aboutsummaryrefslogtreecommitdiff
path: root/plugins/viewhtml/sanitize.go
diff options
context:
space:
mode:
Diffstat (limited to 'plugins/viewhtml/sanitize.go')
-rw-r--r--plugins/viewhtml/sanitize.go29
1 files changed, 22 insertions, 7 deletions
diff --git a/plugins/viewhtml/sanitize.go b/plugins/viewhtml/sanitize.go
index c7de703..a931fe1 100644
--- a/plugins/viewhtml/sanitize.go
+++ b/plugins/viewhtml/sanitize.go
@@ -80,17 +80,32 @@ func (san *sanitizer) sanitizeImageURL(src string) string {
return "about:blank"
}
+ switch strings.ToLower(u.Scheme) {
// TODO: mid support?
- if !strings.EqualFold(u.Scheme, "cid") || san.msg == nil {
- return "about:blank"
- }
+ case "cid":
+ if san.msg == nil {
+ return "about:blank"
+ }
+
+ part := san.msg.PartByID(u.Opaque)
+ if part == nil || !strings.HasPrefix(part.MIMEType, "image/") {
+ return "about:blank"
+ }
+
+ return part.URL(true).String()
+ case "https":
+ if !proxyEnabled {
+ return "about:blank"
+ }
- part := san.msg.PartByID(u.Opaque)
- if part == nil || !strings.HasPrefix(part.MIMEType, "image/") {
+ proxyURL := url.URL{Path: "/proxy"}
+ proxyQuery := make(url.Values)
+ proxyQuery.Set("src", u.String())
+ proxyURL.RawQuery = proxyQuery.Encode()
+ return proxyURL.String()
+ default:
return "about:blank"
}
-
- return part.URL(true).String()
}
func (san *sanitizer) sanitizeCSSDecls(decls []*css.Declaration) []*css.Declaration {
generated by cgit v1.2.3 (git 2.25.1) at 2024-10-18 19:32:42 +0000