Source File
url.go
Belonging Package
github.com/google/safehtml/template
Copyright 2011 The Go Authors. All rights reserved. Use of this source code is governed by a BSD-style license that can be found in the LICENSE file.
package template
import (
)
urlPrefixValidators maps URL and TrustedResourceURL sanitization contexts to functions return an error if the given string is unsafe to use as a URL prefix in that sanitization context.
startsWithFullySpecifiedSchemePattern matches strings that have a fully-specified scheme component. See RFC 3986 Section 3.
var startsWithFullySpecifiedSchemePattern = regexp.MustCompile(
`^[[:alpha:]](?:[[:alnum:]]|[+-.])*:`)
validateURLPrefix validates if the given non-empty prefix is a safe safehtml.URL prefix. Prefixes are considered unsafe if they end in an incomplete HTML character reference or percent-encoding character triplet. If the prefix contains a fully-specified scheme component, it is considered safe only if it starts with a whitelisted scheme. See safehtml.URLSanitized for more details. Otherwise, the prefix is safe only if it contains '/', '?', or '#', since the presence of any of these runes ensures that this prefix, when combined with some arbitrary suffix, cannot be interpreted as a part of a scheme.
func ( string) error {
, := decodeURLPrefix()
if != nil {
return
}
switch {
case startsWithFullySpecifiedSchemePattern.MatchString():
if safehtml.URLSanitized().String() != {
return fmt.Errorf("URL prefix %q contains an unsafe scheme", )
}
If the URL prefix does not already have a ':' scheme delimiter, and does not contain '/', '?', or '#', any ':' following this prefix will be intepreted as a scheme delimiter, causing this URL prefix to be interpreted as being part of a scheme. e.g. `<a href="java{{ "script:" }}alert(1)>`
validateTrustedResourceURLPrefix validates if the given non-empty prefix is a safe safehtml.TrustedResourceURL prefix. Prefixes are considered unsafe if they end in an incomplete HTML character reference or percent-encoding character triplet. See safehtmlutil.IsSafeTrustedResourceURLPrefix for details on how the prefix is validated.
func ( string) error {
, := decodeURLPrefix()
if != nil {
return
}
if !safehtmlutil.IsSafeTrustedResourceURLPrefix() {
return fmt.Errorf("%q is a disallowed TrustedResourceURL prefix", )
}
return nil
}
endsWithPercentEncodingPrefixPattern matches strings that end in an incomplete URL percent encoding triplet. See https://tools.ietf.org/html/rfc3986#section-2.1.
var endsWithPercentEncodingPrefixPattern = regexp.MustCompile(
`%[[:xdigit:]]?$`)
containsWhitespaceOrControlPattern matches strings that contain ASCII whitespace or control characters.
var containsWhitespaceOrControlPattern = regexp.MustCompile(`[[:space:]]|[[:cntrl:]]`)
decodeURLPrefix returns the given prefix after it has been HTML-unescaped. It returns an error if the prefix: * ends in an incomplete HTML character reference before HTML-unescaping, * ends in an incomplete percent-encoding character triplet after HTML-unescaping, or * contains whitespace before or after HTML-unescaping.
func ( string) (string, error) {
if containsWhitespaceOrControlPattern.MatchString() {
return "", fmt.Errorf("URL prefix %q contains whitespace or control characters", )
}
if := validateDoesNotEndsWithCharRefPrefix(); != nil {
return "", fmt.Errorf("URL %s", )
}
Check again for whitespace that might have previously been masked by a HTML reference, such as in "javascript
".
if containsWhitespaceOrControlPattern.MatchString() {
return "", fmt.Errorf("URL prefix %q contains whitespace or control characters", )
}
if endsWithPercentEncodingPrefixPattern.MatchString() {
return "", fmt.Errorf("URL prefix %q ends with an incomplete percent-encoding character triplet", )
}
return , nil
}
func ( ...interface{}) (string, error) {
:= safehtmlutil.Stringify(...)
Reject substitutions containing the ".." dot-segment to prevent the final TrustedResourceURL from referencing a resource higher up in the path name hierarchy than the path specified in the prefix.
 |
The pages are generated with Golds v0.3.2-preview. (GOOS=darwin GOARCH=amd64) Golds is a Go 101 project developed by Tapir Liu. PR and bug reports are welcome and can be submitted to the issue list. Please follow @Go100and1 (reachable from the left QR code) to get the latest news of Golds. |