Commit fb1be093 authored by Laurent Montel's avatar Laurent Montel 😁

Remove script when we have multiline

parent 77976584
......@@ -39,10 +39,15 @@ void WebEnginePartHtmlWriterTest::removeScriptInHtml_data()
QTest::newRow("onescript") << QStringLiteral("<a>boo<script>alert(1)</script></a>") << QStringLiteral("<a>boo</a>");
QTest::newRow("onescriptwithattribute") << QStringLiteral("<a>boo<script type=\"foo\">alert(1)</script></a>") << QStringLiteral("<a>boo</a>");
QTest::newRow("severalscriptwithattribute") << QStringLiteral("<p>foo</p><script>a</script><a>boo<script type=\"foo\">alert(1)</script></a>") << QStringLiteral("<p>foo</p><a>boo</a>");
//Need to fix it/.QTest::newRow("multiline") << QStringLiteral("<script>\nalert(1)</script>") << QString();
QTest::newRow("scriptwithspace") << QStringLiteral("<a>boo<script type=\"foo\" >alert(1)</script ></a>") << QStringLiteral("<a>boo</a>");
QTest::newRow("scriptwithremoveaccess") << QStringLiteral("<a>boo<script src=\"http://foo\"/></a>") << QStringLiteral("<a>boo</a>");
QTest::newRow("empty") << QString() << QString();
//MultiLine
QTest::newRow("multiline") << QStringLiteral("<a>boo<script>\nalert(1)</script></a>") << QStringLiteral("<a>boo</a>");
QTest::newRow("multiline-scriptwithspace") << QStringLiteral("<a>boo<script type=\"foo\" >\nalert(1)\n</script ></a>") << QStringLiteral("<a>boo</a>");
QTest::newRow("multiline-severalscriptwithattribute") << QStringLiteral("<p>foo</p><script>\na\n</script><a>boo<script type=\"foo\">\nalert(1)</script></a>") << QStringLiteral("<p>foo</p><a>boo</a>");
QTest::newRow("multiline-scriptwithspace") << QStringLiteral("<a>boo<script type=\"foo\" >\nalert(1)\nbla\nsl</script ></a>") << QStringLiteral("<a>boo</a>");
}
void WebEnginePartHtmlWriterTest::removeScriptInHtml()
......
......@@ -76,10 +76,27 @@ QString WebEnginePartHtmlWriter::removeJscripts(QString str)
{
//Remove regular <script>...</script>
const QRegularExpression regScript(QStringLiteral("<script[^>]*>.*?</script\\s*>"));
str = str.remove(regScript);
str.remove(regScript);
//Remove string as <script src=http://.../>
const QRegularExpression regScript2(QStringLiteral("<script[^>]*/>"));
str = str.remove(regScript2);
str.remove(regScript2);
const QRegularExpression regScriptStart(QStringLiteral("<script[^>]*>"));
const QRegularExpression regScriptEnd(QStringLiteral("</script\\s*>"));
int indexStartScriptFound = -1;
int indexEndScriptFound = -1;
int scriptIndexPos = 0;
QRegularExpressionMatch matchScriptStart;
QRegularExpressionMatch matchScriptEnd;
while ((indexStartScriptFound = str.indexOf(regScriptStart, scriptIndexPos, &matchScriptStart)) != -1) {
indexEndScriptFound = str.indexOf(regScriptEnd, indexStartScriptFound + matchScriptStart.capturedLength(), &matchScriptEnd);
if (indexEndScriptFound != -1) {
str.remove(indexStartScriptFound, (indexEndScriptFound + matchScriptEnd.capturedLength() - indexStartScriptFound));
} else {
qCWarning(MESSAGEVIEWER_LOG) << "no end script tag";
break;
}
scriptIndexPos = indexStartScriptFound;
}
return str;
}
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment