[Rt-commit] rt branch 5.0/article-html-content updated. rt-5.0.2-87-g0504fc12ad

BPS Git Server git at git.bestpractical.com
Mon Mar 14 21:52:51 UTC 2022


This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "rt".

The branch, 5.0/article-html-content has been updated
       via  0504fc12ad55b3bfa30ac990b39e6822c4f35276 (commit)
      from  65142d1da912a09de8a009df1252a12064e5e2e3 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 0504fc12ad55b3bfa30ac990b39e6822c4f35276
Author: sunnavy <sunnavy at bestpractical.com>
Date:   Sat Mar 12 04:28:20 2022 +0800

    Scrub permissively for non-ticket related custom field values
    
    Ticket and transaction custom fields are scrubbed normally as they could
    be set by external sources in many cases, which is not quite trustable.

diff --git a/lib/RT/Interface/Web.pm b/lib/RT/Interface/Web.pm
index c02f49af75..efe4af7447 100644
--- a/lib/RT/Interface/Web.pm
+++ b/lib/RT/Interface/Web.pm
@@ -70,6 +70,7 @@ use URI qw();
 use RT::Interface::Web::Menu;
 use RT::Interface::Web::Session;
 use RT::Interface::Web::Scrubber;
+use RT::Interface::Web::Scrubber::Permissive;
 use Digest::MD5 ();
 use List::MoreUtils qw();
 use JSON qw();
@@ -4708,7 +4709,7 @@ sub _parse_saved_search {
     return ( _load_container_object( $obj_type, $obj_id ), $search_id );
 }
 
-=head2 ScrubHTML content
+=head2 ScrubHTML Content => CONTENT, Permissive => 1|0
 
 Removes unsafe and undesired HTML from the passed content
 
@@ -4721,14 +4722,18 @@ Removes unsafe and undesired HTML from the passed content
 our $ReloadScrubber;
 
 sub ScrubHTML {
+    my %args = @_ % 2 ? ( Content => @_ ) : @_;
+
     state $scrubber = RT::Interface::Web::Scrubber->new;
+    state $permissive_scrubber = RT::Interface::Web::Scrubber::Permissive->new;
 
     if ( $HTML::Mason::Commands::ReloadScrubber ) {
         $scrubber = RT::Interface::Web::Scrubber->new;
+        $permissive_scrubber = RT::Interface::Web::Scrubber::Permissive->new;
         $HTML::Mason::Commands::ReloadScrubber = 0;
     }
 
-    return $scrubber->scrub(@_);
+    return ( $args{Permissive} ? $permissive_scrubber : $scrubber )->scrub( $args{Content} );
 }
 
 =head2 JSON
diff --git a/lib/RT/Interface/Web/Scrubber/Permissive.pm b/lib/RT/Interface/Web/Scrubber/Permissive.pm
new file mode 100644
index 0000000000..f21cc5d025
--- /dev/null
+++ b/lib/RT/Interface/Web/Scrubber/Permissive.pm
@@ -0,0 +1,137 @@
+# BEGIN BPS TAGGED BLOCK {{{
+#
+# COPYRIGHT:
+#
+# This software is Copyright (c) 1996-2021 Best Practical Solutions, LLC
+#                                          <sales at bestpractical.com>
+#
+# (Except where explicitly superseded by other copyright notices)
+#
+#
+# LICENSE:
+#
+# This work is made available to you under the terms of Version 2 of
+# the GNU General Public License. A copy of that license should have
+# been provided with this software, but in any event can be snarfed
+# from www.gnu.org.
+#
+# This work is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+# 02110-1301 or visit their web page on the internet at
+# http://www.gnu.org/licenses/old-licenses/gpl-2.0.html.
+#
+#
+# CONTRIBUTION SUBMISSION POLICY:
+#
+# (The following paragraph is not intended to limit the rights granted
+# to you to modify and distribute this software under the terms of
+# the GNU General Public License and is only of importance to you if
+# you choose to contribute your changes and enhancements to the
+# community by submitting them to Best Practical Solutions, LLC.)
+#
+# By intentionally submitting any modifications, corrections or
+# derivatives to this work, or any other work intended for use with
+# Request Tracker, to Best Practical Solutions, LLC, you confirm that
+# you are the copyright holder for those contributions and you grant
+# Best Practical Solutions,  LLC a nonexclusive, worldwide, irrevocable,
+# royalty-free, perpetual, license to use, copy, create derivative
+# works based on those contributions, and sublicense and distribute
+# those contributions and any derivatives thereof.
+#
+# END BPS TAGGED BLOCK }}}
+
+package RT::Interface::Web::Scrubber::Permissive;
+use strict;
+use warnings;
+use 5.010;
+use base qw/RT::Interface::Web::Scrubber/;
+
+
+=head1 NAME
+
+RT::Interface::Web::Scrubber::Permissive
+
+=head1 DESCRIPTION
+
+This is a subclass of RT::Interface::Web::Scrubber. As a permissive version,
+it's more suitable for trusted content. It allows most things except scripts
+and comments by default.
+
+=head1 VARIABLES
+
+These variables can be altered by creating a C<Permissive_Local.pm> file,
+containing something of the form:
+
+    package RT::Interface::Web::Scrubber::Permissive;
+
+    # Deny the "style" attribute
+    $ATTRIBUTES{style} = 0;
+
+=over
+
+=item C<@DENIED_TAGS>
+
+Passed to L<HTML::Scrubber/deny>.
+
+=item C<%ATTRIBUTES>
+
+Passed into L<HTML::Scrubber/default>.
+
+=item C<%RULES>
+
+Passed to L<HTML::Scrubber/rules>.
+
+=back
+
+=cut
+
+our ( @DENIED_TAGS, %RULES );
+
+# Initally from PermissiveHTMLMail extension.
+our %ATTRIBUTES = (
+    '*'    => 1,
+    'href' => qr{^(?!(?:java)?script)}i,
+    'src'  => qr{^(?!(?:java)?script)}i,
+    'cite' => qr{^(?!(?:java)?script)}i,
+    (
+        map { +( "on$_" => 0 ) }
+            qw/blur change click dblclick error focus
+            keydown keypress keyup load mousedown
+            mousemove mouseout mouseover mouseup reset
+            select submit unload/
+    ),
+);
+
+=head1 METHODS
+
+=head2 new
+
+Returns a new L<RT::Interface::Web::Scrubber::Permissive> object, configured
+with the above globals. Takes no arguments.
+
+=cut
+
+sub new {
+    my $class = shift;
+    my $self  = $class->SUPER::new(@_);
+
+    $self->default( 1, \%ATTRIBUTES );
+    $self->deny(@DENIED_TAGS);
+    $self->rules(%RULES);
+
+    # Scrubbing comments is vital since IE conditional comments can contain
+    # arbitrary HTML and we'd pass it right on through.
+    $self->comment(0);
+
+    return $self;
+}
+
+RT::Base->_ImportOverlays();
+
+1;
diff --git a/lib/RT/ObjectCustomFieldValue.pm b/lib/RT/ObjectCustomFieldValue.pm
index 9c6ca7d3dc..1509b43560 100644
--- a/lib/RT/ObjectCustomFieldValue.pm
+++ b/lib/RT/ObjectCustomFieldValue.pm
@@ -806,6 +806,12 @@ sub ExternalStoreDigest {
     return $self->_Value( 'LargeContent' );
 }
 
+sub _ContentIsPermissive {
+    my $self = shift;
+    # All non-ticket related custom field values are considered permissive by default
+    return ( $self->CustomFieldObj->LookupType // '' ) =~ /RT::Ticket/ ? 0 : 1;
+}
+
 RT::Base->_ImportOverlays();
 
 1;
diff --git a/share/html/Elements/ScrubHTML b/share/html/Elements/ScrubHTML
index 119adc5f74..af7f594c06 100644
--- a/share/html/Elements/ScrubHTML
+++ b/share/html/Elements/ScrubHTML
@@ -46,8 +46,5 @@
 %#
 %# END BPS TAGGED BLOCK }}}
 <%init>
-return ScrubHTML($Content);
+return ScrubHTML(%ARGS);
 </%init>
-<%args>
-$Content => undef
-</%args>
diff --git a/share/html/Elements/ShowCustomFieldHTML b/share/html/Elements/ShowCustomFieldHTML
index 86e4bbfd95..11985dd755 100644
--- a/share/html/Elements/ShowCustomFieldHTML
+++ b/share/html/Elements/ShowCustomFieldHTML
@@ -48,7 +48,7 @@
 <%$content|n%>
 <%init>
 my $content = $Object->LargeContent || $Object->Content;
-$content = $m->comp('/Elements/ScrubHTML', Content => $content);
+$content = $m->comp('/Elements/ScrubHTML', Content => $content, Permissive => $Object->_ContentIsPermissive);
 </%init>
 <%ARGS>
 $Object
diff --git a/share/html/Elements/ShowCustomFieldText b/share/html/Elements/ShowCustomFieldText
index d20b1d4d4e..88a63f82c6 100644
--- a/share/html/Elements/ShowCustomFieldText
+++ b/share/html/Elements/ShowCustomFieldText
@@ -47,7 +47,7 @@
 %# END BPS TAGGED BLOCK }}}
 <%init>
  my $content = $Object->LargeContent || $Object->Content;
- $content = $m->comp('/Elements/ScrubHTML', Content => $content);
+ $content = $m->comp('/Elements/ScrubHTML', Content => $content, Permissive => $Object->_ContentIsPermissive);
  $content =~ s|\n|<br />|g;
 </%init>
 <%$content|n%>
diff --git a/share/html/Elements/ShowCustomFieldWikitext b/share/html/Elements/ShowCustomFieldWikitext
index 0ef6c7c140..e59175643e 100644
--- a/share/html/Elements/ShowCustomFieldWikitext
+++ b/share/html/Elements/ShowCustomFieldWikitext
@@ -48,7 +48,7 @@
 <%$wiki_content|n%>
 <%init>
 my $content = $Object->LargeContent || $Object->Content;
-$content = $m->comp('/Elements/ScrubHTML', Content => $content);
+$content = $m->comp('/Elements/ScrubHTML', Content => $content, Permissive => $Object->_ContentIsPermissive);
 my $base = $Object->Object->WikiBase;
 my %wiki_args = (
     extended => 1,

-----------------------------------------------------------------------

Summary of changes:
 lib/RT/Interface/Web.pm                            |   9 +-
 .../Web/Scrubber/Permissive.pm}                    | 122 +++++++++------------
 lib/RT/ObjectCustomFieldValue.pm                   |   6 +
 share/html/Elements/ScrubHTML                      |   5 +-
 share/html/Elements/ShowCustomFieldHTML            |   2 +-
 share/html/Elements/ShowCustomFieldText            |   2 +-
 share/html/Elements/ShowCustomFieldWikitext        |   2 +-
 7 files changed, 70 insertions(+), 78 deletions(-)
 copy lib/RT/{Plugin.pm => Interface/Web/Scrubber/Permissive.pm} (56%)


hooks/post-receive
-- 
rt


More information about the rt-commit mailing list