support data:URI scheme in XHTML-IM message. Fixed #6106
This commit is contained in:
parent
c4f94915ce
commit
e95ffa55ef
|
@ -489,54 +489,60 @@ class HtmlHandler(xml.sax.handler.ContentHandler):
|
||||||
'''
|
'''
|
||||||
mem = ''
|
mem = ''
|
||||||
try:
|
try:
|
||||||
# Wait maximum 1s for connection
|
if attrs['src'].startswith('data:image/'):
|
||||||
socket.setdefaulttimeout(1)
|
# The "data" URL scheme http://tools.ietf.org/html/rfc2397
|
||||||
try:
|
import base64
|
||||||
req = urllib2.Request(attrs['src'])
|
img = attrs['src'].split(',')[1]
|
||||||
req.add_header('User-Agent', 'Gajim ' + gajim.version)
|
mem = base64.standard_b64decode(urllib2.unquote(img))
|
||||||
f = urllib2.urlopen(req)
|
|
||||||
except Exception, ex:
|
|
||||||
log.debug('Error loading image %s ' % attrs['src'] + str(ex))
|
|
||||||
pixbuf = None
|
|
||||||
alt = attrs.get('alt', 'Broken image')
|
|
||||||
else:
|
else:
|
||||||
# Wait 0.1s between each byte
|
# Wait maximum 1s for connection
|
||||||
|
socket.setdefaulttimeout(1)
|
||||||
try:
|
try:
|
||||||
f.fp._sock.fp._sock.settimeout(0.5)
|
req = urllib2.Request(attrs['src'])
|
||||||
except Exception:
|
req.add_header('User-Agent', 'Gajim ' + gajim.version)
|
||||||
pass
|
f = urllib2.urlopen(req)
|
||||||
# Max image size = 2 MB (to try to prevent DoS)
|
except Exception, ex:
|
||||||
deadline = time.time() + 3
|
log.debug('Error loading image %s ' % attrs['src'] + str(ex))
|
||||||
while True:
|
pixbuf = None
|
||||||
if time.time() > deadline:
|
alt = attrs.get('alt', 'Broken image')
|
||||||
log.debug(str('Timeout loading image %s ' % \
|
else:
|
||||||
attrs['src'] + ex))
|
# Wait 0.1s between each byte
|
||||||
mem = ''
|
|
||||||
alt = attrs.get('alt', '')
|
|
||||||
if alt:
|
|
||||||
alt += '\n'
|
|
||||||
alt += _('Timeout loading image')
|
|
||||||
break
|
|
||||||
try:
|
try:
|
||||||
temp = f.read(100)
|
f.fp._sock.fp._sock.settimeout(0.5)
|
||||||
except socket.timeout, ex:
|
except Exception:
|
||||||
log.debug('Timeout loading image %s ' % \
|
pass
|
||||||
attrs['src'] + str(ex))
|
# Max image size = 2 MB (to try to prevent DoS)
|
||||||
alt = attrs.get('alt', '')
|
deadline = time.time() + 3
|
||||||
if alt:
|
while True:
|
||||||
alt += '\n'
|
if time.time() > deadline:
|
||||||
alt += _('Timeout loading image')
|
log.debug(str('Timeout loading image %s ' % \
|
||||||
break
|
attrs['src'] + ex))
|
||||||
if temp:
|
mem = ''
|
||||||
mem += temp
|
alt = attrs.get('alt', '')
|
||||||
else:
|
if alt:
|
||||||
break
|
alt += '\n'
|
||||||
if len(mem) > 2*1024*1024:
|
alt += _('Timeout loading image')
|
||||||
alt = attrs.get('alt', '')
|
break
|
||||||
if alt:
|
try:
|
||||||
alt += '\n'
|
temp = f.read(100)
|
||||||
alt += _('Image is too big')
|
except socket.timeout, ex:
|
||||||
break
|
log.debug('Timeout loading image %s ' % \
|
||||||
|
attrs['src'] + str(ex))
|
||||||
|
alt = attrs.get('alt', '')
|
||||||
|
if alt:
|
||||||
|
alt += '\n'
|
||||||
|
alt += _('Timeout loading image')
|
||||||
|
break
|
||||||
|
if temp:
|
||||||
|
mem += temp
|
||||||
|
else:
|
||||||
|
break
|
||||||
|
if len(mem) > 2*1024*1024:
|
||||||
|
alt = attrs.get('alt', '')
|
||||||
|
if alt:
|
||||||
|
alt += '\n'
|
||||||
|
alt += _('Image is too big')
|
||||||
|
break
|
||||||
pixbuf = None
|
pixbuf = None
|
||||||
if mem:
|
if mem:
|
||||||
# Caveat: GdkPixbuf is known not to be safe to load
|
# Caveat: GdkPixbuf is known not to be safe to load
|
||||||
|
@ -1090,6 +1096,19 @@ return faciter(n,1)</pre>
|
||||||
</div>
|
</div>
|
||||||
<p/>
|
<p/>
|
||||||
<p>#232/1</p>
|
<p>#232/1</p>
|
||||||
|
</body>
|
||||||
|
''')
|
||||||
|
htmlview.print_real_text(None, xhtml='<hr />')
|
||||||
|
htmlview.print_real_text(None, xhtml='''
|
||||||
|
<body xmlns='http://www.w3.org/1999/xhtml'>
|
||||||
|
<br/>
|
||||||
|
<img src='data:image/png;base64,R0lGODdhMAAwAPAAAAAAAP///ywAAAAAMAAw\
|
||||||
|
AAAC8IyPqcvt3wCcDkiLc7C0qwyGHhSWpjQu5yqmCYsapyuvUUlvONmOZtfzgFz\
|
||||||
|
ByTB10QgxOR0TqBQejhRNzOfkVJ+5YiUqrXF5Y5lKh/DeuNcP5yLWGsEbtLiOSp\
|
||||||
|
a/TPg7JpJHxyendzWTBfX0cxOnKPjgBzi4diinWGdkF8kjdfnycQZXZeYGejmJl\
|
||||||
|
ZeGl9i2icVqaNVailT6F5iJ90m6mvuTS4OK05M0vDk0Q4XUtwvKOzrcd3iq9uis\
|
||||||
|
F81M1OIcR7lEewwcLp7tuNNkM3uNna3F2JQFo97Vriy/Xl4/f1cf5VWzXyym7PH\
|
||||||
|
hhx4dbgYKAAA7' alt='Larry'/>
|
||||||
</body>
|
</body>
|
||||||
''')
|
''')
|
||||||
htmlview.tv.show()
|
htmlview.tv.show()
|
||||||
|
|
Loading…
Reference in New Issue