1
0
mirror of https://github.com/laurent22/joplin.git synced 2024-12-24 10:27:10 +02:00

Desktop: Fixes #8706: Pasting a resource in Rich Text editor breaks the resource link

This commit is contained in:
Laurent Cozic 2023-08-23 18:16:06 +01:00
parent 3577b245f6
commit 73eedd3ec3
10 changed files with 41 additions and 136 deletions

View File

@ -3,7 +3,8 @@ import shim from '@joplin/lib/shim';
import { _ } from '@joplin/lib/locale';
import bridge from '../../../services/bridge';
import { openItemById } from '../../NoteEditor/utils/contextMenu';
const { parseResourceUrl, urlProtocol, fileUriToPath } = require('@joplin/lib/urlUtils');
const { parseResourceUrl, urlProtocol } = require('@joplin/lib/urlUtils');
import { fileUriToPath } from '@joplin/utils/url';
const { urlDecode } = require('@joplin/lib/string-utils');
export const declaration: CommandDeclaration = {

View File

@ -1,10 +1,15 @@
import Setting from '@joplin/lib/models/Setting';
import { processPastedHtml } from './resourceHandling';
describe('resourceHandling', () => {
it('should sanitize pasted HTML', async () => {
Setting.setConstant('resourceDir', '/home/.config/joplin/resources');
const testCases = [
['Test: <style onload="evil()"></style>', 'Test: <style></style>'],
['<a href="javascript: alert()">test</a>', '<a href="#">test</a>'],
['<a href="file:///home/.config/joplin/resources/test.pdf">test</a>', '<a href="file:///home/.config/joplin/resources/test.pdf">test</a>'],
['<a href="file:///etc/passwd">evil.pdf</a>', '<a href="#">evil.pdf</a>'],
['<script >evil()</script>', ''],
['<script>evil()</script>', ''],
[

View File

@ -8,7 +8,7 @@ import ResourceFetcher from '@joplin/lib/services/ResourceFetcher';
import htmlUtils from '@joplin/lib/htmlUtils';
import rendererHtmlUtils from '@joplin/renderer/htmlUtils';
import Logger from '@joplin/utils/Logger';
const { fileUriToPath } = require('@joplin/lib/urlUtils');
import { fileUriToPath } from '@joplin/utils/url';
const joplinRendererUtils = require('@joplin/renderer').utils;
const { clipboard } = require('electron');
const mimeUtils = require('@joplin/lib/mime-utils.js').mime;
@ -179,6 +179,8 @@ export async function processPastedHtml(html: string) {
return rendererHtmlUtils.sanitizeHtml(
htmlUtils.replaceImageUrls(html, (src: string) => {
return mappedResources[src];
})
}), {
allowedFilePrefixes: [Setting.value('resourceDir')],
}
);
}

View File

@ -24,9 +24,9 @@ import * as ArrayUtils from '../../../ArrayUtils';
import Logger from '@joplin/utils/Logger';
const { mimeTypeFromHeaders } = require('../../../net-utils');
const { fileExtension, safeFileExtension, safeFilename, filename } = require('../../../path-utils');
const { fileUriToPath } = require('../../../urlUtils');
const { MarkupToHtml } = require('@joplin/renderer');
const { ErrorNotFound } = require('../utils/errors');
import { fileUriToPath } from '@joplin/utils/url';
const logger = Logger.create('routes/notes');

