fad90c2956
URLs are extremely loosely defined and can take many shapes which may
not be parsed at all if unusual characters like the exclamation mark are
present. To ensure lists and odd use of spaces are not parsed as links
some sanity-checks are in place:
- the URL's schema must be at least two characters long
- the URL's authority, path, and fragment must have a combined
length of 8 characters or longer
- the URL must not contain a whitespace character, >, ), or "
- the URL may only contain a ] when followed by a different allowed
character or at the end of the line (necessary for IPv6
authorities)
The tests for this function now include links with an exclamation point
and IPv6 addresses. The tests are given names to be easier identifiable.
Link: https://www.iana.org/assignments/uri-schemes/uri-schemes.xhtml
Reported-by: "Bence Ferdinandy" <bence@ferdinandy.com>
Cc: "Koni Marti" <koni.marti@gmail.com>
Fixes: e1d8bc4d17
("msgviewer: open http links from messages")
Signed-off-by: Moritz Poldrack <git@moritz.sh>
Acked-by: Tim Culverhouse <tim@timculverhouse.com>
40 lines
856 B
Go
40 lines
856 B
Go
package parse
|
|
|
|
import (
|
|
"bufio"
|
|
"bytes"
|
|
"io"
|
|
"net/url"
|
|
"regexp"
|
|
"strings"
|
|
)
|
|
|
|
var urlRe = regexp.MustCompile(`([\w\d]{2,}:([^\s>\]\)"]|\][^\s>\)"]|\]$){8,})`)
|
|
|
|
// HttpLinks searches a reader for a http link and returns a copy of the
|
|
// reader and a slice with links.
|
|
func HttpLinks(r io.Reader) (io.Reader, []string) {
|
|
var buf bytes.Buffer
|
|
tr := io.TeeReader(r, &buf)
|
|
|
|
scanner := bufio.NewScanner(tr)
|
|
linkMap := make(map[string]struct{})
|
|
for scanner.Scan() {
|
|
line := scanner.Text()
|
|
for _, word := range strings.Fields(line) {
|
|
if links := urlRe.FindStringSubmatch(word); len(links) > 0 {
|
|
if _, err := url.Parse(links[0]); err != nil {
|
|
continue
|
|
}
|
|
linkMap[strings.TrimSpace(links[0])] = struct{}{}
|
|
}
|
|
}
|
|
}
|
|
|
|
results := []string{}
|
|
for link := range linkMap {
|
|
results = append(results, link)
|
|
}
|
|
|
|
return &buf, results
|
|
}
|