D10188: Sanitise notification HTML
David Edmundson
noreply at phabricator.kde.org
Mon Jan 29 22:44:50 UTC 2018
davidedmundson created this revision.
davidedmundson added a reviewer: Plasma.
Restricted Application added a project: Plasma.
Restricted Application added a subscriber: plasma-devel.
davidedmundson requested review of this revision.
REVISION SUMMARY
Qt labels support a HTML subset, using a completely internal parser in
QTextDocument.
The Notification spec support an even smaller subset of notification
elements.
It's important to strip out irrelevant tags that could potentially load
remote information without user interaction, such as img
src or even <b style="background:url...
But we want to maintain the basic rich text formatting of bold and
italics and links.
This parser iterates reads the XML, copying only permissable tags and
attributes.
A future obvious improvement would be to merge the original regular
expressions into this stream parser, but I'm trying to minimise
breakages to get this into 5.12.
TEST PLAN
Moved code into it's own class for easy unit testing
Tried a bunch of things, including what the old regexes were doing
Also ran notify send with a few options to make sure things worked
REPOSITORY
R120 Plasma Workspace
BRANCH
Plasma/5.12
REVISION DETAIL
https://phabricator.kde.org/D10188
AFFECTED FILES
dataengines/notifications/CMakeLists.txt
dataengines/notifications/notifications_test.cpp
dataengines/notifications/notificationsanitizer.cpp
dataengines/notifications/notificationsanitizer.h
dataengines/notifications/notificationsengine.cpp
To: davidedmundson, #plasma
Cc: plasma-devel, ZrenBot, progwolff, lesliezhai, ali-mohamed, jensreuterberg, abetts, sebas, apol, mart
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.kde.org/pipermail/plasma-devel/attachments/20180129/640532c8/attachment.html>
More information about the Plasma-devel
mailing list