copyleftie/gajim-plural
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

support data:URI scheme in XHTML-IM message. Fixed #6106

Browse source
This commit is contained in:
Denis Fomin 2010-12-14 19:30:00 +03:00
parent c4f94915ce
commit e95ffa55ef
1 changed files with 64 additions and 45 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

109
src/htmltextview.py
View file

@ -489,54 +489,60 @@ class HtmlHandler(xml.sax.handler.ContentHandler):
''' '''
mem = '' mem = ''
try: try:
# Wait maximum 1s for connection if attrs['src'].startswith('data:image/'):
socket.setdefaulttimeout(1) # The "data" URL scheme http://tools.ietf.org/html/rfc2397
try: import base64
req = urllib2.Request(attrs['src']) img = attrs['src'].split(',')[1]
req.add_header('User-Agent', 'Gajim ' + gajim.version) mem = base64.standard_b64decode(urllib2.unquote(img))
f = urllib2.urlopen(req)
except Exception, ex:
log.debug('Error loading image %s ' % attrs['src'] + str(ex))
pixbuf = None
alt = attrs.get('alt', 'Broken image')
else: else:
# Wait 0.1s between each byte # Wait maximum 1s for connection
socket.setdefaulttimeout(1)
try: try:
f.fp._sock.fp._sock.settimeout(0.5) req = urllib2.Request(attrs['src'])
except Exception: req.add_header('User-Agent', 'Gajim ' + gajim.version)
pass f = urllib2.urlopen(req)
# Max image size = 2 MB (to try to prevent DoS) except Exception, ex:
deadline = time.time() + 3 log.debug('Error loading image %s ' % attrs['src'] + str(ex))
while True: pixbuf = None
if time.time() > deadline: alt = attrs.get('alt', 'Broken image')
log.debug(str('Timeout loading image %s ' % \ else:
attrs['src'] + ex)) # Wait 0.1s between each byte
mem = ''
alt = attrs.get('alt', '')
if alt:
alt += '\n'
alt += _('Timeout loading image')
break
try: try:
temp = f.read(100) f.fp._sock.fp._sock.settimeout(0.5)
except socket.timeout, ex: except Exception:
log.debug('Timeout loading image %s ' % \ pass
attrs['src'] + str(ex)) # Max image size = 2 MB (to try to prevent DoS)
alt = attrs.get('alt', '') deadline = time.time() + 3
if alt: while True:
alt += '\n' if time.time() > deadline:
alt += _('Timeout loading image') log.debug(str('Timeout loading image %s ' % \
break attrs['src'] + ex))
if temp: mem = ''
mem += temp alt = attrs.get('alt', '')
else: if alt:
break alt += '\n'
if len(mem) > 2*1024*1024: alt += _('Timeout loading image')
alt = attrs.get('alt', '') break
if alt: try:
alt += '\n' temp = f.read(100)
alt += _('Image is too big') except socket.timeout, ex:
break log.debug('Timeout loading image %s ' % \
attrs['src'] + str(ex))
alt = attrs.get('alt', '')
if alt:
alt += '\n'
alt += _('Timeout loading image')
break
if temp:
mem += temp
else:
break
if len(mem) > 2*1024*1024:
alt = attrs.get('alt', '')
if alt:
alt += '\n'
alt += _('Image is too big')
break
pixbuf = None pixbuf = None
if mem: if mem:
# Caveat: GdkPixbuf is known not to be safe to load # Caveat: GdkPixbuf is known not to be safe to load
@ -1090,6 +1096,19 @@ return faciter(n,1)</pre>
</div> </div>
<p/> <p/>
<p>#232/1</p> <p>#232/1</p>
</body>
''')
htmlview.print_real_text(None, xhtml='<hr />')
htmlview.print_real_text(None, xhtml='''
<body xmlns='http://www.w3.org/1999/xhtml'>
<br/>
<img src='data:image/png;base64,R0lGODdhMAAwAPAAAAAAAP///ywAAAAAMAAw\
AAAC8IyPqcvt3wCcDkiLc7C0qwyGHhSWpjQu5yqmCYsapyuvUUlvONmOZtfzgFz\
ByTB10QgxOR0TqBQejhRNzOfkVJ+5YiUqrXF5Y5lKh/DeuNcP5yLWGsEbtLiOSp\
a/TPg7JpJHxyendzWTBfX0cxOnKPjgBzi4diinWGdkF8kjdfnycQZXZeYGejmJl\
ZeGl9i2icVqaNVailT6F5iJ90m6mvuTS4OK05M0vDk0Q4XUtwvKOzrcd3iq9uis\
F81M1OIcR7lEewwcLp7tuNNkM3uNna3F2JQFo97Vriy/Xl4/f1cf5VWzXyym7PH\
hhx4dbgYKAAA7' alt='Larry'/>
</body> </body>
''') ''')
htmlview.tv.show() htmlview.tv.show()