Merge pull request #3073 from philipwhiuk/whitelistLinkProtocols

Add tel, sip, bitcoin, ethereum and rtsp URIs to the whitelist for links
2018-01-11 15:41:08 +01:00 · 2018-01-11 15:41:08 +01:00 · c95f7f75f4
commit c95f7f75f4
parent e4467ef959 11f6614a3b
2 changed files with 29 additions and 1 deletions
--- a/k9mail/src/main/java/com/fsck/k9/message/html/HtmlSanitizer.java
+++ b/k9mail/src/main/java/com/fsck/k9/message/html/HtmlSanitizer.java
@ -25,7 +25,8 @@ public class HtmlSanitizer {
                        "align", "bgcolor", "colspan", "headers", "height", "nowrap", "rowspan", "scope", "valign",
                        "width")
                .addAttributes(":all", "class", "style", "id")
-                .addProtocols("img", "src", "http", "https", "cid", "data");
+                .addProtocols("img", "src", "http", "https", "cid", "data")
+                .addProtocols("a", "href", "tel", "sip", "bitcoin", "ethereum", "rtsp");

        cleaner = new Cleaner(whitelist);
        headCleaner = new HeadCleaner();
--- a/k9mail/src/test/java/com/fsck/k9/message/html/HtmlSanitizerTest.java
+++ b/k9mail/src/test/java/com/fsck/k9/message/html/HtmlSanitizerTest.java
@ -213,4 +213,31 @@ public class HtmlSanitizerTest {
                "<center><font face=\"Arial\" color=\"red\" size=\"12\">A</font></center>" +
                "</body></html>", toCompactString(result));
    }
+
+    @Test
+    public void shouldKeepUris() {
+        String html = "<html><body>" +
+                "<a href=\"http://example.com/index.html\">HTTP</a>" +
+                "<a href=\"https://example.com/default.html\">HTTPS</a>" +
+                "<a href=\"mailto:user@example.com\">Mailto</a>" +
+                "<a href=\"tel:00442079460111\">Telephone</a>" +
+                "<a href=\"sip:user@example.com\">SIP</a>" +
+                "<a href=\"bitcoin:12A1MyfXbW6RhdRAZEqofac5jCQQjwEPBu\">Bitcoin</a>" +
+                "<a href=\"ethereum:0x89205A3A3b2A69De6Dbf7f01ED13B2108B2c43e7\">Ethereum</a>" +
+                "<a href=\"rtsp://example.com/media.mp4\">RTSP</a>" +
+                "</body></html>";
+
+        Document result = htmlSanitizer.sanitize(html);
+
+        assertEquals("<html><head></head><body>" +
+                "<a href=\"http://example.com/index.html\">HTTP</a>" +
+                "<a href=\"https://example.com/default.html\">HTTPS</a>" +
+                "<a href=\"mailto:user@example.com\">Mailto</a>" +
+                "<a href=\"tel:00442079460111\">Telephone</a>" +
+                "<a href=\"sip:user@example.com\">SIP</a>" +
+                "<a href=\"bitcoin:12A1MyfXbW6RhdRAZEqofac5jCQQjwEPBu\">Bitcoin</a>" +
+                "<a href=\"ethereum:0x89205A3A3b2A69De6Dbf7f01ED13B2108B2c43e7\">Ethereum</a>" +
+                "<a href=\"rtsp://example.com/media.mp4\">RTSP</a>" +
+                "</body></html>", toCompactString(result));
+    }
 }