mirrors
/
rspamd
mirror of https://github.com/vstakhov/rspamd.git
Watch 1
Star 0
Fork 0
Code Issues 0 Releases 159 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
15382 Commits
28 Branches
Tree: 6b676918bb
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '6b676918bb'
${ noResults }
rspamd/src/libserver/html.c

html.c 71KB
Raw Blame History

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586878889909192939495969798991001011021031041051061071081091101111121131141151161171181191201211221231241251261271281291301311321331341351361371381391401411421431441451461471481491501511521531541551561571581591601611621631641651661671681691701711721731741751761771781791801811821831841851861871881891901911921931941951961971981992002012022032042052062072082092102112122132142152162172182192202212222232242252262272282292302312322332342352362372382392402412422432442452462472482492502512522532542552562572582592602612622632642652662672682692702712722732742752762772782792802812822832842852862872882892902912922932942952962972982993003013023033043053063073083093103113123133143153163173183193203213223233243253263273283293303313323333343353363373383393403413423433443453463473483493503513523533543553563573583593603613623633643653663673683693703713723733743753763773783793803813823833843853863873883893903913923933943953963973983994004014024034044054064074084094104114124134144154164174184194204214224234244254264274284294304314324334344354364374384394404414424434444454464474484494504514524534544554564574584594604614624634644654664674684694704714724734744754764774784794804814824834844854864874884894904914924934944954964974984995005015025035045055065075085095105115125135145155165175185195205215225235245255265275285295305315325335345355365375385395405415425435445455465475485495505515525535545555565575585595605615625635645655665675685695705715725735745755765775785795805815825835845855865875885895905915925935945955965975985996006016026036046056066076086096106116126136146156166176186196206216226236246256266276286296306316326336346356366376386396406416426436446456466476486496506516526536546556566576586596606616626636646656666676686696706716726736746756766776786796806816826836846856866876886896906916926936946956966976986997007017027037047057067077087097107117127137147157167177187197207217227237247257267277287297307317327337347357367377387397407417427437447457467477487497507517527537547557567577587597607617627637647657667677687697707717727737747757767777787797807817827837847857867877887897907917927937947957967977987998008018028038048058068078088098108118128138148158168178188198208218228238248258268278288298308318328338348358368378388398408418428438448458468478488498508518528538548558568578588598608618628638648658668678688698708718728738748758768778788798808818828838848858868878888898908918928938948958968978988999009019029039049059069079089099109119129139149159169179189199209219229239249259269279289299309319329339349359369379389399409419429439449459469479489499509519529539549559569579589599609619629639649659669679689699709719729739749759769779789799809819829839849859869879889899909919929939949959969979989991000100110021003100410051006100710081009101010111012101310141015101610171018101910201021102210231024102510261027102810291030103110321033103410351036103710381039104010411042104310441045104610471048104910501051105210531054105510561057105810591060106110621063106410651066106710681069107010711072107310741075107610771078107910801081108210831084108510861087108810891090109110921093109410951096109710981099110011011102110311041105110611071108110911101111111211131114111511161117111811191120112111221123112411251126112711281129113011311132113311341135113611371138113911401141114211431144114511461147114811491150115111521153115411551156115711581159116011611162116311641165116611671168116911701171117211731174117511761177117811791180118111821183118411851186118711881189119011911192119311941195119611971198119912001201120212031204120512061207120812091210121112121213121412151216121712181219122012211222122312241225122612271228122912301231123212331234123512361237123812391240124112421243124412451246124712481249125012511252125312541255125612571258125912601261126212631264126512661267126812691270127112721273127412751276127712781279128012811282128312841285128612871288128912901291129212931294129512961297129812991300130113021303130413051306130713081309131013111312131313141315131613171318131913201321132213231324132513261327132813291330133113321333133413351336133713381339134013411342134313441345134613471348134913501351135213531354135513561357135813591360136113621363136413651366136713681369137013711372137313741375137613771378137913801381138213831384138513861387138813891390139113921393139413951396139713981399140014011402140314041405140614071408140914101411141214131414141514161417141814191420142114221423142414251426142714281429143014311432143314341435143614371438143914401441144214431444144514461447144814491450145114521453145414551456145714581459146014611462146314641465146614671468146914701471147214731474147514761477147814791480148114821483148414851486148714881489149014911492149314941495149614971498149915001501150215031504150515061507150815091510151115121513151415151516151715181519152015211522152315241525152615271528152915301531153215331534153515361537153815391540154115421543154415451546154715481549155015511552155315541555155615571558155915601561156215631564156515661567156815691570157115721573157415751576157715781579158015811582158315841585158615871588158915901591159215931594159515961597159815991600160116021603160416051606160716081609161016111612161316141615161616171618161916201621162216231624162516261627162816291630163116321633163416351636163716381639164016411642164316441645164616471648164916501651165216531654165516561657165816591660166116621663166416651666166716681669167016711672167316741675167616771678167916801681168216831684168516861687168816891690169116921693169416951696169716981699170017011702170317041705170617071708170917101711171217131714171517161717171817191720172117221723172417251726172717281729173017311732173317341735173617371738173917401741174217431744174517461747174817491750175117521753175417551756175717581759176017611762176317641765176617671768176917701771177217731774177517761777177817791780178117821783178417851786178717881789179017911792179317941795179617971798179918001801180218031804180518061807180818091810181118121813181418151816181718181819182018211822182318241825182618271828182918301831183218331834183518361837183818391840184118421843184418451846184718481849185018511852185318541855185618571858185918601861186218631864186518661867186818691870187118721873187418751876187718781879188018811882188318841885188618871888188918901891189218931894189518961897189818991900190119021903190419051906190719081909191019111912191319141915191619171918191919201921192219231924192519261927192819291930193119321933193419351936193719381939194019411942194319441945194619471948194919501951195219531954195519561957195819591960196119621963196419651966196719681969197019711972197319741975197619771978197919801981198219831984198519861987198819891990199119921993199419951996199719981999200020012002200320042005200620072008200920102011201220132014201520162017201820192020202120222023202420252026202720282029203020312032203320342035203620372038203920402041204220432044204520462047204820492050205120522053205420552056205720582059206020612062206320642065206620672068206920702071207220732074207520762077207820792080208120822083208420852086208720882089209020912092209320942095209620972098209921002101210221032104210521062107210821092110211121122113211421152116211721182119212021212122212321242125212621272128212921302131213221332134213521362137213821392140214121422143214421452146214721482149215021512152215321542155215621572158215921602161216221632164216521662167216821692170217121722173217421752176217721782179218021812182218321842185218621872188218921902191219221932194219521962197219821992200220122022203220422052206220722082209221022112212221322142215221622172218221922202221222222232224222522262227222822292230223122322233223422352236223722382239224022412242224322442245224622472248224922502251225222532254225522562257225822592260226122622263226422652266226722682269227022712272227322742275227622772278227922802281228222832284228522862287228822892290229122922293229422952296229722982299230023012302230323042305230623072308230923102311231223132314231523162317231823192320232123222323232423252326232723282329233023312332233323342335233623372338233923402341234223432344234523462347234823492350235123522353235423552356235723582359236023612362236323642365236623672368236923702371237223732374237523762377237823792380238123822383238423852386238723882389239023912392239323942395239623972398239924002401240224032404240524062407240824092410241124122413241424152416241724182419242024212422242324242425242624272428242924302431243224332434243524362437243824392440244124422443244424452446244724482449245024512452245324542455245624572458245924602461246224632464246524662467246824692470247124722473247424752476247724782479248024812482248324842485248624872488248924902491249224932494249524962497249824992500250125022503250425052506250725082509251025112512251325142515251625172518251925202521252225232524252525262527252825292530253125322533253425352536253725382539254025412542254325442545254625472548254925502551255225532554255525562557255825592560256125622563256425652566256725682569257025712572257325742575257625772578257925802581258225832584258525862587258825892590259125922593259425952596259725982599260026012602260326042605260626072608260926102611261226132614261526162617261826192620262126222623262426252626262726282629263026312632263326342635263626372638263926402641264226432644264526462647264826492650265126522653265426552656265726582659266026612662266326642665266626672668266926702671267226732674267526762677267826792680268126822683268426852686268726882689269026912692269326942695269626972698269927002701270227032704270527062707270827092710271127122713271427152716271727182719272027212722272327242725272627272728272927302731273227332734273527362737273827392740274127422743274427452746274727482749275027512752275327542755275627572758275927602761276227632764276527662767276827692770277127722773277427752776277727782779278027812782278327842785278627872788278927902791279227932794279527962797279827992800280128022803280428052806280728082809281028112812281328142815281628172818281928202821282228232824282528262827282828292830283128322833283428352836283728382839284028412842284328442845284628472848284928502851285228532854285528562857285828592860286128622863286428652866286728682869287028712872287328742875287628772878287928802881288228832884288528862887288828892890289128922893289428952896289728982899290029012902290329042905290629072908290929102911291229132914291529162917291829192920292129222923292429252926292729282929293029312932293329342935293629372938293929402941294229432944294529462947294829492950295129522953295429552956295729582959296029612962296329642965296629672968296929702971297229732974297529762977297829792980298129822983298429852986298729882989299029912992299329942995299629972998299930003001300230033004300530063007300830093010301130123013301430153016301730183019302030213022302330243025302630273028302930303031303230333034303530363037303830393040304130423043304430453046304730483049305030513052305330543055305630573058305930603061306230633064306530663067306830693070307130723073307430753076307730783079308030813082308330843085308630873088308930903091309230933094309530963097309830993100310131023103310431053106 
  1. /*-

  2.  * Copyright 2016 Vsevolod Stakhov

  3.  *

  4.  * Licensed under the Apache License, Version 2.0 (the "License");

  5.  * you may not use this file except in compliance with the License.

