aboutsummaryrefslogtreecommitdiff
path: root/plugins/viewhtml/sanitize.go
diff options
context:
space:
mode:
Diffstat (limited to 'plugins/viewhtml/sanitize.go')
-rw-r--r--plugins/viewhtml/sanitize.go22
1 files changed, 19 insertions, 3 deletions
diff --git a/plugins/viewhtml/sanitize.go b/plugins/viewhtml/sanitize.go
index d5c94a7..c7de703 100644
--- a/plugins/viewhtml/sanitize.go
+++ b/plugins/viewhtml/sanitize.go
@@ -3,6 +3,7 @@ package koushinviewhtml
import (
"bytes"
"fmt"
+ "net/url"
"regexp"
"strings"
@@ -73,8 +74,23 @@ type sanitizer struct {
msg *koushinbase.IMAPMessage
}
-func (san *sanitizer) sanitizeResourceURL(src string) string {
- return "about:blank"
+func (san *sanitizer) sanitizeImageURL(src string) string {
+ u, err := url.Parse(src)
+ if err != nil {
+ return "about:blank"
+ }
+
+ // TODO: mid support?
+ if !strings.EqualFold(u.Scheme, "cid") || san.msg == nil {
+ return "about:blank"
+ }
+
+ part := san.msg.PartByID(u.Opaque)
+ if part == nil || !strings.HasPrefix(part.MIMEType, "image/") {
+ return "about:blank"
+ }
+
+ return part.URL(true).String()
}
func (san *sanitizer) sanitizeCSSDecls(decls []*css.Declaration) []*css.Declaration {
@@ -114,7 +130,7 @@ func (san *sanitizer) sanitizeNode(n *html.Node) {
for i := range n.Attr {
attr := &n.Attr[i]
if strings.EqualFold(attr.Key, "src") {
- attr.Val = san.sanitizeResourceURL(attr.Val)
+ attr.Val = san.sanitizeImageURL(attr.Val)
}
}
} else if strings.EqualFold(n.Data, "style") {
generated by cgit v1.2.3 (git 2.25.1) at 2024-10-18 17:29:13 +0000