From 69d3f47d3659d5729c2670015ec1344e277d0449 Mon Sep 17 00:00:00 2001
From: Juliana Rodrigueiro <juliana.rodrigueiro@intra2net.com>
Date: Wed, 19 Sep 2018 17:12:15 +0200
Subject: [PATCH] Handle and sanitize only href content and not the whole tag

---
 src/restricted_html.cpp |   41 ++++++++++-------------------------------
 1 files changed, 10 insertions(+), 31 deletions(-)

diff --git a/src/restricted_html.cpp b/src/restricted_html.cpp
index ee91156..d83cdd0 100644
--- a/src/restricted_html.cpp
+++ b/src/restricted_html.cpp
@@ -244,45 +244,25 @@ public:
 };
 
 /**
- * @brief Verifies if a html "a" tag has a valid link and sanitize it if necessary.
- * Modify tag and add redirector prefix if link has a valid protocol.
- * Example: <a href="http://somelink.com">
- * returns <a href="/arnie?form=redirect&url=http://somelink.com" target=_blank>
+ * @brief Verifies if the content of an href attribute is a valid link and
+ * sanitize it if necessary.
+ * Example: "http://somelink.com"
+ * returns "/arnie?form=redirect&url=http://somelink.com" target="_blank"
  *
- * @param tag (output) html "a" tag. If valid, it may be modified to regularize
+ * @param link (output) If valid, it may be modified to regularize
  * and encode the URL.
- * @param redirect_prefix Prefix that will be added to the url in case it is valid.
  * @return bool true if link inside "a" tag is valid. False otherwise.
  */
-bool link_sanitizer(string &tag, const std::string &redirect_prefix)
+bool handle_attr_href(string &link)
 {
-    // tag = <a href="somelink">
-    string link = tag.substr(AHREF.size());
-    if (link.find('\"') == 0)
+    if (has_prefix(link, "\"") && has_suffix(link, "\""))
     {
-        size_t pos = link.find('\"', 1);
-        if (pos == string::npos)
-            return false; // Quotation mark never closes.
-
-        string end(link, pos+1);
-        if (end != " >" && end != ">")
-            return false; //Probably extra attributes. Or " inside the link (invalid).
-
-        link = link.substr(1, pos -1);
-    }
-    else
-    {
-        size_t space = link.find_first_of(" ");
-        if (space != link.size()-2 && space != string::npos )
-            return false; //Probably extra attributes.
-
-        link = link.substr(0, space);
+        link = remove_prefix(link, "\"");
+        link = remove_suffix(link, "\"");
     }
 
     // Check if the link already has a known prefix.
     // See "InvalidRedirection" unit test.
-    if (has_prefix(link, redirect_prefix))
-        link = remove_prefix(link, redirect_prefix);
     if (has_prefix(link, REDIRECT_PREFIX))
         link = remove_prefix(link, REDIRECT_PREFIX);
 
@@ -294,8 +274,7 @@ bool link_sanitizer(string &tag, const std::string &redirect_prefix)
     if (link.find("javascript:") != string::npos)
         return false;
 
-    tag = AHREF + "\"" + redirect_prefix + encode_url(link) + "\" "
-        + TARGET_BLANK + ">";
+    link = "\"" + REDIRECT_PREFIX + encode_url(link) + "\" " + TARGET_BLANK;
 
     return true;
 }
-- 
1.7.1