  6.  * You may obtain a copy of the License at

  7.  *

  8.  *   http://www.apache.org/licenses/LICENSE-2.0

  9.  *

  10.  * Unless required by applicable law or agreed to in writing, software

  11.  * distributed under the License is distributed on an "AS IS" BASIS,

  12.  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

  13.  * See the License for the specific language governing permissions and

  14.  * limitations under the License.

  15.  */

  16. #include "config.h"

  17. #include "util.h"

  18. #include "rspamd.h"

  19. #include "message.h"

  20. #include "html.h"

  21. #include "html_tags.h"

  22. #include "html_colors.h"

  23. #include "html_entities.h"

  24. #include "url.h"

  25. #include "contrib/libucl/khash.h"

  26. #include "libmime/images.h"

  27. 

  28. #include <unicode/uversion.h>

  29. #include <unicode/ucnv.h>

  30. #if U_ICU_VERSION_MAJOR_NUM >= 46

  31. #include <unicode/uidna.h>

  32. #endif

  33. 

  34. static sig_atomic_t tags_sorted = 0;

  35. static sig_atomic_t entities_sorted = 0;

  36. static const guint max_tags = 8192; /* Ignore tags if this maximum is reached */

  37. 

  38. struct html_tag_def {

  39. 	const gchar *name;

  40. 	gint16 id;

  41. 	guint16 len;

  42. 	guint flags;

  43. };

  44. 

  45. #define msg_debug_html(...)  rspamd_conditional_debug_fast (NULL, NULL, \

  46.         rspamd_html_log_id, "html", pool->tag.uid, \

  47.         G_STRFUNC, \

  48.         __VA_ARGS__)

  49. 

  50. INIT_LOG_MODULE(html)

  51. 

  52. #define TAG_DEF(id, name, flags) {(name), (id), (sizeof(name) - 1), (flags)}

  53. 

