Commit b214f232 authored by Jeroen Hoffman's avatar Jeroen Hoffman

HHP-27 Reintegrate branch 'bugfix/HHP-27' into release/1.4

parents db515242 321dac7e
......@@ -30,8 +30,8 @@ public class WhitelistHtmlFilter implements HtmlFilter {
public static final Logger log = LoggerFactory.getLogger(WhitelistHtmlFilter.class);
private static final String JAVASCRIPT_PROTOCOL = "javascript";
private static final String DATA_PROTOCOL = "data";
private static final String JAVASCRIPT_PROTOCOL = "javascript:";
private static final String DATA_PROTOCOL = "data:";
private static final Pattern CRLFTAB = Pattern.compile("[\r\n\t]");
private final Map<String, Element> elements = new HashMap<>();
......@@ -101,8 +101,7 @@ public class WhitelistHtmlFilter implements HtmlFilter {
}
private boolean checkDataAttrValue(final String tagName, final String attrName, final String attrValue) {
return attrValue.startsWith(DATA_PROTOCOL)
? ("a".equals(tagName) && "href".equals(attrName)) || ("object".equals(tagName) && "data".equals(attrName))
: false;
return attrValue.startsWith(DATA_PROTOCOL) &&
(("a".equals(tagName) && "href".equals(attrName)) || ("object".equals(tagName) && "data".equals(attrName)));
}
}
/*
* Copyright 2017 Hippo B.V. (http://www.onehippo.com)
* Copyright 2017-2018 Hippo B.V. (http://www.onehippo.com)
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
......@@ -185,10 +185,16 @@ public class WhitelistHtmlFilterTest {
public void testCleanJavascriptProtocolArgumentTrue() throws Exception {
filter = new WhitelistHtmlFilter(new ArrayList<>(), true);
addToWhitelist(Element.create("a", "href", "onclick"));
final TagNode result = filterHtml("<a href=\"#\" onclick=\"javascript:lancerPu('XXXcodepuXXX')\">XXXTexteXXX</a>");
// src attribute contains javascript
final TagNode a = result.findElementByName("a", true);
// src attribute contains javascript:
TagNode result = filterHtml("<a href=\"#\" onclick=\"javascript:lancerPu('XXXcodepuXXX')\">XXXTexteXXX</a>");
TagNode a = result.findElementByName("a", true);
assertNotNull(a);
assertEquals("", a.getAttributeByName("onclick"));
// src attribute contains javascript: + space
result = filterHtml("<a href=\"#\" onclick=\"javascript: lancerPu('XXXcodepuXXX')\">XXXTexteXXX</a>");
a = result.findElementByName("a", true);
assertNotNull(a);
assertEquals("", a.getAttributeByName("onclick"));
}
......@@ -199,12 +205,58 @@ public class WhitelistHtmlFilterTest {
addToWhitelist(Element.create("a", "href", "onclick"));
final TagNode result = filterHtml("<a href=\"#\" onclick=\"javascript:lancerPu('XXXcodepuXXX')\">XXXTexteXXX</a>");
// src attribute contains javascript
// src attribute contains javascript:
final TagNode a = result.findElementByName("a", true);
assertNotNull(a);
assertEquals("javascript:lancerPu('XXXcodepuXXX')", a.getAttributeByName("onclick"));
}
@Test
public void testCleanJavascriptProtocolNewLine() throws Exception {
filter = new WhitelistHtmlFilter(new ArrayList<>(), true);
addToWhitelist(Element.create("a", "href"));
// check new lines
TagNode result = filterHtml("<a href=\"jav&#x0A;ascript:alert('XSS');\">test</a>");
TagNode a = result.findElementByName("a", true);
assertNotNull(a);
assertEquals("", a.getAttributeByName("href"));
result = filterHtml("<a href=\"javascript\n:alert('XSS');\">test</a>");
a = result.findElementByName("a", true);
assertNotNull(a);
assertEquals("javascript :alert('XSS');", a.getAttributeByName("href"));
}
@Test
public void testCleanDataProtocol() throws Exception {
filter = new WhitelistHtmlFilter(new ArrayList<>(), true);
addToWhitelist(Element.create("a", "href"));
// href attribute contains data:
TagNode result = filterHtml("<a href=\"data:testData\">data</a>");
TagNode a = result.findElementByName("a", true);
assertNotNull(a);
assertEquals("", a.getAttributeByName("href"));
// href attribute contains data: + space
result = filterHtml("<a href=\"data: testData\">data</a>");
a = result.findElementByName("a", true);
assertNotNull(a);
assertEquals("", a.getAttributeByName("href"));
}
@Test
public void testCleanDataProtocolNewLine() throws Exception {
filter = new WhitelistHtmlFilter(new ArrayList<>(), true);
addToWhitelist(Element.create("a", "href"));
// check new lines
TagNode result = filterHtml("<a href=\"data\n:testData\">data</a>");
TagNode a = result.findElementByName("a", true);
assertNotNull(a);
assertEquals("data :testData", a.getAttributeByName("href"));
}
private TagNode filterHtml(final String html) {
return filter.apply(parser.clean(html));
}
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment