};
/**
- * @brief Verifies if a html "a" tag has a valid link and sanitize it if necessary.
- * Modify tag and add redirector prefix if link has a valid protocol.
- * Example: <a href="http://somelink.com">
- * returns <a href="/arnie?form=redirect&url=http://somelink.com" target=_blank>
+ * @brief Verifies if the content of an href attribute is a valid link and
+ * sanitize it if necessary.
+ * Example: "http://somelink.com"
+ * returns "/arnie?form=redirect&url=http://somelink.com" target="_blank"
*
- * @param tag (output) html "a" tag. If valid, it may be modified to regularize
+ * @param link (output) If valid, it may be modified to regularize
* and encode the URL.
- * @param redirect_prefix Prefix that will be added to the url in case it is valid.
* @return bool true if link inside "a" tag is valid. False otherwise.
*/
-bool link_sanitizer(string &tag, const std::string &redirect_prefix)
+bool handle_attr_href(string &link)
{
- // tag = <a href="somelink">
- string link = tag.substr(AHREF.size());
- if (link.find('\"') == 0)
+ if (has_prefix(link, "\"") && has_suffix(link, "\""))
{
- size_t pos = link.find('\"', 1);
- if (pos == string::npos)
- return false; // Quotation mark never closes.
-
- string end(link, pos+1);
- if (end != " >" && end != ">")
- return false; //Probably extra attributes. Or " inside the link (invalid).
-
- link = link.substr(1, pos -1);
- }
- else
- {
- size_t space = link.find_first_of(" ");
- if (space != link.size()-2 && space != string::npos )
- return false; //Probably extra attributes.
-
- link = link.substr(0, space);
+ link = remove_prefix(link, "\"");
+ link = remove_suffix(link, "\"");
}
// Check if the link already has a known prefix.
// See "InvalidRedirection" unit test.
- if (has_prefix(link, redirect_prefix))
- link = remove_prefix(link, redirect_prefix);
if (has_prefix(link, REDIRECT_PREFIX))
link = remove_prefix(link, REDIRECT_PREFIX);
if (link.find("javascript:") != string::npos)
return false;
- tag = AHREF + "\"" + redirect_prefix + encode_url(link) + "\" "
- + TARGET_BLANK + ">";
+ link = "\"" + REDIRECT_PREFIX + encode_url(link) + "\" " + TARGET_BLANK;
return true;
}