  54. static struct html_tag_def tag_defs[] = {

  55. 	/* W3C defined elements */

  56. 	TAG_DEF(Tag_A, "a", FL_HREF),

  57. 	TAG_DEF(Tag_ABBR, "abbr", (CM_INLINE)),

  58. 	TAG_DEF(Tag_ACRONYM, "acronym", (CM_INLINE)),

  59. 	TAG_DEF(Tag_ADDRESS, "address", (CM_BLOCK)),

  60. 	TAG_DEF(Tag_APPLET, "applet", (CM_OBJECT | CM_IMG | CM_INLINE | CM_PARAM)),

  61. 	TAG_DEF(Tag_AREA, "area", (CM_BLOCK | CM_EMPTY | FL_HREF)),

  62. 	TAG_DEF(Tag_B, "b", (CM_INLINE|FL_BLOCK)),

  63. 	TAG_DEF(Tag_BASE, "base", (CM_HEAD | CM_EMPTY | FL_HREF)),

  64. 	TAG_DEF(Tag_BASEFONT, "basefont", (CM_INLINE | CM_EMPTY)),

  65. 	TAG_DEF(Tag_BDO, "bdo", (CM_INLINE)),

  66. 	TAG_DEF(Tag_BIG, "big", (CM_INLINE)),

  67. 	TAG_DEF(Tag_BLOCKQUOTE, "blockquote", (CM_BLOCK)),

  68. 	TAG_DEF(Tag_BODY, "body", (CM_HTML | CM_OPT | CM_OMITST | CM_UNIQUE | FL_BLOCK)),

  69. 	TAG_DEF(Tag_BR, "br", (CM_INLINE | CM_EMPTY)),

  70. 	TAG_DEF(Tag_BUTTON, "button", (CM_INLINE|FL_BLOCK)),

  71. 	TAG_DEF(Tag_CAPTION, "caption", (CM_TABLE)),

  72. 	TAG_DEF(Tag_CENTER, "center", (CM_BLOCK)),

  73. 	TAG_DEF(Tag_CITE, "cite", (CM_INLINE)),

  74. 	TAG_DEF(Tag_CODE, "code", (CM_INLINE)),

  75. 	TAG_DEF(Tag_COL, "col", (CM_TABLE | CM_EMPTY)),

  76. 	TAG_DEF(Tag_COLGROUP, "colgroup", (CM_TABLE | CM_OPT)),

  77. 	TAG_DEF(Tag_DD, "dd", (CM_DEFLIST | CM_OPT | CM_NO_INDENT)),

  78. 	TAG_DEF(Tag_DEL, "del", (CM_INLINE | CM_BLOCK | CM_MIXED)),

  79. 	TAG_DEF(Tag_DFN, "dfn", (CM_INLINE)),

  80. 	TAG_DEF(Tag_DIR, "dir", (CM_BLOCK | CM_OBSOLETE)),

  81. 	TAG_DEF(Tag_DIV, "div", (CM_BLOCK|FL_BLOCK)),

  82. 	TAG_DEF(Tag_DL, "dl", (CM_BLOCK|FL_BLOCK)),

  83. 	TAG_DEF(Tag_DT, "dt", (CM_DEFLIST | CM_OPT | CM_NO_INDENT)),

  84. 	TAG_DEF(Tag_EM, "em", (CM_INLINE)),

  85. 	TAG_DEF(Tag_FIELDSET, "fieldset", (CM_BLOCK)),

  86. 	TAG_DEF(Tag_FONT, "font", (FL_BLOCK)),

  87. 	TAG_DEF(Tag_FORM, "form", (CM_BLOCK)),

  88. 	TAG_DEF(Tag_FRAME, "frame", (CM_FRAMES | CM_EMPTY | FL_HREF)),

  89. 	TAG_DEF(Tag_FRAMESET, "frameset", (CM_HTML | CM_FRAMES)),

  90. 	TAG_DEF(Tag_H1, "h1", (CM_BLOCK | CM_HEADING)),

  91. 	TAG_DEF(Tag_H2, "h2", (CM_BLOCK | CM_HEADING)),

  92. 	TAG_DEF(Tag_H3, "h3", (CM_BLOCK | CM_HEADING)),

  93. 	TAG_DEF(Tag_H4, "h4", (CM_BLOCK | CM_HEADING)),

  94. 	TAG_DEF(Tag_H5, "h5", (CM_BLOCK | CM_HEADING)),

  95. 	TAG_DEF(Tag_H6, "h6", (CM_BLOCK | CM_HEADING)),

  96. 	TAG_DEF(Tag_HEAD, "head", (CM_HTML | CM_OPT | CM_OMITST | CM_UNIQUE)),

  97. 	TAG_DEF(Tag_HR, "hr", (CM_BLOCK | CM_EMPTY)),

  98. 	TAG_DEF(Tag_HTML, "html", (CM_HTML | CM_OPT | CM_OMITST | CM_UNIQUE)),

  99. 	TAG_DEF(Tag_I, "i", (CM_INLINE)),

  100. 	TAG_DEF(Tag_IFRAME, "iframe", (FL_HREF)),

  101. 	TAG_DEF(Tag_IMG, "img", (CM_INLINE | CM_IMG | CM_EMPTY)),

  102. 	TAG_DEF(Tag_INPUT, "input", (CM_INLINE | CM_IMG | CM_EMPTY)),

  103. 	TAG_DEF(Tag_INS, "ins", (CM_INLINE | CM_BLOCK | CM_MIXED)),

  104. 	TAG_DEF(Tag_ISINDEX, "isindex", (CM_BLOCK | CM_EMPTY)),

  105. 	TAG_DEF(Tag_KBD, "kbd", (CM_INLINE)),

  106. 	TAG_DEF(Tag_LABEL, "label", (CM_INLINE)),

  107. 	TAG_DEF(Tag_LEGEND, "legend", (CM_INLINE)),

  108. 	TAG_DEF(Tag_LI, "li", (CM_LIST | CM_OPT | CM_NO_INDENT | FL_BLOCK)),

  109. 	TAG_DEF(Tag_LINK, "link", (CM_HEAD | CM_EMPTY|FL_HREF)),

  110. 	TAG_DEF(Tag_LISTING, "listing", (CM_BLOCK | CM_OBSOLETE)),

  111. 	TAG_DEF(Tag_MAP, "map", (CM_INLINE|FL_HREF)),

  112. 	TAG_DEF(Tag_MENU, "menu", (CM_BLOCK | CM_OBSOLETE)),

  113. 	TAG_DEF(Tag_META, "meta", (CM_HEAD | CM_INLINE | CM_EMPTY)),

  114. 	TAG_DEF(Tag_NOFRAMES, "noframes", (CM_BLOCK | CM_FRAMES)),

  115. 	TAG_DEF(Tag_NOSCRIPT, "noscript", (CM_BLOCK | CM_INLINE | CM_MIXED)),

  116. 	TAG_DEF(Tag_OBJECT, "object", (CM_OBJECT | CM_HEAD | CM_IMG | CM_INLINE | CM_PARAM)),

  117. 	TAG_DEF(Tag_OL, "ol", (CM_BLOCK | FL_BLOCK)),

  118. 	TAG_DEF(Tag_OPTGROUP, "optgroup", (CM_FIELD | CM_OPT)),

  119. 	TAG_DEF(Tag_OPTION, "option", (CM_FIELD | CM_OPT)),

  120. 	TAG_DEF(Tag_P, "p", (CM_BLOCK | CM_OPT | FL_BLOCK)),

  121. 	TAG_DEF(Tag_PARAM, "param", (CM_INLINE | CM_EMPTY)),

  122. 	TAG_DEF(Tag_PLAINTEXT, "plaintext", (CM_BLOCK | CM_OBSOLETE)),

  123. 	TAG_DEF(Tag_PRE, "pre", (CM_BLOCK)),

  124. 	TAG_DEF(Tag_Q, "q", (CM_INLINE)),

  125. 	TAG_DEF(Tag_RB, "rb", (CM_INLINE)),

  126. 	TAG_DEF(Tag_RBC, "rbc", (CM_INLINE)),

  127. 	TAG_DEF(Tag_RP, "rp", (CM_INLINE)),

  128. 	TAG_DEF(Tag_RT, "rt", (CM_INLINE)),

  129. 	TAG_DEF(Tag_RTC, "rtc", (CM_INLINE)),

  130. 	TAG_DEF(Tag_RUBY, "ruby", (CM_INLINE)),

  131. 	TAG_DEF(Tag_S, "s", (CM_INLINE)),

  132. 	TAG_DEF(Tag_SAMP, "samp", (CM_INLINE)),

  133. 	TAG_DEF(Tag_SCRIPT, "script", (CM_HEAD | CM_MIXED)),

  134. 	TAG_DEF(Tag_SELECT, "select", (CM_INLINE | CM_FIELD)),

  135. 	TAG_DEF(Tag_SMALL, "small", (CM_INLINE)),

  136. 	TAG_DEF(Tag_SPAN, "span", (CM_BLOCK|FL_BLOCK)),

  137. 	TAG_DEF(Tag_STRIKE, "strike", (CM_INLINE)),

  138. 	TAG_DEF(Tag_STRONG, "strong", (CM_INLINE)),

  139. 	TAG_DEF(Tag_STYLE, "style", (CM_HEAD)),

  140. 	TAG_DEF(Tag_SUB, "sub", (CM_INLINE)),

  141. 	TAG_DEF(Tag_SUP, "sup", (CM_INLINE)),

  142. 	TAG_DEF(Tag_TABLE, "table", (CM_BLOCK | FL_BLOCK)),

  143. 	TAG_DEF(Tag_TBODY, "tbody", (CM_TABLE | CM_ROWGRP | CM_OPT| FL_BLOCK)),

  144. 	TAG_DEF(Tag_TD, "td", (CM_ROW | CM_OPT | CM_NO_INDENT | FL_BLOCK)),

  145. 	TAG_DEF(Tag_TEXTAREA, "textarea", (CM_INLINE | CM_FIELD)),

  146. 	TAG_DEF(Tag_TFOOT, "tfoot", (CM_TABLE | CM_ROWGRP | CM_OPT)),

  147. 	TAG_DEF(Tag_TH, "th", (CM_ROW | CM_OPT | CM_NO_INDENT | FL_BLOCK)),

  148. 	TAG_DEF(Tag_THEAD, "thead", (CM_TABLE | CM_ROWGRP | CM_OPT)),

  149. 	TAG_DEF(Tag_TITLE, "title", (CM_HEAD | CM_UNIQUE)),

  150. 	TAG_DEF(Tag_TR, "tr", (CM_TABLE | CM_OPT| FL_BLOCK)),

  151. 	TAG_DEF(Tag_TT, "tt", (CM_INLINE)),

  152. 	TAG_DEF(Tag_U, "u", (CM_INLINE)),

  153. 	TAG_DEF(Tag_UL, "ul", (CM_BLOCK|FL_BLOCK)),

  154. 	TAG_DEF(Tag_VAR, "var", (CM_INLINE)),

  155. 	TAG_DEF(Tag_XMP, "xmp", (CM_BLOCK | CM_OBSOLETE)),

  156. 	TAG_DEF(Tag_NEXTID, "nextid", (CM_HEAD | CM_EMPTY)),

  157. 

  158. 	/* proprietary elements */

  159. 	TAG_DEF(Tag_ALIGN, "align", (CM_BLOCK)),

  160. 	TAG_DEF(Tag_BGSOUND, "bgsound", (CM_HEAD | CM_EMPTY)),

  161. 	TAG_DEF(Tag_BLINK, "blink", (CM_INLINE)),

  162. 	TAG_DEF(Tag_COMMENT, "comment", (CM_INLINE)),

  163. 	TAG_DEF(Tag_EMBED, "embed", (CM_INLINE | CM_IMG | CM_EMPTY)),

  164. 	TAG_DEF(Tag_ILAYER, "ilayer", (CM_INLINE)),

  165. 	TAG_DEF(Tag_KEYGEN, "keygen", (CM_INLINE | CM_EMPTY)),

  166. 	TAG_DEF(Tag_LAYER, "layer", (CM_BLOCK)),

  167. 	TAG_DEF(Tag_MARQUEE, "marquee", (CM_INLINE | CM_OPT)),

  168. 	TAG_DEF(Tag_MULTICOL, "multicol", (CM_BLOCK)),

  169. 	TAG_DEF(Tag_NOBR, "nobr", (CM_INLINE)),

  170. 	TAG_DEF(Tag_NOEMBED, "noembed", (CM_INLINE)),

  171. 	TAG_DEF(Tag_NOLAYER, "nolayer", (CM_BLOCK | CM_INLINE | CM_MIXED)),

  172. 	TAG_DEF(Tag_NOSAVE, "nosave", (CM_BLOCK)),

  173. 	TAG_DEF(Tag_SERVER, "server", (CM_HEAD | CM_MIXED | CM_BLOCK | CM_INLINE)),

  174. 	TAG_DEF(Tag_SERVLET, "servlet", (CM_OBJECT | CM_IMG | CM_INLINE | CM_PARAM)),

  175. 	TAG_DEF(Tag_SPACER, "spacer", (CM_INLINE | CM_EMPTY)),

  176. 	TAG_DEF(Tag_WBR, "wbr", (CM_INLINE | CM_EMPTY)),

  177. };

  178. 

  179. KHASH_MAP_INIT_INT (entity_by_number, const char *);

  180. KHASH_MAP_INIT_STR (entity_by_name, const char *);

  181. KHASH_MAP_INIT_STR (tag_by_name, struct html_tag_def);

  182. KHASH_MAP_INIT_INT (tag_by_id, struct html_tag_def);

  183. KHASH_INIT (color_by_name, const rspamd_ftok_t *, struct html_color, true,

  184. 		rspamd_ftok_icase_hash, rspamd_ftok_icase_equal);

  185. 

  186. khash_t(entity_by_number) *html_entity_by_number;

  187. khash_t(entity_by_name) *html_entity_by_name;

  188. khash_t(tag_by_name) *html_tag_by_name;

  189. khash_t(tag_by_id) *html_tag_by_id;

  190. khash_t(color_by_name) *html_color_by_name;

  191. 

  192. static void

  193. rspamd_html_library_init (void)

  194. {

  195. 	guint i;

  196. 	khiter_t k;

  197. 	gint rc;

  198. 

  199. 	if (!tags_sorted) {

  200. 		html_tag_by_id = kh_init (tag_by_id);

  201. 		html_tag_by_name = kh_init (tag_by_name);

  202. 		kh_resize (tag_by_id, html_tag_by_id, G_N_ELEMENTS (tag_defs));

  203. 		kh_resize (tag_by_name, html_tag_by_name, G_N_ELEMENTS (tag_defs));

  204. 

  205. 		for (i = 0; i < G_N_ELEMENTS (tag_defs); i++) {

  206. 			k = kh_put (tag_by_id, html_tag_by_id, tag_defs[i].id, &rc);

  207. 			kh_val (html_tag_by_id, k) = tag_defs[i];

  208. 

  209. 			k = kh_put (tag_by_name, html_tag_by_name, tag_defs[i].name, &rc);

  210. 			kh_val (html_tag_by_name, k) = tag_defs[i];

  211. 		}

  212. 

  213. 		tags_sorted = 1;

  214. 	}

  215. 

  216. 	if (!entities_sorted) {

  217. 		html_entity_by_number = kh_init (entity_by_number);

  218. 		html_entity_by_name = kh_init (entity_by_name);

  219. 		kh_resize (entity_by_number, html_entity_by_number,

  220. 				G_N_ELEMENTS (entities_defs));

  221. 		kh_resize (entity_by_name, html_entity_by_name,

  222. 				G_N_ELEMENTS (entities_defs));

  223. 

  224. 		for (i = 0; i < G_N_ELEMENTS (entities_defs); i++) {

  225. 			if (entities_defs[i].code != 0) {

  226. 				k = kh_put (entity_by_number, html_entity_by_number,

  227. 						entities_defs[i].code, &rc);

  228. 				kh_val (html_entity_by_number, k) = entities_defs[i].replacement;

  229. 			}

  230. 

  231. 			k = kh_put (entity_by_name, html_entity_by_name,

  232. 					entities_defs[i].name, &rc);

  233. 			kh_val (html_entity_by_name, k) = entities_defs[i].replacement;

  234. 		}

  235. 

  236. 		html_color_by_name = kh_init (color_by_name);

  237. 		kh_resize (color_by_name, html_color_by_name,

  238. 				G_N_ELEMENTS (html_colornames));

  239. 

  240. 		rspamd_ftok_t *keys;

  241. 

