Allow all URI schemes in links

2022-07-19 19:16:43 +02:00 · 2022-07-19 19:16:43 +02:00 · 0cae71e53e
commit 0cae71e53e
parent 74a58345d8
2 changed files with 9 additions and 5 deletions
--- a/app/html-cleaner/src/main/java/app/k9mail/html/cleaner/BodyCleaner.kt
+++ b/app/html-cleaner/src/main/java/app/k9mail/html/cleaner/BodyCleaner.kt
@ -36,7 +36,9 @@ internal class BodyCleaner {
            .addAttributes("img", "usemap")
            .addAttributes(":all", "class", "style", "id", "dir")
            .addProtocols("img", "src", "http", "https", "cid", "data")
-            .addProtocols("a", "href", "tel", "sip", "bitcoin", "ethereum", "rtsp")
+
+            // Allow all URI schemes in links
+            .removeProtocols("a", "href", "ftp", "http", "https", "mailto")

        cleaner = Cleaner(allowList)
    }
--- a/app/html-cleaner/src/test/java/app/k9mail/html/cleaner/HtmlSanitizerTest.kt
+++ b/app/html-cleaner/src/test/java/app/k9mail/html/cleaner/HtmlSanitizerTest.kt
@ -301,6 +301,8 @@ class HtmlSanitizerTest {
        )
    }

+    // This test will fail when jsoup updates its list of allowed "protocols" for the a.href attribute.
+    // When that happens, please adjust the removeProtocols("a", "href", …) line in BodyCleaner.
    @Test
    fun shouldKeepUris() {
        val html =
@ -311,9 +313,9 @@ class HtmlSanitizerTest {
            <a href="https://example.com/default.html">HTTPS</a>
            <a href="mailto:user@example.com">Mailto</a>
            <a href="tel:00442079460111">Telephone</a>
+            <a href="sms:00442079460111">SMS</a>
            <a href="sip:user@example.com">SIP</a>
-            <a href="bitcoin:12A1MyfXbW6RhdRAZEqofac5jCQQjwEPBu">Bitcoin</a>
-            <a href="ethereum:0x89205A3A3b2A69De6Dbf7f01ED13B2108B2c43e7">Ethereum</a>
+            <a href="unknown:foobar">Unknown</a>
            <a href="rtsp://example.com/media.mp4">RTSP</a>
            </body>
            </html>
@ -330,9 +332,9 @@ class HtmlSanitizerTest {
            <a href="https://example.com/default.html">HTTPS</a>
            <a href="mailto:user@example.com">Mailto</a>
            <a href="tel:00442079460111">Telephone</a>
+            <a href="sms:00442079460111">SMS</a>
            <a href="sip:user@example.com">SIP</a>
-            <a href="bitcoin:12A1MyfXbW6RhdRAZEqofac5jCQQjwEPBu">Bitcoin</a>
-            <a href="ethereum:0x89205A3A3b2A69De6Dbf7f01ED13B2108B2c43e7">Ethereum</a>
+            <a href="unknown:foobar">Unknown</a>
            <a href="rtsp://example.com/media.mp4">RTSP</a>
            </body>
            </html>