From e1b425029e53b05798eaede5971012fc6864094f Mon Sep 17 00:00:00 2001
From: Juliana Rodrigueiro <juliana.rodrigueiro@intra2net.com>
Date: Wed, 19 Sep 2018 16:36:07 +0200
Subject: [PATCH] Divide allowed tags into three white lists

The tags are now divided into three white lists according to
their particularities:
   _NORMAL, normal tags that don't accept attributes.
   _VOID, void tags that may or not appear in self-closing notation.
   _WITH_ATTR, normal tags that may accept attributes.
---
 src/restricted_html.cpp |   32 +++++++++++++++++++++++++-------
 1 files changed, 25 insertions(+), 7 deletions(-)

diff --git a/src/restricted_html.cpp b/src/restricted_html.cpp
index 76d75a7..0aeab2d 100644
--- a/src/restricted_html.cpp
+++ b/src/restricted_html.cpp
@@ -28,6 +28,7 @@ on this file might be covered by the GNU General Public License.
  */
 
 #include <iomanip>
+#include <map>
 #include <set>
 #include <sstream>
 #include <string>
@@ -42,10 +43,12 @@ on this file might be covered by the GNU General Public License.
 
 using namespace std;
 
-
 namespace I2n
 {
 
+// Forward declarations:
+bool handle_attr_href(string &link);
+
 namespace
 {
 
@@ -56,14 +59,29 @@ namespace
 */
 typedef pair<string,bool> Token;
 
+/**
+* @brief AttributeHandler is the function pointer type used to map attributes
+* and their respective content handlers.
 */
+typedef bool (*AttributeHandler)(string &);
+
+// Normal tags that do not accept any attributes.
+const set<string> ALLOWED_NORMAL = boost::assign::list_of("h1")("h2")("h3")
+    ("h4")("h5")("h6")("p")("i")("ul")("li")("tr")("th")("td")("table");
+
+// Void tags, these may have the self-closing notation as suffix and do not
+// expect an end tag.
+const set<string> ALLOWED_VOID = boost::assign::list_of("br");
+
+// Tags that may accept attributes. This container also maps all accepted
+// ones to their function handler.
+// (Attributes are not obligatory.)
+const map<string, const map< string, AttributeHandler> > ALLOWED_WITH_ATTR
+    = boost::assign::map_list_of< string, const map<string, AttributeHandler> >
+        ("a", boost::assign::map_list_of
+            ("href", &handle_attr_href)
+        );
 
-const set<string> ALLOWED_TAGS = boost::assign::list_of("h1")("h2")("h3")("h4")
-                                                       ("h5")("h6")("a")("p")
-                                                       ("br")("i")("ul")("li")
-                                                       ("tr")("th")("td")
-                                                       ("table");
-const string AHREF = "<a href=";
 const string REDIRECT_PREFIX = "/arnie?form=redirect&url=";
 const string TARGET_BLANK = "target=\"_blank\"";
 const pcrecpp::RE SAFE_URL("^(http(s?):\\/\\/)(([a-zA-Z0-9\\.\\-\\_]+(\\.[a-zA-"
-- 
1.7.1