  242. 		keys = g_malloc0 (sizeof (rspamd_ftok_t) *

  243. 						  G_N_ELEMENTS (html_colornames));

  244. 

  245. 		for (i = 0; i < G_N_ELEMENTS (html_colornames); i ++) {

  246. 			struct html_color c;

  247. 

  248. 			keys[i].begin = html_colornames[i].name;

  249. 			keys[i].len = strlen (html_colornames[i].name);

  250. 			k = kh_put (color_by_name, html_color_by_name,

  251. 					&keys[i], &rc);

  252. 			c.valid = true;

  253. 			c.d.comp.r = html_colornames[i].rgb.r;

  254. 			c.d.comp.g = html_colornames[i].rgb.g;

  255. 			c.d.comp.b = html_colornames[i].rgb.b;

  256. 			c.d.comp.alpha = 255;

  257. 			kh_val (html_color_by_name, k) = c;

  258. 

  259. 		}

  260. 

  261. 		entities_sorted = 1;

  262. 	}

  263. }

  264. 

  265. static gboolean

  266. rspamd_html_check_balance (GNode * node, GNode ** cur_level)

  267. {

  268. 	struct html_tag *arg = node->data, *tmp;

  269. 	GNode *cur;

  270. 

  271. 	if (arg->flags & FL_CLOSING) {

  272. 		/* First of all check whether this tag is closing tag for parent node */

  273. 		cur = node->parent;

  274. 		while (cur && cur->data) {

  275. 			tmp = cur->data;

  276. 			if (tmp->id == arg->id &&

  277. 				(tmp->flags & FL_CLOSED) == 0) {

  278. 				tmp->flags |= FL_CLOSED;

  279. 				/* Destroy current node as we find corresponding parent node */

  280. 				g_node_destroy (node);

  281. 				/* Change level */

  282. 				*cur_level = cur->parent;

  283. 				return TRUE;

  284. 			}

  285. 			cur = cur->parent;

  286. 		}

  287. 	}

  288. 	else {

  289. 		return TRUE;

  290. 	}

  291. 

  292. 	return FALSE;

  293. }

  294. 

  295. gint

  296. rspamd_html_tag_by_name (const gchar *name)

  297. {

  298. 	khiter_t k;

  299. 

  300. 	k = kh_get (tag_by_name, html_tag_by_name, name);

  301. 

  302. 	if (k != kh_end (html_tag_by_name)) {

  303. 		return kh_val (html_tag_by_name, k).id;

  304. 	}

  305. 

  306. 	return -1;

  307. }

  308. 

  309. gboolean

  310. rspamd_html_tag_seen (struct html_content *hc, const gchar *tagname)

  311. {

  312. 	gint id;

  313. 

  314. 	g_assert (hc != NULL);

  315. 	g_assert (hc->tags_seen != NULL);

  316. 

  317. 	id = rspamd_html_tag_by_name (tagname);

  318. 

  319. 	if (id != -1) {

  320. 		return isset (hc->tags_seen, id);

  321. 	}

  322. 

  323. 	return FALSE;

  324. }

  325. 

  326. const gchar *

  327. rspamd_html_tag_by_id (gint id)

  328. {

  329. 	khiter_t k;

  330. 

  331. 	k = kh_get (tag_by_id, html_tag_by_id, id);

  332. 

  333. 	if (k != kh_end (html_tag_by_id)) {

  334. 		return kh_val (html_tag_by_id, k).name;

  335. 	}

  336. 

  337. 	return NULL;

  338. }

  339. 

  340. /* Decode HTML entitles in text */

  341. guint

  342. rspamd_html_decode_entitles_inplace (gchar *s, gsize len)

  343. {

  344. 	goffset l, rep_len;

  345. 	gchar *t = s, *h = s, *e = s, *end_ptr;

  346. 	const gchar *end;

  347. 	const gchar *entity;

  348. 	gint state = 0, base;

  349. 	UChar32 uc;

  350. 	khiter_t k;

  351. 

  352. 	if (len == 0) {

  353. 		l = strlen (s);

  354. 	}

  355. 	else {

  356. 		l = len;

  357. 	}

  358. 

  359. 	end = s + l;

  360. 

  361. 	while (h - s < l) {

  362. 		switch (state) {

  363. 		/* Out of entity */

  364. 		case 0:

  365. 			if (*h == '&') {

  366. 				state = 1;

  367. 				e = h;

  368. 				h++;

  369. 				continue;

  370. 			}

  371. 			else {

  372. 				*t = *h;

  373. 				h++;

  374. 				t++;

  375. 			}

  376. 			break;

  377. 		case 1:

  378. 			if (*h == ';' && h > e) {

  379. 				/* Determine base */

  380. 				/* First find in entities table */

  381. 				*h = '\0';

  382. 				entity = e + 1;

  383. 				uc = 0;

  384. 

  385. 				if (*entity != '#') {

  386. 					k = kh_get (entity_by_name, html_entity_by_name, entity);

  387. 					*h = ';';

  388. 

  389. 					if (k != kh_end (html_entity_by_name)) {

  390. 						if (kh_val (html_entity_by_name, k)) {

  391. 							rep_len = strlen (kh_val (html_entity_by_name, k));

  392. 

  393. 							if (end - t >= rep_len) {

  394. 								memcpy (t, kh_val (html_entity_by_name, k),

  395. 										rep_len);

  396. 								t += rep_len;

  397. 							}

  398. 						} else {

  399. 							if (end - t > h - e + 1) {

  400. 								memmove (t, e, h - e + 1);

  401. 								t += h - e + 1;

  402. 							}

  403. 						}

  404. 					}

  405. 					else {

  406. 						if (end - t > h - e + 1) {

  407. 							memmove (t, e, h - e + 1);

  408. 							t += h - e + 1;

  409. 						}

  410. 					}

  411. 				}

  412. 				else if (e + 2 < h) {

  413. 					if (*(e + 2) == 'x' || *(e + 2) == 'X') {

  414. 						base = 16;

  415. 					}

  416. 					else if (*(e + 2) == 'o' || *(e + 2) == 'O') {

  417. 						base = 8;

  418. 					}

  419. 					else {

  420. 						base = 10;

  421. 					}

  422. 

  423. 					if (base == 10) {

  424. 						uc = strtoul ((e + 2), &end_ptr, base);

  425. 					}

  426. 					else {

  427. 						uc = strtoul ((e + 3), &end_ptr, base);

  428. 					}

  429. 

  430. 					if (end_ptr != NULL && *end_ptr != '\0') {

  431. 						/* Skip undecoded */

  432. 						*h = ';';

  433. 

  434. 						if (end - t > h - e + 1) {

  435. 							memmove (t, e, h - e + 1);

  436. 							t += h - e + 1;

  437. 						}

  438. 					}

  439. 					else {

  440. 						/* Search for a replacement */

  441. 						*h = ';';

  442. 						k = kh_get (entity_by_number, html_entity_by_number, uc);

  443. 

  444. 						if (k != kh_end (html_entity_by_number)) {

  445. 							if (kh_val (html_entity_by_number, k)) {

  446. 								rep_len = strlen (kh_val (html_entity_by_number, k));

  447. 

  448. 								if (end - t >= rep_len) {

  449. 									memcpy (t, kh_val (html_entity_by_number, k),

  450. 											rep_len);

  451. 									t += rep_len;

  452. 								}

  453. 							} else {

  454. 								if (end - t > h - e + 1) {

  455. 									memmove (t, e, h - e + 1);

  456. 									t += h - e + 1;

  457. 								}

  458. 							}

  459. 						}

  460. 						else {

  461. 							/* Unicode point */

  462. 							goffset off = t - s;

  463. 							UBool is_error = 0;

  464. 

  465. 							if (uc > 0) {

  466. 								U8_APPEND (s, off, len, uc, is_error);

  467. 								if (!is_error) {

  468. 									t = s + off;

  469. 								}

  470. 								else {

  471. 									/* Leave invalid entities as is */

  472. 									if (end - t > h - e + 1) {

  473. 										memmove (t, e, h - e + 1);

  474. 										t += h - e + 1;

  475. 									}

  476. 								}

  477. 							}

  478. 							else if (end - t > h - e + 1) {

  479. 								memmove (t, e, h - e + 1);

  480. 								t += h - e + 1;

  481. 							}

  482. 						}

  483. 					}

  484. 				}

  485. 

  486. 				state = 0;

  487. 			}

  488. 			else if (*h == '&') {

  489. 				/* Previous `&` was bogus */

  490. 				state = 1;

  491. 

  492. 				if (end - t > h - e) {

  493. 					memmove (t, e, h - e);

  494. 					t += h - e;

  495. 				}

  496. 

  497. 				e = h;

  498. 			}

  499. 

  500. 			h++;

  501. 

  502. 			break;

  503. 		}

  504. 	}

  505. 

  506. 	/* Leftover */

  507. 	if (state == 1 && h > e) {

  508. 		/* Unfinished entity, copy as is */

  509. 		if (end - t > h - e) {

  510. 			memmove (t, e, h - e);

  511. 			t += h - e;

  512. 		}

  513. 	}

  514. 

  515. 	return (t - s);

  516. }

  517. 

  518. static gboolean

  519. rspamd_url_is_subdomain (rspamd_ftok_t *t1, rspamd_ftok_t *t2)

  520. {

  521. 	const gchar *p1, *p2;

  522. 

  523. 	p1 = t1->begin + t1->len - 1;

  524. 	p2 = t2->begin + t2->len - 1;

  525. 

  526. 	/* Skip trailing dots */

  527. 	while (p1 > t1->begin) {

  528. 		if (*p1 != '.') {

  529. 			break;

  530. 		}

  531. 

  532. 		p1 --;

  533. 	}

  534. 

  535. 	while (p2 > t2->begin) {

  536. 		if (*p2 != '.') {

  537. 			break;

  538. 		}

  539. 

  540. 		p2 --;

  541. 	}

  542. 

  543. 	while (p1 > t1->begin && p2 > t2->begin) {

  544. 		if (*p1 != *p2) {

  545. 			break;

  546. 		}

  547. 

  548. 		p1 --;

  549. 		p2 --;

  550. 	}

  551. 

  552. 	if (p2 == t2->begin) {

  553. 		/* p2 can be subdomain of p1 if *p1 is '.' */

  554. 		if (p1 != t1->begin && *(p1 - 1) == '.') {

  555. 			return TRUE;

  556. 		}

  557. 	}

  558. 	else if (p1 == t1->begin) {

  559. 		if (p2 != t2->begin && *(p2 - 1) == '.') {

  560. 			return TRUE;

  561. 		}

  562. 	}

  563. 

  564. 	return FALSE;

  565. }

  566. 

  567. static void

  568. rspamd_html_url_is_phished (rspamd_mempool_t *pool,

  569. 	struct rspamd_url *href_url,

  570. 	const guchar *url_text,

  571. 	gsize len,

  572. 	gboolean *url_found,

  573. 	struct rspamd_url **ptext_url)

  574. {

  575. 	struct rspamd_url *text_url;

  576. 	rspamd_ftok_t phished_tld, disp_tok, href_tok;

  577. 	gint rc;

  578. 	goffset url_pos;

  579. 	gchar *url_str = NULL, *idn_hbuf;

  580. 	const guchar *end = url_text + len, *p;

  581. #if U_ICU_VERSION_MAJOR_NUM >= 46

  582. 	static UIDNA *udn;

  583. 	UErrorCode uc_err = U_ZERO_ERROR;

  584. 	UIDNAInfo uinfo = UIDNA_INFO_INITIALIZER;

  585. #endif

  586. 

  587. 	*url_found = FALSE;

  588. #if U_ICU_VERSION_MAJOR_NUM >= 46

  589. 	if (udn == NULL) {

  590. 		udn = uidna_openUTS46 (UIDNA_DEFAULT, &uc_err);

  591. 

  592. 		if (uc_err != U_ZERO_ERROR) {

  593. 			msg_err_pool ("cannot init idna converter: %s", u_errorName (uc_err));

  594. 		}

  595. 	}

  596. #endif

  597. 

  598. 	while (url_text < end && g_ascii_isspace (*url_text)) {

  599. 		url_text ++;

  600. 	}

  601. 

  602. 	if (end > url_text + 4 &&

  603. 			rspamd_url_find (pool, url_text, end - url_text, &url_str,

  604. 					RSPAMD_URL_FIND_ALL,

  605. 					&url_pos, NULL) &&

  606. 			url_str != NULL) {

  607. 		if (url_pos > 0) {

  608. 			/*

  609. 			 * We have some url at some offset, so we need to check what is

  610. 			 * at the start of the text

  611. 			 */

  612. 			p = url_text;

  613. 

  614. 			while (p < url_text + url_pos) {

  615. 				if (!g_ascii_isspace (*p)) {

  616. 					*url_found = FALSE;

  617. 					return;

  618. 				}

  619. 

  620. 				p++;

  621. 			}

  622. 		}

  623. 		text_url = rspamd_mempool_alloc0 (pool, sizeof (struct rspamd_url));

  624. 		rc = rspamd_url_parse (text_url, url_str, strlen (url_str), pool,

  625. 				RSPAMD_URL_PARSE_TEXT);

  626. 

  627. 		if (rc == URI_ERRNO_OK) {

  628. 			disp_tok.len = text_url->hostlen;

  629. 			disp_tok.begin = text_url->host;

  630. #if U_ICU_VERSION_MAJOR_NUM >= 46

  631. 			if (rspamd_substring_search_caseless (text_url->host,

  632. 					text_url->hostlen, "xn--", 4) != -1) {

  633. 				idn_hbuf = rspamd_mempool_alloc (pool, text_url->hostlen * 2 + 1);

  634. 				/* We need to convert it to the normal value first */

  635. 				disp_tok.len = uidna_nameToUnicodeUTF8 (udn,

  636. 						text_url->host, text_url->hostlen,

  637. 						idn_hbuf, text_url->hostlen * 2 + 1, &uinfo, &uc_err);

  638. 

  639. 				if (uc_err != U_ZERO_ERROR) {

  640. 					msg_err_pool ("cannot convert to IDN: %s",

  641. 							u_errorName (uc_err));

  642. 					disp_tok.len = text_url->hostlen;

  643. 				}

  644. 				else {

  645. 					disp_tok.begin = idn_hbuf;

  646. 				}

  647. 			}

  648. #endif

  649. 			href_tok.len = href_url->hostlen;

  650. 			href_tok.begin = href_url->host;

  651. #if U_ICU_VERSION_MAJOR_NUM >= 46

  652. 			if (rspamd_substring_search_caseless (href_url->host,

  653. 					href_url->hostlen, "xn--", 4) != -1) {

  654. 				idn_hbuf = rspamd_mempool_alloc (pool, href_url->hostlen * 2 + 1);

  655. 				/* We need to convert it to the normal value first */

  656. 				href_tok.len = uidna_nameToUnicodeUTF8 (udn,

  657. 						href_url->host, href_url->hostlen,

  658. 						idn_hbuf, href_url->hostlen * 2 + 1, &uinfo, &uc_err);

  659. 

  660. 				if (uc_err != U_ZERO_ERROR) {

  661. 					msg_err_pool ("cannot convert to IDN: %s",

  662. 							u_errorName (uc_err));

  663. 					href_tok.len = href_url->hostlen;

  664. 				}

  665. 				else {

  666. 					href_tok.begin = idn_hbuf;

  667. 				}

  668. 			}

  669. #endif

  670. 			if (rspamd_ftok_casecmp (&disp_tok, &href_tok) != 0 &&

  671. 					text_url->tldlen > 0 && href_url->tldlen > 0) {

  672. 

  673. 				/* Apply the same logic for TLD */

  674. 				disp_tok.len = text_url->tldlen;

  675. 				disp_tok.begin = text_url->tld;

  676. #if U_ICU_VERSION_MAJOR_NUM >= 46

  677. 				if (rspamd_substring_search_caseless (text_url->tld,

  678. 						text_url->tldlen, "xn--", 4) != -1) {

  679. 					idn_hbuf = rspamd_mempool_alloc (pool, text_url->tldlen * 2 + 1);

  680. 					/* We need to convert it to the normal value first */

  681. 					disp_tok.len = uidna_nameToUnicodeUTF8 (udn,

  682. 							text_url->tld, text_url->tldlen,

  683. 							idn_hbuf, text_url->tldlen * 2 + 1, &uinfo, &uc_err);

  684. 

  685. 					if (uc_err != U_ZERO_ERROR) {

  686. 						msg_err_pool ("cannot convert to IDN: %s",

  687. 								u_errorName (uc_err));

  688. 						disp_tok.len = text_url->tldlen;

  689. 					}

  690. 					else {

  691. 						disp_tok.begin = idn_hbuf;

  692. 					}

  693. 				}

  694. #endif

  695. 				href_tok.len = href_url->tldlen;

  696. 				href_tok.begin = href_url->tld;

  697. #if U_ICU_VERSION_MAJOR_NUM >= 46

  698. 				if (rspamd_substring_search_caseless (href_url->tld,

  699. 						href_url->tldlen, "xn--", 4) != -1) {

  700. 					idn_hbuf = rspamd_mempool_alloc (pool, href_url->tldlen * 2 + 1);

  701. 					/* We need to convert it to the normal value first */

  702. 					href_tok.len = uidna_nameToUnicodeUTF8 (udn,

  703. 							href_url->tld, href_url->tldlen,

  704. 							idn_hbuf, href_url->tldlen * 2 + 1, &uinfo, &uc_err);

  705. 

  706. 					if (uc_err != U_ZERO_ERROR) {

  707. 						msg_err_pool ("cannot convert to IDN: %s",

  708. 								u_errorName (uc_err));

  709. 						href_tok.len = href_url->tldlen;

  710. 					}

  711. 					else {

  712. 						href_tok.begin = idn_hbuf;

  713. 					}

  714. 				}

  715. #endif

  716. 				if (rspamd_ftok_casecmp (&disp_tok, &href_tok) != 0) {

  717. 					/* Check if one url is a subdomain for another */

  718. 

  719. 					if (!rspamd_url_is_subdomain (&disp_tok, &href_tok)) {

  720. 						href_url->flags |= RSPAMD_URL_FLAG_PHISHED;

  721. 						href_url->phished_url = text_url;

  722. 						phished_tld.begin = href_tok.begin;

  723. 						phished_tld.len = href_tok.len;

  724. 						text_url->flags |= RSPAMD_URL_FLAG_HTML_DISPLAYED;

  725. 					}

  726. 				}

  727. 			}

  728. 

  729. 			*ptext_url = text_url;

  730. 			*url_found = TRUE;

  731. 		}

  732. 		else {

  733. 			msg_info_pool ("extract of url '%s' failed: %s",

  734. 					url_str,

  735. 					rspamd_url_strerror (rc));

  736. 		}

  737. 	}

  738. 

