aboutsummaryrefslogtreecommitdiffstats
path: root/src/util/sanitize_uri.rs
blob: 593a70ee81fc0a1e6626afc19b076adf79be899a (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
//! Make urls safe.

use crate::util::encode::encode;

/// Make a value safe for injection as a URL.
///
/// This encodes unsafe characters with percent-encoding and skips already
/// encoded sequences (see [`normalize_uri`][] below).
/// Further unsafe characters are encoded as character references (see
/// [`encode`][]).
///
/// Then, a vec of (lowercase) allowed protocols can be given, in which case
/// the URL is sanitized.
///
/// For example, `Some(vec!["http", "https", "irc", "ircs", "mailto", "xmpp"])`
/// can be used for `a[href]`, or `Some(vec!["http", "https"])` for `img[src]`.
/// If the URL includes an unknown protocol (one not matched by `protocol`, such
/// as a dangerous example, `javascript:`), the value is ignored.
///
/// ## Examples
///
/// ```rust ignore
/// use micromark::util::sanitize_url::sanitize_url;
///
/// assert_eq!(sanitize_uri("javascript:alert(1)", &None), "javascript:alert(1)");
/// assert_eq!(sanitize_uri("javascript:alert(1)", &Some(vec!["http", "https"])), "");
/// assert_eq!(sanitize_uri("https://example.com", &Some(vec!["http", "https"])), "https://example.com");
/// assert_eq!(sanitize_uri("https://a👍b.c/%20/%", &Some(vec!["http", "https"])), "https://a%F0%9F%91%8Db.c/%20/%25");
/// ```
///
/// ## References
///
/// *   [`micromark-util-sanitize-uri` in `micromark`](https://github.com/micromark/micromark/tree/main/packages/micromark-util-sanitize-uri)
pub fn sanitize_uri(value: &str, protocols: &Option<Vec<&str>>) -> String {
    let value = encode(&*normalize_uri(value), true);

    if let Some(protocols) = protocols {
        let end = value.find(|c| matches!(c, '?' | '#' | '/'));
        let mut colon = value.find(|c| matches!(c, ':'));

        // If the first colon is after `?`, `#`, or `/`, it’s not a protocol.
        if let Some(end) = end {
            if let Some(index) = colon {
                if index > end {
                    colon = None;
                }
            }
        }

        // If there is no protocol, it’s relative, and fine.
        if let Some(colon) = colon {
            // If it is a protocol, it should be allowed.
            let protocol = value[0..colon].to_lowercase();
            if !protocols.contains(&protocol.as_str()) {
                return "".to_string();
            }
        }
    }

    value
}

/// Normalize a URL (such as used in [definitions][definition],
/// [references][label_end]).
///
/// It encodes unsafe characters with percent-encoding, skipping already encoded
/// sequences.
///
/// ## Examples
///
/// ```rust ignore
/// use micromark::util::sanitize_url::normalize_uri;
///
/// assert_eq!(sanitize_uri("https://example.com"), "https://example.com");
/// assert_eq!(sanitize_uri("https://a👍b.c/%20/%"), "https://a%F0%9F%91%8Db.c/%20/%25");
/// ```
///
/// ## References
///
/// *   [`micromark-util-sanitize-uri` in `micromark`](https://github.com/micromark/micromark/tree/main/packages/micromark-util-sanitize-uri)
///
/// [definition]: crate::construct::definition
/// [label_end]: crate::construct::label_end
fn normalize_uri(value: &str) -> String {
    let chars = value.chars().collect::<Vec<_>>();
    // Note: it’ll grow bigger for each non-ascii or non-safe character.
    let mut result = String::with_capacity(value.len());
    let mut index = 0;
    let mut start = 0;
    let mut buff = [0; 4];

    while index < chars.len() {
        let char = chars[index];

        // A correct percent encoded value.
        if char == '%'
            && index + 2 < chars.len()
            && chars[index + 1].is_ascii_alphanumeric()
            && chars[index + 2].is_ascii_alphanumeric()
        {
            index += 3;
            continue;
        }

        // Note: Rust already takes care of lone surrogates.
        // Non-ascii or not allowed ascii.
        if char >= '\u{0080}'
            || !matches!(char, '!' | '#' | '$' | '&'..=';' | '=' | '?'..='Z' | '_' | 'a'..='z' | '~')
        {
            result.push_str(&chars[start..index].iter().collect::<String>());
            char.encode_utf8(&mut buff);
            result.push_str(
                &buff[0..char.len_utf8()]
                    .iter()
                    .map(|&byte| format!("%{:>02X}", byte))
                    .collect::<String>(),
            );

            start = index + 1;
        }

        index += 1;
    }

    result.push_str(&chars[start..].iter().collect::<String>());

    result
}