9.5.4+dfsg 2017-09-10 17:25:29 +05:30			`TABLE_ALIGNMENT_PATTERN = /text-align: (?<alignment>center\|left\|right)/`
Imported Upstream version 8.8.2+dfsg 2016-06-02 11:05:42 +05:30
Imported Upstream version 7.14.3 2015-09-11 14:41:01 +05:30			`def whitelist`
New upstream version 11.1.8+dfsg 2018-11-08 19:23:39 +05:30			`strong_memoize(:whitelist) do`
			`customize_whitelist(super.deep_dup)`
			`end`
Imported Upstream version 7.14.3 2015-09-11 14:41:01 +05:30			`end`

			`private`

			`def customize_whitelist(whitelist)`
New upstream version 10.7.6+dfsg 2018-06-27 16:04:02 +05:30			`# Allow table alignment; we whitelist specific text-align values in a`
New upstream version 9.5.4+dfsg 2017-09-10 17:25:29 +05:30			`# transformer below`
Imported Upstream version 7.14.3 2015-09-11 14:41:01 +05:30			`whitelist[:attributes]['th'] = %w(style)`
			`whitelist[:attributes]['td'] = %w(style)`
New upstream version 10.7.6+dfsg 2018-06-27 16:04:02 +05:30			`whitelist[:css] = { properties: ['text-align'] }`
Imported Upstream version 7.14.3 2015-09-11 14:41:01 +05:30
			`# Allow span elements`
			`whitelist[:elements].push('span')`

New upstream version 9.5.4+dfsg 2017-09-10 17:25:29 +05:30			`# Allow data-math-style attribute in order to support LaTeX formatting`
			`whitelist[:attributes]['code'] = %w(data-math-style)`
			`whitelist[:attributes]['pre'] = %w(data-math-style)`

New upstream version 9.2.10+dfsg 2017-08-17 22:00:37 +05:30			`# Allow html5 details/summary elements`
			`whitelist[:elements].push('details')`
			`whitelist[:elements].push('summary')`

Imported Upstream version 8.5.8+dfsg 2016-04-02 18:10:28 +05:30			`# Allow abbr elements with title attribute`
			`whitelist[:elements].push('abbr')`
			`whitelist[:attributes]['abbr'] = %w(title)`

New upstream version 10.5.5+dfsg 2018-03-17 18:26:18 +05:30			# Disallow `name` attribute globally, allow on `a`
New upstream version 9.5.4+dfsg 2017-09-10 17:25:29 +05:30			`whitelist[:attributes][:all].delete('name')`
New upstream version 10.5.5+dfsg 2018-03-17 18:26:18 +05:30			`whitelist[:attributes]['a'].push('name')`
New upstream version 9.5.4+dfsg 2017-09-10 17:25:29 +05:30
Imported Upstream version 8.2.1 2015-11-26 14:37:03 +05:30			# Allow any protocol in `a` elements...
			`whitelist[:protocols].delete('a')`

Imported Upstream version 8.8.2+dfsg 2016-06-02 11:05:42 +05:30			`# ...but then remove links with unsafe protocols`
New upstream version 8.12.1+dfsg1 2016-09-29 09:46:39 +05:30			`whitelist[:transformers].push(self.class.remove_unsafe_links)`
Imported Upstream version 8.2.1 2015-11-26 14:37:03 +05:30
Imported Upstream version 7.14.3 2015-09-11 14:41:01 +05:30			# Remove `rel` attribute from `a` elements
New upstream version 8.12.1+dfsg1 2016-09-29 09:46:39 +05:30			`whitelist[:transformers].push(self.class.remove_rel)`
Imported Upstream version 7.14.3 2015-09-11 14:41:01 +05:30
New upstream version 9.5.4+dfsg 2017-09-10 17:25:29 +05:30			# Remove any `style` properties not required for table alignment
			`whitelist[:transformers].push(self.class.remove_unsafe_table_style)`

Imported Upstream version 7.14.3 2015-09-11 14:41:01 +05:30			`whitelist`
			`end`

New upstream version 8.12.1+dfsg1 2016-09-29 09:46:39 +05:30			`class << self`
			`def remove_unsafe_links`
			`lambda do \|env\|`
			`node = env[:node]`
Imported Upstream version 8.2.1 2015-11-26 14:37:03 +05:30
New upstream version 8.12.1+dfsg1 2016-09-29 09:46:39 +05:30			`return unless node.name == 'a'`
			`return unless node.has_attribute?('href')`
Imported Upstream version 8.2.1 2015-11-26 14:37:03 +05:30
New upstream version 8.12.1+dfsg1 2016-09-29 09:46:39 +05:30			`begin`
New upstream version 10.5.5+dfsg 2018-03-17 18:26:18 +05:30			`node['href'] = node['href'].strip`
New upstream version 8.12.1+dfsg1 2016-09-29 09:46:39 +05:30			`uri = Addressable::URI.parse(node['href'])`
Imported Upstream version 8.8.2+dfsg 2016-06-02 11:05:42 +05:30
New upstream version 10.5.5+dfsg 2018-03-17 18:26:18 +05:30			`return unless uri.scheme`

			`# Remove all invalid scheme characters before checking against the`
			`# list of unsafe protocols.`
			`#`
			`# See https://tools.ietf.org/html/rfc3986#section-3.1`
			`scheme = uri.scheme`
			`.strip`
			`.downcase`
			`.gsub(/[^A-Za-z0-9\+\.\-]+/, '')`

			`node.remove_attribute('href') if UNSAFE_PROTOCOLS.include?(scheme)`
New upstream version 8.12.1+dfsg1 2016-09-29 09:46:39 +05:30			`rescue Addressable::URI::InvalidURIError`
			`node.remove_attribute('href')`
			`end`
Imported Upstream version 8.2.1 2015-11-26 14:37:03 +05:30			`end`
			`end`

New upstream version 8.12.1+dfsg1 2016-09-29 09:46:39 +05:30			`def remove_rel`
			`lambda do \|env\|`
			`if env[:node_name] == 'a'`
			`env[:node].remove_attribute('rel')`
			`end`
Imported Upstream version 7.14.3 2015-09-11 14:41:01 +05:30			`end`
			`end`
New upstream version 9.5.4+dfsg 2017-09-10 17:25:29 +05:30
			`def remove_unsafe_table_style`
			`lambda do \|env\|`
			`node = env[:node]`

			`return unless node.name == 'th' \|\| node.name == 'td'`
			`return unless node.has_attribute?('style')`

			`if node['style'] =~ TABLE_ALIGNMENT_PATTERN`
			`node['style'] = "text-align: #{$~[:alignment]}"`
			`else`
			`node.remove_attribute('style')`
			`end`
			`end`
			`end`
Imported Upstream version 7.14.3 2015-09-11 14:41:01 +05:30			`end`
			`end`
			`end`
			`end`