  739. }

  740. 

  741. static gboolean

  742. rspamd_html_process_tag (rspamd_mempool_t *pool, struct html_content *hc,

  743. 		struct html_tag *tag, GNode **cur_level, gboolean *balanced)

  744. {

  745. 	GNode *nnode;

  746. 	struct html_tag *parent;

  747. 

  748. 	if (hc->html_tags == NULL) {

  749. 		nnode = g_node_new (NULL);

  750. 		*cur_level = nnode;

  751. 		hc->html_tags = nnode;

  752. 		rspamd_mempool_add_destructor (pool,

  753. 				(rspamd_mempool_destruct_t) g_node_destroy,

  754. 				nnode);

  755. 	}

  756. 

  757. 	if (hc->total_tags > max_tags) {

  758. 		hc->flags |= RSPAMD_HTML_FLAG_TOO_MANY_TAGS;

  759. 	}

  760. 

  761. 	if (tag->id == -1) {

  762. 		/* Ignore unknown tags */

  763. 		hc->total_tags ++;

  764. 		return FALSE;

  765. 	}

  766. 

  767. 	tag->parent = *cur_level;

  768. 

  769. 	if (!(tag->flags & CM_INLINE)) {

  770. 		/* Block tag */

  771. 		if (tag->flags & (FL_CLOSING|FL_CLOSED)) {

  772. 			if (!*cur_level) {

  773. 				msg_debug_html ("bad parent node");

  774. 				return FALSE;

  775. 			}

  776. 

  777. 			if (hc->total_tags < max_tags) {

  778. 				nnode = g_node_new (tag);

  779. 				g_node_append (*cur_level, nnode);

  780. 

  781. 				if (!rspamd_html_check_balance (nnode, cur_level)) {

  782. 					msg_debug_html (

  783. 							"mark part as unbalanced as it has not pairable closing tags");

  784. 					hc->flags |= RSPAMD_HTML_FLAG_UNBALANCED;

  785. 					*balanced = FALSE;

  786. 				} else {

  787. 					*balanced = TRUE;

  788. 				}

  789. 

  790. 				hc->total_tags ++;

  791. 			}

  792. 		}

  793. 		else {

  794. 			parent = (*cur_level)->data;

  795. 

  796. 			if (parent) {

  797. 				if ((parent->flags & FL_IGNORE)) {

  798. 					tag->flags |= FL_IGNORE;

  799. 				}

  800. 

  801. 				if (!(tag->flags & FL_CLOSED) &&

  802. 						!(parent->flags & FL_BLOCK)) {

  803. 					/* We likely have some bad nesting */

  804. 					if (parent->id == tag->id) {

  805. 						/* Something like <a>bla<a>foo... */

  806. 						hc->flags |= RSPAMD_HTML_FLAG_UNBALANCED;

  807. 						*balanced = FALSE;

  808. 						tag->parent = parent->parent;

  809. 

  810. 						if (hc->total_tags < max_tags) {

  811. 							nnode = g_node_new (tag);

  812. 							g_node_append (parent->parent, nnode);

  813. 							*cur_level = nnode;

  814. 							hc->total_tags ++;

  815. 						}

  816. 

  817. 						return TRUE;

  818. 					}

  819. 				}

  820. 

  821. 				parent->content_length += tag->content_length;

  822. 			}

  823. 

  824. 			if (hc->total_tags < max_tags) {

  825. 				nnode = g_node_new (tag);

  826. 				g_node_append (*cur_level, nnode);

  827. 

  828. 				if ((tag->flags & FL_CLOSED) == 0) {

  829. 					*cur_level = nnode;

  830. 				}

  831. 

  832. 				hc->total_tags ++;

  833. 			}

  834. 

  835. 			if (tag->flags & (CM_HEAD|CM_UNKNOWN|FL_IGNORE)) {

  836. 				tag->flags |= FL_IGNORE;

  837. 

  838. 				return FALSE;

  839. 			}

  840. 

  841. 		}

  842. 	}

  843. 	else {

  844. 		/* Inline tag */

  845. 		parent = (*cur_level)->data;

  846. 

  847. 		if (parent && (parent->flags & (CM_HEAD|CM_UNKNOWN|FL_IGNORE))) {

  848. 			tag->flags |= FL_IGNORE;

  849. 

  850. 			return FALSE;

  851. 		}

  852. 	}

  853. 

  854. 	return TRUE;

  855. }

  856. 

  857. #define NEW_COMPONENT(comp_type) do {							\

  858. 	comp = rspamd_mempool_alloc (pool, sizeof (*comp));			\

  859. 	comp->type = (comp_type);									\

  860. 	comp->start = NULL;											\

  861. 	comp->len = 0;												\

  862. 	g_queue_push_tail (tag->params, comp);						\

  863. 	ret = TRUE;													\

  864. } while(0)

  865. 

  866. static gboolean

  867. rspamd_html_parse_tag_component (rspamd_mempool_t *pool,

  868. 		const guchar *begin, const guchar *end,

  869. 		struct html_tag *tag)

  870. {

  871. 	struct html_tag_component *comp;

  872. 	gint len;

  873. 	gboolean ret = FALSE;

  874. 	gchar *p;

  875. 

  876. 	g_assert (end >= begin);

  877. 	p = rspamd_mempool_alloc (pool, end - begin);

  878. 	memcpy (p, begin, end - begin);

  879. 	len = rspamd_html_decode_entitles_inplace (p, end - begin);

  880. 

  881. 	if (len == 3) {

  882. 		if (g_ascii_strncasecmp (p, "src", len) == 0) {

  883. 			NEW_COMPONENT (RSPAMD_HTML_COMPONENT_HREF);

  884. 		}

  885. 	}

  886. 	else if (len == 4) {

  887. 		if (g_ascii_strncasecmp (p, "href", len) == 0) {

  888. 			NEW_COMPONENT (RSPAMD_HTML_COMPONENT_HREF);

  889. 		}

  890. 	}

  891. 

  892. 	if (tag->id == Tag_IMG) {

  893. 		/* Check width and height if presented */

  894. 		if (len == 5 && g_ascii_strncasecmp (p, "width", len) == 0) {

  895. 			NEW_COMPONENT (RSPAMD_HTML_COMPONENT_WIDTH);

  896. 		}

  897. 		else if (len == 6 && g_ascii_strncasecmp (p, "height", len) == 0) {

  898. 			NEW_COMPONENT (RSPAMD_HTML_COMPONENT_HEIGHT);

  899. 		}

  900. 		else if (g_ascii_strncasecmp (p, "style", len) == 0) {

  901. 			NEW_COMPONENT (RSPAMD_HTML_COMPONENT_STYLE);

  902. 		}

  903. 	}

  904. 	else if (tag->id == Tag_FONT) {

  905. 		if (len == 5){

  906. 			if (g_ascii_strncasecmp (p, "color", len) == 0) {

  907. 				NEW_COMPONENT (RSPAMD_HTML_COMPONENT_COLOR);

  908. 			}

  909. 			else if (g_ascii_strncasecmp (p, "style", len) == 0) {

  910. 				NEW_COMPONENT (RSPAMD_HTML_COMPONENT_STYLE);

  911. 			}

  912. 			else if (g_ascii_strncasecmp (p, "class", len) == 0) {

  913. 				NEW_COMPONENT (RSPAMD_HTML_COMPONENT_CLASS);

  914. 			}

  915. 		}

  916. 		else if (len == 7) {

  917. 			if (g_ascii_strncasecmp (p, "bgcolor", len) == 0) {

  918. 				NEW_COMPONENT (RSPAMD_HTML_COMPONENT_BGCOLOR);

  919. 			}

  920. 		}

  921. 		else if (len == 4) {

  922. 			if (g_ascii_strncasecmp (p, "size", len) == 0) {

  923. 				NEW_COMPONENT (RSPAMD_HTML_COMPONENT_SIZE);

  924. 			}

  925. 		}

  926. 	}

  927. 	else if (tag->flags & FL_BLOCK) {

  928. 		if (len == 5){

  929. 			if (g_ascii_strncasecmp (p, "color", len) == 0) {

  930. 				NEW_COMPONENT (RSPAMD_HTML_COMPONENT_COLOR);

  931. 			}

  932. 			else if (g_ascii_strncasecmp (p, "style", len) == 0) {

  933. 				NEW_COMPONENT (RSPAMD_HTML_COMPONENT_STYLE);

  934. 			}

  935. 			else if (g_ascii_strncasecmp (p, "class", len) == 0) {

  936. 				NEW_COMPONENT (RSPAMD_HTML_COMPONENT_CLASS);

  937. 			}

  938. 		}

  939. 		else if (len == 7) {

  940. 			if (g_ascii_strncasecmp (p, "bgcolor", len) == 0) {

  941. 				NEW_COMPONENT (RSPAMD_HTML_COMPONENT_BGCOLOR);

  942. 			}

  943. 		}

  944. 	}

  945. 

  946. 	return ret;

  947. }

  948. 

