Mirror/monolith
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

nullify JS within As' href attributes when needed

Browse source
This commit is contained in:
Sunshine 2020-02-03 01:42:46 -05:00
parent 1e8348543a
commit 5ef2b7c9dc
No known key found for this signature in database
GPG key ID: B80CA68703CD8AB1
1 changed files with 9 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

11
src/html.rs
View file

@ -22,8 +22,7 @@ const ICON_VALUES: &[&str] = &[
"fluid-icon", "fluid-icon",
]; ];
const TRANSPARENT_PIXEL: &str = const TRANSPARENT_PIXEL: &str = "data:image/png;base64,\
"data:image/png;base64,\
iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAQAAAC1HAwCAAAAC0lEQVR42mNkYAAAAAYAAjCB0C8AAAAASUVORK5CYII="; iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAQAAAC1HAwCAAAAC0lEQVR42mNkYAAAAAYAAjCB0C8AAAAASUVORK5CYII=";
pub fn get_parent_node(node: &Handle) -> Handle { pub fn get_parent_node(node: &Handle) -> Handle {
@ -291,6 +290,14 @@ pub fn walk_and_embed_assets(
for attr in attrs_mut.iter_mut() { for attr in attrs_mut.iter_mut() {
if &attr.name.local == "href" { if &attr.name.local == "href" {
let attr_value = attr.value.trim(); let attr_value = attr.value.trim();
if opt_no_js && attr_value.starts_with("javascript:") {
attr.value.clear();
// Replace with empty JS call to preserve original behavior
attr.value.push_slice("javascript:;");
continue;
}
// Don't touch email links or hrefs which begin with a hash sign // Don't touch email links or hrefs which begin with a hash sign
if attr_value.starts_with('#') || url_has_protocol(attr_value) { if attr_value.starts_with('#') || url_has_protocol(attr_value) {
continue; continue;