• Home
• org.jetbrains
• markdown-jvm
• 0.5.2
• source code
• XssSafeLinks.kt

×

Project download

Many resources are needed to download a project. Please understand that we have to compensate our server costs. Thank you in advance.
Project price only 1 $

You can buy this project and download/modify it how often you want.

commonMain.org.intellij.markdown.html.XssSafeLinks.kt Maven / Gradle / Ivy

package org.intellij.markdown.html

import org.intellij.markdown.ast.ASTNode

private val UNSAFE_LINK_REGEX = Regex("^(vbscript|javascript|file|data):", RegexOption.IGNORE_CASE)
private val ALLOWED_DATA_LINK_REGEX = Regex("^data:image/(gif|png|jpeg|webp);", RegexOption.IGNORE_CASE)

fun makeXssSafeDestination(s: CharSequence): CharSequence {
    return s.takeIf {
        if (UNSAFE_LINK_REGEX.containsMatchIn(s.trim()))
            ALLOWED_DATA_LINK_REGEX.containsMatchIn(s.trim())
        else
            true
    } ?: "#"
}

fun LinkGeneratingProvider.makeXssSafe(useSafeLinks: Boolean = true): LinkGeneratingProvider {
    if (!useSafeLinks) return this

    return object : LinkGeneratingProvider(baseURI, resolveAnchors) {
        override fun renderLink(
            visitor: HtmlGenerator.HtmlGeneratingVisitor,
            text: String,
            node: ASTNode,
            info: RenderInfo
        ) {
            [email protected](visitor, text, node, info)
        }

        override fun getRenderInfo(text: String, node: ASTNode): RenderInfo? {
            return [email protected](text, node)?.let {
                it.copy(destination = makeXssSafeDestination(it.destination))
            }
        }
    }
}