Changeset 74
- Timestamp:
- 2007年07月10日 08時38分58秒 (1 year ago)
- Location:
- Nenshi/trunk
- Files:
-
- 1 added
- 4 modified
-
lib/Nenshi/Filter/HTMLFormFiller.pm (modified) (1 diff)
-
lib/Nenshi/Filter/HTMLSanitizer.pm (modified) (7 diffs)
-
lib/Nenshi/Input.pm (modified) (5 diffs)
-
lib/Nenshi/Util.pm (modified) (2 diffs)
-
t/52_filter_sanitize.t (added)
Legend:
- Unmodified
- Added
- Removed
-
Nenshi/trunk/lib/Nenshi/Filter/HTMLFormFiller.pm
r72 r74 10 10 use overload 11 11 '&{}' => sub { my $self = shift; sub { $self->__call__(@_) } }; 12 12 13 sub new { 13 14 my $self = bless {}, shift; -
Nenshi/trunk/lib/Nenshi/Filter/HTMLSanitizer.pm
r58 r74 4 4 use warnings; 5 5 6 use Iterator::Simple qw(iterator ifilter iter); 6 7 use Nenshi::Core qw(Attrs QName :eventkind); 7 8 use Nenshi::Util qw(set stripentities); 9 10 use overload 11 '&{}' => sub { my $self = shift; sub { $self->__call__(@_) } }; 8 12 9 13 use constant SAFE_TAGS => set( qw( … … 40 44 $self->{uri_attrs} = $o{uri_attrs} || URI_ATTRS; 41 45 $self->{safe_schemes} = $o{safe_schemes} || SAFE_SCHEMES; 46 $self; 42 47 } 43 48 … … 73 78 elsif($attr eq 'style') { 74 79 my @decls; 80 # normalize new lines 75 81 $value =~ s/\x0d\x0a/\n/g; 76 82 $value =~ tr/\x0d\x0a/\n\n/; 77 $value =~ s/\\([0-9a-fA-F]{1,6})/pack('H2', $1)/eg; 83 # unicode escape 84 $value =~ s/\\([0-9a-fA-F]{1,6})\s?/pack('H*', $1)/eg; 78 85 for my $decl (split ';', $value) { 79 86 next if not $decl; 80 87 my $is_evil = index($decl, 'expression') >= 0; 81 while($decl =~ /url\s \(([^\)]+)/g) {88 while($decl =~ /url\s*\(([^\)]+)/g) { 82 89 my $scheme = _get_scheme($value); 83 90 if(not $self->{safe_schemes}->contains($scheme)) { … … 87 94 } 88 95 if(not $is_evil) { 89 $decl =~ s/^\s+|\s+$//g; 96 $decl =~ s/^\s+//s; 97 $decl =~ s/\s+$//s; 90 98 push @decls, $decl; 91 99 } … … 105 113 return; 106 114 } 115 return; 107 116 } 108 117 else { … … 114 123 return [$kind, $data, $pos]; 115 124 } 125 return; 116 126 } 117 127 } … … 126 136 127 137 1; 138 -
Nenshi/trunk/lib/Nenshi/Input.pm
r73 r74 199 199 200 200 use base qw(HTML::Parser); 201 use Encode qw(); 201 202 use Iterator::Simple qw( iterator iter ); 202 203 use Nenshi::Core qw( :eventkind Stream Attrs QName ); … … 219 220 declaration => ['handle_doctype', 'self,tokens,line,column'], 220 221 process => ['handle_process', 'self,token0,line,column'], 222 start_document => [''], 223 end_document => ['handle_enddoc', 'self,line,column'], 224 default => ['handle_default', 'self,event,line,column'], 221 225 }, 222 226 unbroken_text => 1, 223 227 attr_encoded => 1, 228 strict_names => 1, 229 empty_element_tags => 1, 224 230 #utf8_mode => 1, 225 231 ); … … 294 300 $self->_enqueue(PI, [$target, $data], [$line, $col]); 295 301 } 302 303 sub handle_enddoc { 304 my $self = shift; 305 my($line, $col) = @_; 306 while(scalar @{$self->{_open_tags}}) { 307 my $tag = pop @{$self->{_open_tags}}; 308 $self->_enqueue(END_, $tag, [$line, $col]); 309 } 310 } 296 311 297 312 sub handle_declaration { … … 301 316 } 302 317 318 sub handle_default { 319 my($self, $event) = @_; 320 warn "HANDLE DEFAULT: $event"; 321 } 322 303 323 sub parse { 304 324 my($self) = @_; … … 324 344 next; 325 345 } 326 327 346 if($@) { 328 347 Nenshi::ParseError->throw("$@",$self->{filename},$self->current_line, $self->current_column); -
Nenshi/trunk/lib/Nenshi/Util.pm
r71 r74 10 10 { 11 11 package Nenshi::Set; 12 13 use overload ( 14 '|' => sub { 15 my($self, $other) = @_; 16 Nenshi::Set->new(keys(%$self), @$other) 17 }, 18 '@{}' => sub { 19 my($self) = @_; 20 [keys %$self]; 21 }, 22 fallback => 1, 23 ); 12 24 13 25 sub new { … … 26 38 } 27 39 } 40 28 41 sub set { Nenshi::Set->new(@_); } 29 42 push @EXPORT_OK, qw(set);