  949. static inline void

  950. rspamd_html_parse_tag_content (rspamd_mempool_t *pool,

  951. 		struct html_content *hc, struct html_tag *tag, const guchar *in,

  952. 		gint *statep, guchar const **savep)

  953. {

  954. 	enum {

  955. 		parse_start = 0,

  956. 		parse_name,

  957. 		parse_attr_name,

  958. 		parse_equal,

  959. 		parse_start_dquote,

  960. 		parse_dqvalue,

  961. 		parse_end_dquote,

  962. 		parse_start_squote,

  963. 		parse_sqvalue,

  964. 		parse_end_squote,

  965. 		parse_value,

  966. 		spaces_after_name,

  967. 		spaces_before_eq,

  968. 		spaces_after_eq,

  969. 		spaces_after_param,

  970. 		ignore_bad_tag

  971. 	} state;

  972. 	struct html_tag_def *found;

  973. 	gboolean store = FALSE;

  974. 	struct html_tag_component *comp;

  975. 

  976. 	state = *statep;

  977. 

  978. 	switch (state) {

  979. 	case parse_start:

  980. 		if (!g_ascii_isalpha (*in) && !g_ascii_isspace (*in)) {

  981. 			hc->flags |= RSPAMD_HTML_FLAG_BAD_ELEMENTS;

  982. 			state = ignore_bad_tag;

  983. 			tag->id = -1;

  984. 			tag->flags |= FL_BROKEN;

  985. 		}

  986. 		else if (g_ascii_isalpha (*in)) {

  987. 			state = parse_name;

  988. 			tag->name.start = in;

  989. 		}

  990. 		break;

  991. 

  992. 	case parse_name:

  993. 		if (g_ascii_isspace (*in) || *in == '>' || *in == '/') {

  994. 			g_assert (in >= tag->name.start);

  995. 

  996. 			if (*in == '/') {

  997. 				tag->flags |= FL_CLOSED;

  998. 			}

  999. 

  1000. 			tag->name.len = in - tag->name.start;

  1001. 

  1002. 			if (tag->name.len == 0) {

  1003. 				hc->flags |= RSPAMD_HTML_FLAG_BAD_ELEMENTS;

  1004. 				tag->id = -1;

  1005. 				tag->flags |= FL_BROKEN;

  1006. 				state = ignore_bad_tag;

  1007. 			}

  1008. 			else {

  1009. 				gchar *s;

  1010. 				khiter_t k;

  1011. 				/* We CANNOT safely modify tag's name here, as it is already parsed */

  1012. 

  1013. 				s = rspamd_mempool_alloc (pool, tag->name.len + 1);

  1014. 				memcpy (s, tag->name.start, tag->name.len);

  1015. 				tag->name.len = rspamd_html_decode_entitles_inplace (s,

  1016. 						tag->name.len);

  1017. 				tag->name.start = s;

  1018. 				tag->name.len = rspamd_str_lc_utf8 (s, tag->name.len);

  1019. 				s[tag->name.len] = '\0';

  1020. 

  1021. 				k = kh_get (tag_by_name, html_tag_by_name, s);

  1022. 

  1023. 				if (k == kh_end (html_tag_by_name)) {

  1024. 					hc->flags |= RSPAMD_HTML_FLAG_UNKNOWN_ELEMENTS;

  1025. 					tag->id = -1;

  1026. 				}

  1027. 				else {

  1028. 					found = &kh_val (html_tag_by_name, k);

  1029. 					tag->id = found->id;

  1030. 					tag->flags = found->flags;

  1031. 				}

  1032. 

  1033. 				state = spaces_after_name;

  1034. 			}

  1035. 		}

  1036. 		break;

  1037. 

  1038. 	case parse_attr_name:

  1039. 		if (*savep == NULL) {

  1040. 			state = ignore_bad_tag;

  1041. 		}

  1042. 		else {

  1043. 			const guchar *attr_name_end = in;

  1044. 

  1045. 			if (*in == '=') {

  1046. 				state = parse_equal;

  1047. 			}

  1048. 			else if (*in == '"') {

  1049. 				/* No equal or something sane but we have quote character */

  1050. 				state = parse_start_dquote;

  1051. 				attr_name_end = in - 1;

  1052. 

  1053. 				while (attr_name_end > *savep) {

  1054. 					if (!g_ascii_isalnum (*attr_name_end)) {

  1055. 						attr_name_end --;

  1056. 					}

  1057. 					else {

  1058. 						break;

  1059. 					}

  1060. 				}

  1061. 

  1062. 				/* One character forward to obtain length */

  1063. 				attr_name_end ++;

  1064. 			}

  1065. 			else if (g_ascii_isspace (*in)) {

  1066. 				state = spaces_before_eq;

  1067. 			}

  1068. 			else if (*in == '/') {

  1069. 				tag->flags |= FL_CLOSED;

  1070. 			}

  1071. 			else if (!g_ascii_isgraph (*in)) {

  1072. 				state = parse_value;

  1073. 				attr_name_end = in - 1;

  1074. 

  1075. 				while (attr_name_end > *savep) {

  1076. 					if (!g_ascii_isalnum (*attr_name_end)) {

  1077. 						attr_name_end --;

  1078. 					}

  1079. 					else {

  1080. 						break;

  1081. 					}

  1082. 				}

  1083. 

  1084. 				/* One character forward to obtain length */

  1085. 				attr_name_end ++;

  1086. 			}

  1087. 			else {

  1088. 				return;

  1089. 			}

  1090. 

  1091. 			if (!rspamd_html_parse_tag_component (pool, *savep, attr_name_end, tag)) {

  1092. 				/* Ignore unknown params */

  1093. 				*savep = NULL;

  1094. 			}

  1095. 			else if (state == parse_value) {

  1096. 				*savep = in + 1;

  1097. 			}

  1098. 		}

  1099. 

  1100. 		break;

  1101. 

  1102. 	case spaces_after_name:

  1103. 		if (!g_ascii_isspace (*in)) {

  1104. 			*savep = in;

  1105. 			if (*in == '/') {

  1106. 				tag->flags |= FL_CLOSED;

  1107. 			}

  1108. 			else if (*in != '>') {

  1109. 				state = parse_attr_name;

  1110. 			}

  1111. 		}

  1112. 		break;

  1113. 

  1114. 	case spaces_before_eq:

  1115. 		if (*in == '=') {

  1116. 			state = parse_equal;

  1117. 		}

  1118. 		else if (!g_ascii_isspace (*in)) {

  1119. 			hc->flags |= RSPAMD_HTML_FLAG_BAD_ELEMENTS;

  1120. 			tag->flags |= FL_BROKEN;

  1121. 			state = ignore_bad_tag;

  1122. 		}

  1123. 		break;

  1124. 

  1125. 	case spaces_after_eq:

  1126. 		if (*in == '"') {

  1127. 			state = parse_start_dquote;

  1128. 		}

  1129. 		else if (*in == '\'') {

  1130. 			state = parse_start_squote;

  1131. 		}

  1132. 		else if (!g_ascii_isspace (*in)) {

  1133. 			if (*savep != NULL) {

  1134. 				/* We need to save this param */

  1135. 				*savep = in;

  1136. 			}

  1137. 			state = parse_value;

  1138. 		}

  1139. 		break;

  1140. 

  1141. 	case parse_equal:

  1142. 		if (g_ascii_isspace (*in)) {

  1143. 			state = spaces_after_eq;

  1144. 		}

  1145. 		else if (*in == '"') {

  1146. 			state = parse_start_dquote;

  1147. 		}

  1148. 		else if (*in == '\'') {

  1149. 			state = parse_start_squote;

  1150. 		}

  1151. 		else {

  1152. 			if (*savep != NULL) {

  1153. 				/* We need to save this param */

  1154. 				*savep = in;

  1155. 			}

  1156. 			state = parse_value;

  1157. 		}

  1158. 		break;

  1159. 

  1160. 	case parse_start_dquote:

  1161. 		if (*in == '"') {

  1162. 			if (*savep != NULL) {

  1163. 				/* We have an empty attribute value */

  1164. 				savep = NULL;

  1165. 			}

  1166. 			state = spaces_after_param;

  1167. 		}

  1168. 		else {

  1169. 			if (*savep != NULL) {

  1170. 				/* We need to save this param */

  1171. 				*savep = in;

  1172. 			}

  1173. 			state = parse_dqvalue;

  1174. 		}

  1175. 		break;

  1176. 

  1177. 	case parse_start_squote:

  1178. 		if (*in == '\'') {

  1179. 			if (*savep != NULL) {

  1180. 				/* We have an empty attribute value */

  1181. 				savep = NULL;

  1182. 			}

  1183. 			state = spaces_after_param;

  1184. 		}

  1185. 		else {

  1186. 			if (*savep != NULL) {

  1187. 				/* We need to save this param */

  1188. 				*savep = in;

  1189. 			}

  1190. 			state = parse_sqvalue;

  1191. 		}

  1192. 		break;

  1193. 

  1194. 	case parse_dqvalue:

  1195. 		if (*in == '"') {

  1196. 			store = TRUE;

  1197. 			state = parse_end_dquote;

  1198. 		}

  1199. 

  1200. 		if (store) {

  1201. 			if (*savep != NULL) {

  1202. 				gchar *s;

  1203. 

  1204. 				g_assert (tag->params != NULL);

  1205. 				comp = g_queue_peek_tail (tag->params);

  1206. 				g_assert (comp != NULL);

  1207. 				comp->len = in - *savep;

  1208. 				s = rspamd_mempool_alloc (pool, comp->len);

  1209. 				memcpy (s, *savep, comp->len);

  1210. 				comp->len = rspamd_html_decode_entitles_inplace (s, comp->len);

  1211. 				comp->start = s;

  1212. 				*savep = NULL;

  1213. 			}

  1214. 		}

  1215. 		break;

  1216. 