View File

@ -105,101 +105,4 @@ urlUtils.objectToQueryString = function(query) {
return queryString;
};
// This is a modified version of the file-uri-to-path package:
//
// - It removes the dependency to the "path" package, which wouldn't work with
// React Native.
//
// - It always returns paths with forward slashes "/". This is normally handled
// properly everywhere.
//
// - Adds the "platform" parameter to optionall return paths with "\" for win32
function fileUriToPath_(uri, platform) {
const sep = '/';
if (
typeof uri !== 'string' ||
uri.length <= 7 ||
uri.substring(0, 7) !== 'file://'
) {
throw new TypeError(
'must pass in a file:// URI to convert to a file path'
);
}
const rest = decodeURI(uri.substring(7));
const firstSlash = rest.indexOf('/');
let host = rest.substring(0, firstSlash);
let path = rest.substring(firstSlash + 1);
// 2. Scheme Definition
// As a special case, <host> can be the string "localhost" or the empty
// string; this is interpreted as "the machine from which the URL is
// being interpreted".
if (host === 'localhost') {
host = '';
}
if (host) {
host = sep + sep + host;
}
// 3.2 Drives, drive letters, mount points, file system root
// Drive letters are mapped into the top of a file URI in various ways,
// depending on the implementation; some applications substitute
// vertical bar ("|") for the colon after the drive letter, yielding
// "file:///c|/tmp/test.txt". In some cases, the colon is left
// unchanged, as in "file:///c:/tmp/test.txt". In other cases, the
// colon is simply omitted, as in "file:///c/tmp/test.txt".
path = path.replace(/^(.+)\|/, '$1:');
// for Windows, we need to invert the path separators from what a URI uses
// if (sep === '\\') {
// path = path.replace(/\//g, '\\');
// }
if (/^.+:/.test(path)) {
// has Windows drive at beginning of path
} else {
// unix path…
path = sep + path;
}
if (platform === 'win32') {
return (host + path).replace(/\//g, '\\');
} else {
return host + path;
}
}
urlUtils.fileUriToPath = (path, platform = 'linux') => {
const output = fileUriToPath_(path, platform);
// The file-uri-to-path module converts Windows path such as
//
// file://c:/autoexec.bat => \\c:\autoexec.bat
//
// Probably because a file:// that starts with only two slashes is not
// quite valid. If we use three slashes, it works:
//
// file:///c:/autoexec.bat => c:\autoexec.bat
//
// However there are various places in the app where we can find
// paths with only two slashes because paths are often constructed
// as `file://${resourcePath}` - which works in all OSes except
// Windows.
//
// So here we introduce a special case - if we detect that we have
// an invalid Windows path that starts with \\x:, we just remove
// the first two backslashes.
//
// https://github.com/laurent22/joplin/issues/5693
if (output.match(/^\/\/[a-zA-Z]:/)) {
return output.substr(2);
}
return output;
};
module.exports = urlUtils;

View File

@ -71,30 +71,4 @@ describe('urlUtils', () => {
}
}));
it('should convert a file URI to a file path', (async () => {
// Tests imported from https://github.com/TooTallNate/file-uri-to-path/tree/master/test
const testCases = {
'file://host/path': '//host/path',
'file://localhost/etc/fstab': '/etc/fstab',
'file:///etc/fstab': '/etc/fstab',
'file:///c:/WINDOWS/clock.avi': 'c:/WINDOWS/clock.avi',
'file://localhost/c|/WINDOWS/clock.avi': 'c:/WINDOWS/clock.avi',
'file:///c|/WINDOWS/clock.avi': 'c:/WINDOWS/clock.avi',
'file://localhost/c:/WINDOWS/clock.avi': 'c:/WINDOWS/clock.avi',
'file://hostname/path/to/the%20file.txt': '//hostname/path/to/the file.txt',
'file:///c:/path/to/the%20file.txt': 'c:/path/to/the file.txt',
'file:///C:/Documents%20and%20Settings/davris/FileSchemeURIs.doc': 'C:/Documents and Settings/davris/FileSchemeURIs.doc',
'file:///C:/caf%C3%A9/%C3%A5r/d%C3%BCnn/%E7%89%9B%E9%93%83/Ph%E1%BB%9F/%F0%9F%98%B5.exe': 'C:/café/år/dünn/牛铃/Phở/😵.exe',
};
for (const [input, expected] of Object.entries(testCases)) {
const actual = urlUtils.fileUriToPath(input);
expect(actual).toBe(expected);
}
expect(urlUtils.fileUriToPath('file://c:/not/quite/right')).toBe('c:/not/quite/right');
expect(urlUtils.fileUriToPath('file:///d:/better')).toBe('d:/better');
expect(urlUtils.fileUriToPath('file:///c:/AUTOEXEC.BAT', 'win32')).toBe('c:\\AUTOEXEC.BAT');
}));
});

View File

@ -1,5 +1,5 @@
const Entities = require('html-entities').AllHtmlEntities;
const htmlentities = new Entities().encode;
import { htmlentities } from '@joplin/utils/html';
import { fileUriToPath } from '@joplin/utils/url';
const htmlparser2 = require('@joplin/fork-htmlparser2');
// [\s\S] instead of . for multiline matching
@ -31,7 +31,8 @@ const selfClosingElements = [
];
interface SanitizeHtmlOptions {
addNoMdConvClass: boolean;
addNoMdConvClass?: boolean;
allowedFilePrefixes?: string[];
}
class HtmlUtils {
@ -157,20 +158,36 @@ class HtmlUtils {
.replace(/</g, '&lt;');
}
private isAcceptedUrl(url: string): boolean {
private isAcceptedUrl(url: string, allowedFilePrefixes: string[]): boolean {
url = url.toLowerCase();
return url.startsWith('https://') ||
if (url.startsWith('https://') ||
url.startsWith('http://') ||
url.startsWith('mailto://') ||
// We also allow anchors but only with a specific set of a characters.
// Fixes https://github.com/laurent22/joplin/issues/8286
!!url.match(/^#[a-zA-Z0-9-]+$/);
!!url.match(/^#[a-zA-Z0-9-]+$/)) return true;
if (url.startsWith('file://')) {
// We need to do a case insensitive comparison because the URL we
// get appears to be converted to lowercase somewhere. To be
// completely sure, we make it lowercase explicitely.
const filePath = fileUriToPath(url).toLowerCase();
for (const filePrefix of allowedFilePrefixes) {
if (filePath.startsWith(filePrefix.toLowerCase())) return true;
}
}
return false;
}
public sanitizeHtml(html: string, options: SanitizeHtmlOptions = null) {
options = { // If true, adds a "jop-noMdConv" class to all the tags.
options = {
// If true, adds a "jop-noMdConv" class to all the tags.
// It can be used afterwards to restore HTML tags in Markdown.
addNoMdConvClass: false, ...options };
addNoMdConvClass: false,
allowedFilePrefixes: [],
...options,
};
const output: string[] = [];
@ -247,7 +264,7 @@ class HtmlUtils {
// particular we want to exclude `javascript:` URLs. This
// applies to A tags, and also AREA ones but to be safe we don't
// filter on the tag name and process all HREF attributes.
if ('href' in attrs && !this.isAcceptedUrl(attrs['href'])) {
if ('href' in attrs && !this.isAcceptedUrl(attrs['href'], options.allowedFilePrefixes)) {
attrs['href'] = '#';
}

View File

@ -28,6 +28,7 @@
"dependencies": {
"@joplin/fork-htmlparser2": "^4.1.46",
"@joplin/fork-uslug": "^1.0.11",
"@joplin/utils": "~2.12",
"font-awesome-filetypes": "2.1.0",
"fs-extra": "11.1.1",
"highlight.js": "11.8.0",

View File

@ -8,6 +8,7 @@
"./net": "./dist/net.js",
"./fs": "./dist/fs.js",
"./env": "./dist/env.js",
"./url": "./dist/url.js",
"./Logger": "./dist/Logger.js"
},
"publishConfig": {

View File

@ -4842,6 +4842,7 @@ __metadata:
dependencies:
"@joplin/fork-htmlparser2": ^4.1.46
"@joplin/fork-uslug": ^1.0.11
"@joplin/utils": ~2.12
"@types/jest": 29.5.3
"@types/node": 18.16.18
font-awesome-filetypes: 2.1.0