From b3cf0be08e9b67361d307e463a907a6b4d35a859 Mon Sep 17 00:00:00 2001 From: bptato Date: Fri, 29 Mar 2024 20:08:30 +0100 Subject: buffer: fix markURL in plaintext We must HTML escape data, or the fragment parser will parse plain text as markup. (However, just running htmlEscape() on data is not enough; that would also mark <, ', etc. as >, &apos. So we only escape after the regex is executed.) --- src/server/buffer.nim | 34 +++++++++++++++++++++++++++++++--- 1 file changed, 31 insertions(+), 3 deletions(-) (limited to 'src') diff --git a/src/server/buffer.nim b/src/server/buffer.nim index 12665334..87926c11 100644 --- a/src/server/buffer.nim +++ b/src/server/buffer.nim @@ -1727,17 +1727,45 @@ proc markURL*(buffer: Buffer; schemes: seq[string]) {.proxy.} = let text = Text(node) var res = regex.exec(text.data) if res.success: - var data = text.data var offset = 0 + var data = "" + var j = 0 for cap in res.captures.mitems: if cap.i != 0: continue + let capLen = cap.e - cap.s + while j < cap.s: + case (let c = text.data[j]; c) + of '<': + data &= "<" + offset += 3 + of '>': + data &= ">" + offset += 3 + of '\'': + data &= "'" + offset += 5 + of '"': + data &= """ + offset += 5 + else: + data &= c + inc j cap.s += offset cap.e += offset - let s = data[cap.s.." & s.htmlEscape() & "" - data[cap.s..': data &= ">" + of '\'': data &= "'" + of '"': data &= """ + else: data &= c + inc j let replacement = html.fragmentParsingAlgorithm(data) discard element.replace(text, replacement) elif node of HTMLElement: -- cgit 1.4.1-2-gfad0