forks/miniflux
1
0
Fork 0
Code Releases Activity

Allow width and height attributes for img tags

Browse source
This commit is contained in:
Frédéric Guillot 2022-07-03 17:36:27 -07:00
parent 9c6ea92122
commit d85908e3de
2 changed files with 33 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

13
reader/sanitizer/sanitizer.go
View file

@ -113,6 +113,10 @@ func sanitizeAttributes(baseURL, tagName string, attributes []html.Attribute) ([
value = sanitizeSrcsetAttr(baseURL, value)
}
if tagName == "img" && (attribute.Key == "width" || attribute.Key == "height") && !isPositiveInteger(value) {
continue
}
if isExternalResourceAttribute(attribute.Key) {
if tagName == "iframe" {
if isValidIframeSource(baseURL, attribute.Val) {
@ -350,7 +354,7 @@ func isValidIframeSource(baseURL, src string) bool {
func getTagAllowList() map[string][]string {
whitelist := make(map[string][]string)
whitelist["img"] = []string{"alt", "title", "src", "srcset", "sizes"}
whitelist["img"] = []string{"alt", "title", "src", "srcset", "sizes", "width", "height"}
whitelist["picture"] = []string{}
whitelist["audio"] = []string{"src"}
whitelist["video"] = []string{"poster", "height", "width", "src"}
@ -511,3 +515,10 @@ func isValidDataAttribute(value string) bool {
}
return false
}
func isPositiveInteger(value string) bool {
if number, err := strconv.Atoi(value); err == nil {
return number > 0
}
return false
}

22
reader/sanitizer/sanitizer_test.go
View file

@ -15,6 +15,26 @@ func TestValidInput(t *testing.T) {
}
}
func TestImgWithWidthAndHeightAttribute(t *testing.T) {
input := `<img src="https://example.org/image.png" width="10" height="20">`
expected := `<img src="https://example.org/image.png" width="10" height="20" loading="lazy">`
output := Sanitize("http://example.org/", input)
if output != expected {
t.Errorf(`Wrong output: %s`, output)
}
}
func TestImgWithIncorrectWidthAndHeightAttribute(t *testing.T) {
input := `<img src="https://example.org/image.png" width="10px" height="20px">`
expected := `<img src="https://example.org/image.png" loading="lazy">`
output := Sanitize("http://example.org/", input)
if output != expected {
t.Errorf(`Wrong output: %s`, output)
}
}
func TestImgWithTextDataURL(t *testing.T) {
input := `<img src="data:text/plain;base64,SGVsbG8sIFdvcmxkIQ==" alt="Example">`
expected := ``
@ -57,7 +77,7 @@ func TestSourceWithSrcsetAndMedia(t *testing.T) {
func TestMediumImgWithSrcset(t *testing.T) {
input := `<img alt="Image for post" class="t u v ef aj" src="https://miro.medium.com/max/5460/1*aJ9JibWDqO81qMfNtqgqrw.jpeg" srcset="https://miro.medium.com/max/552/1*aJ9JibWDqO81qMfNtqgqrw.jpeg 276w, https://miro.medium.com/max/1000/1*aJ9JibWDqO81qMfNtqgqrw.jpeg 500w" sizes="500px" width="2730" height="3407">`
expected := `<img alt="Image for post" src="https://miro.medium.com/max/5460/1*aJ9JibWDqO81qMfNtqgqrw.jpeg" srcset="https://miro.medium.com/max/552/1*aJ9JibWDqO81qMfNtqgqrw.jpeg 276w, https://miro.medium.com/max/1000/1*aJ9JibWDqO81qMfNtqgqrw.jpeg 500w" sizes="500px" loading="lazy">`
expected := `<img alt="Image for post" src="https://miro.medium.com/max/5460/1*aJ9JibWDqO81qMfNtqgqrw.jpeg" srcset="https://miro.medium.com/max/552/1*aJ9JibWDqO81qMfNtqgqrw.jpeg 276w, https://miro.medium.com/max/1000/1*aJ9JibWDqO81qMfNtqgqrw.jpeg 500w" sizes="500px" width="2730" height="3407" loading="lazy">`
output := Sanitize("http://example.org/", input)
if output != expected {