Merge pull request gjtorikian#98 from aroben/configurable-schemes

jch · jch · commit 8f608b7ee112 · 2014-01-21T22:40:18.000-08:00
Allow customization of allowed &lt;a href&gt; URL schemes
diff --git a/lib/html/pipeline/sanitization_filter.rb b/lib/html/pipeline/sanitization_filter.rb
@@ -15,9 +15,13 @@ class Pipeline
     # https://github.com/rgrove/sanitize/#readme
     #
     # Context options:
-    #   :whitelist - The sanitizer whitelist configuration to use. This can be one
-    #                of the options constants defined in this class or a custom
-    #                sanitize options hash.
+    #   :whitelist      - The sanitizer whitelist configuration to use. This
+    #                     can be one of the options constants defined in this
+    #                     class or a custom sanitize options hash.
+    #   :anchor_schemes - The URL schemes to allow in <a href> attributes. The
+    #                     default set is provided in the ANCHOR_SCHEMES
+    #                     constant in this class. If passed, this overrides any
+    #                     schemes specified in the whitelist configuration.
     #
     # This filter does not write additional information to the context.
     class SanitizationFilter < Filter
@@ -32,6 +36,9 @@ class SanitizationFilter < Filter
       TABLE = 'table'.freeze
       TABLE_SECTIONS = Set.new(%w(thead tbody tfoot).freeze)
 
+      # These schemes are the only ones allowed in <a href> attributes by default.
+      ANCHOR_SCHEMES = ['http', 'https', 'mailto', :relative, 'github-windows', 'github-mac'].freeze
+
       # The main sanitization whitelist. Only these elements and attributes are
       # allowed through by default.
       WHITELIST = {
@@ -64,7 +71,7 @@ class SanitizationFilter < Filter
                     'vspace', 'width', 'itemprop']
         },
         :protocols => {
-          'a'   => {'href' => ['http', 'https', 'mailto', :relative, 'github-windows', 'github-mac']},
+          'a'   => {'href' => ANCHOR_SCHEMES},
           'img' => {'src'  => ['http', 'https', :relative]}
         },
         :transformers => [
@@ -104,7 +111,13 @@ def call
       # The whitelist to use when sanitizing. This can be passed in the context
       # hash to the filter but defaults to WHITELIST constant value above.
       def whitelist
-        context[:whitelist] || WHITELIST
+        whitelist = context[:whitelist] || WHITELIST
+        anchor_schemes = context[:anchor_schemes]
+        return whitelist unless anchor_schemes
+        whitelist = whitelist.dup
+        whitelist[:protocols] = (whitelist[:protocols] || {}).dup
+        whitelist[:protocols]['a'] = (whitelist[:protocols]['a'] || {}).merge('href' => anchor_schemes)
+        whitelist
       end
     end
   end
diff --git a/test/html/pipeline/sanitization_filter_test.rb b/test/html/pipeline/sanitization_filter_test.rb
@@ -45,6 +45,65 @@ def test_github_specific_protocols_are_not_removed
     assert_equal stuff, SanitizationFilter.call(stuff).to_s
   end
 
+  def test_unknown_schemes_are_removed
+    stuff = '<a href="something-weird://heyyy">Wat</a> is this'
+    html  = SanitizationFilter.call(stuff).to_s
+    assert_equal '<a>Wat</a> is this', html
+  end
+
+  def test_standard_schemes_are_removed_if_not_specified_in_anchor_schemes
+    stuff  = '<a href="http://www.example.com/">No href for you</a>'
+    filter = SanitizationFilter.new(stuff, {:anchor_schemes => []})
+    html   = filter.call.to_s
+    assert_equal '<a>No href for you</a>', html
+  end
+
+  def test_custom_anchor_schemes_are_not_removed
+    stuff  = '<a href="something-weird://heyyy">Wat</a> is this'
+    filter = SanitizationFilter.new(stuff, {:anchor_schemes => ['something-weird']})
+    html   = filter.call.to_s
+    assert_equal stuff, html
+  end
+
+  def test_anchor_schemes_are_merged_with_other_anchor_restrictions
+    stuff  = '<a href="something-weird://heyyy" ping="more-weird://hiii">Wat</a> is this'
+    whitelist = {
+      :elements   => ['a'],
+      :attributes => {'a' => ['href', 'ping']},
+      :protocols  => {'a' => {'ping' => ['http']}}
+    }
+    filter = SanitizationFilter.new(stuff, {:whitelist => whitelist, :anchor_schemes => ['something-weird']})
+    html   = filter.call.to_s
+    assert_equal '<a href="something-weird://heyyy">Wat</a> is this', html
+  end
+
+  def test_uses_anchor_schemes_from_whitelist_when_not_separately_specified
+    stuff  = '<a href="something-weird://heyyy">Wat</a> is this'
+    whitelist = {
+      :elements   => ['a'],
+      :attributes => {'a' => ['href']},
+      :protocols  => {'a' => {'href' => ['something-weird']}}
+    }
+    filter = SanitizationFilter.new(stuff, {:whitelist => whitelist})
+    html   = filter.call.to_s
+    assert_equal stuff, html
+  end
+
+  def test_whitelist_contains_default_anchor_schemes
+    assert_equal SanitizationFilter::WHITELIST[:protocols]['a']['href'], ['http', 'https', 'mailto', :relative, 'github-windows', 'github-mac']
+  end
+
+  def test_whitelist_from_full_constant
+    stuff  = '<a href="something-weird://heyyy" ping="more-weird://hiii">Wat</a> is this'
+    filter = SanitizationFilter.new(stuff, :whitelist => SanitizationFilter::FULL)
+    html   = filter.call.to_s
+    assert_equal 'Wat is this', html
+  end
+
+  def test_exports_default_anchor_schemes
+    assert_equal SanitizationFilter::ANCHOR_SCHEMES, ['http', 'https', 'mailto', :relative, 'github-windows', 'github-mac']
+  end
+
   def test_script_contents_are_removed
     orig = '<script>JavaScript!</script>'
     assert_equal "", SanitizationFilter.call(orig).to_s