  1217. 	case parse_sqvalue:

  1218. 		if (*in == '\'') {

  1219. 			store = TRUE;

  1220. 			state = parse_end_squote;

  1221. 		}

  1222. 		if (store) {

  1223. 			if (*savep != NULL) {

  1224. 				gchar *s;

  1225. 

  1226. 				g_assert (tag->params != NULL);

  1227. 				comp = g_queue_peek_tail (tag->params);

  1228. 				g_assert (comp != NULL);

  1229. 				comp->len = in - *savep;

  1230. 				s = rspamd_mempool_alloc (pool, comp->len);

  1231. 				memcpy (s, *savep, comp->len);

  1232. 				comp->len = rspamd_html_decode_entitles_inplace (s, comp->len);

  1233. 				comp->start = s;

  1234. 				*savep = NULL;

  1235. 			}

  1236. 		}

  1237. 		break;

  1238. 

  1239. 	case parse_value:

  1240. 		if (*in == '/' && *(in + 1) == '>') {

  1241. 			tag->flags |= FL_CLOSED;

  1242. 			store = TRUE;

  1243. 		}

  1244. 		else if (g_ascii_isspace (*in) || *in == '>' || *in == '"') {

  1245. 			store = TRUE;

  1246. 			state = spaces_after_param;

  1247. 		}

  1248. 

  1249. 		if (store) {

  1250. 			if (*savep != NULL) {

  1251. 				gchar *s;

  1252. 

  1253. 				g_assert (tag->params != NULL);

  1254. 				comp = g_queue_peek_tail (tag->params);

  1255. 				g_assert (comp != NULL);

  1256. 				comp->len = in - *savep;

  1257. 				s = rspamd_mempool_alloc (pool, comp->len);

  1258. 				memcpy (s, *savep, comp->len);

  1259. 				comp->len = rspamd_html_decode_entitles_inplace (s, comp->len);

  1260. 				comp->start = s;

  1261. 				*savep = NULL;

  1262. 			}

  1263. 		}

  1264. 		break;

  1265. 

  1266. 	case parse_end_dquote:

  1267. 	case parse_end_squote:

  1268. 		if (g_ascii_isspace (*in)) {

  1269. 			state = spaces_after_param;

  1270. 		}

  1271. 		else if (*in == '/' && *(in + 1) == '>') {

  1272. 			tag->flags |= FL_CLOSED;

  1273. 		}

  1274. 		break;

  1275. 

  1276. 	case spaces_after_param:

  1277. 		if (!g_ascii_isspace (*in)) {

  1278. 			if (*in == '/' && *(in + 1) == '>') {

  1279. 				tag->flags |= FL_CLOSED;

  1280. 			}

  1281. 

  1282. 			state = parse_attr_name;

  1283. 			*savep = in;

  1284. 		}

  1285. 		break;

  1286. 

  1287. 	case ignore_bad_tag:

  1288. 		break;

  1289. 	}

  1290. 

  1291. 	*statep = state;

  1292. }

  1293. 

  1294. 

  1295. 

  1296. struct rspamd_url *

  1297. rspamd_html_process_url (rspamd_mempool_t *pool, const gchar *start, guint len,

  1298. 		struct html_tag_component *comp)

  1299. {

  1300. 	struct rspamd_url *url;

  1301. 	guint saved_flags = 0;

  1302. 	gchar *decoded;

  1303. 	gint rc;

  1304. 	gsize decoded_len;

  1305. 	const gchar *p, *s, *prefix = "http://";

  1306. 	gchar *d;

  1307. 	guint i, dlen;

  1308. 	gboolean has_bad_chars = FALSE, no_prefix = FALSE;

  1309. 	static const gchar hexdigests[16] = "0123456789abcdef";

  1310. 

  1311. 	p = start;

  1312. 

  1313. 	/* Strip spaces from the url */

  1314. 	/* Head spaces */

  1315. 	while (p < start + len && g_ascii_isspace (*p)) {

  1316. 		p ++;

  1317. 		start ++;

  1318. 		len --;

  1319. 	}

  1320. 

  1321. 	if (comp) {

  1322. 		comp->start = p;

  1323. 		comp->len = len;

  1324. 	}

  1325. 

  1326. 	/* Trailing spaces */

  1327. 	p = start + len - 1;

  1328. 

  1329. 	while (p >= start && g_ascii_isspace (*p)) {

  1330. 		p --;

  1331. 		len --;

  1332. 

  1333. 		if (comp) {

  1334. 			comp->len --;

  1335. 		}

  1336. 	}

  1337. 

  1338. 	s = start;

  1339. 	dlen = 0;

  1340. 

  1341. 	for (i = 0; i < len; i ++) {

  1342. 		if (G_UNLIKELY (((guint)s[i]) < 0x80 && !g_ascii_isgraph (s[i]))) {

  1343. 			dlen += 3;

  1344. 		}

  1345. 		else {

  1346. 			dlen ++;

  1347. 		}

  1348. 	}

  1349. 

  1350. 	if (rspamd_substring_search (start, len, "://", 3) == -1) {

  1351. 		if (len >= sizeof ("mailto:") &&

  1352. 				(memcmp (start, "mailto:", sizeof ("mailto:") - 1) == 0 ||

  1353. 				 memcmp (start, "tel:", sizeof ("tel:") - 1) == 0 ||

  1354. 				 memcmp (start, "callto:", sizeof ("callto:") - 1) == 0)) {

  1355. 			/* Exclusion, has valid but 'strange' prefix */

  1356. 		}

  1357. 		else {

  1358. 			for (i = 0; i < len; i ++) {

  1359. 				if (!((s[i] & 0x80) || g_ascii_isalnum (s[i]))) {

  1360. 					if (i == 0 && len > 2 && s[i] == '/'  && s[i + 1] == '/') {

  1361. 						prefix = "http:";

  1362. 						dlen += sizeof ("http:") - 1;

  1363. 						no_prefix = TRUE;

  1364. 					}

  1365. 					else if (s[i] == '@') {

  1366. 						/* Likely email prefix */

  1367. 						prefix = "mailto://";

  1368. 						dlen += sizeof ("mailto://") - 1;

  1369. 						no_prefix = TRUE;

  1370. 					}

  1371. 					else if (s[i] == ':' && i != 0) {

  1372. 						/* Special case */

  1373. 						no_prefix = FALSE;

  1374. 					}

  1375. 					else {

  1376. 						if (i == 0) {

  1377. 							/* No valid data */

  1378. 							return NULL;

  1379. 						}

  1380. 						else {

  1381. 							no_prefix = TRUE;

  1382. 							dlen += strlen (prefix);

  1383. 						}

  1384. 					}

  1385. 

  1386. 					break;

  1387. 				}

  1388. 			}

  1389. 		}

  1390. 	}

  1391. 

  1392. 	decoded = rspamd_mempool_alloc (pool, dlen + 1);

  1393. 	d = decoded;

  1394. 

  1395. 	if (no_prefix) {

  1396. 		gsize plen = strlen (prefix);

  1397. 		memcpy (d, prefix, plen);

  1398. 		d += plen;

  1399. 	}

  1400. 

  1401. 	/*

  1402. 	 * We also need to remove all internal newlines, spaces

  1403. 	 * and encode unsafe characters

  1404. 	 */

  1405. 	for (i = 0; i < len; i ++) {

  1406. 		if (G_UNLIKELY (g_ascii_isspace (s[i]))) {

  1407. 			continue;

  1408. 		}

  1409. 		else if (G_UNLIKELY (((guint)s[i]) < 0x80 && !g_ascii_isgraph (s[i]))) {

  1410. 			/* URL encode */

  1411. 			*d++ = '%';

  1412. 			*d++ = hexdigests[(s[i] >> 4) & 0xf];

  1413. 			*d++ = hexdigests[s[i] & 0xf];

  1414. 			has_bad_chars = TRUE;

  1415. 		}

  1416. 		else {

  1417. 			*d++ = s[i];

  1418. 		}

  1419. 	}

  1420. 

  1421. 	*d = '\0';

  1422. 	dlen = d - decoded;

  1423. 

  1424. 	url = rspamd_mempool_alloc0 (pool, sizeof (*url));

  1425. 

  1426. 	enum rspamd_normalise_result norm_res;

  1427. 

  1428. 	norm_res = rspamd_normalise_unicode_inplace (pool, decoded, &dlen);

  1429. 

  1430. 	if (norm_res & RSPAMD_UNICODE_NORM_UNNORMAL) {

  1431. 		saved_flags |= RSPAMD_URL_FLAG_UNNORMALISED;

  1432. 	}

  1433. 

  1434. 	if (norm_res & (RSPAMD_UNICODE_NORM_ZERO_SPACES|RSPAMD_UNICODE_NORM_ERROR)) {

  1435. 		saved_flags |= RSPAMD_URL_FLAG_OBSCURED;

  1436. 

  1437. 		if (norm_res & RSPAMD_UNICODE_NORM_ZERO_SPACES) {

  1438. 			saved_flags |= RSPAMD_URL_FLAG_ZW_SPACES;

  1439. 		}

  1440. 	}

  1441. 

  1442. 	rc = rspamd_url_parse (url, decoded, dlen, pool, RSPAMD_URL_PARSE_HREF);

  1443. 

  1444. 	/* Filter some completely damaged urls */

  1445. 	if (rc == URI_ERRNO_OK && url->hostlen > 0 &&

  1446. 		!((url->flags & RSPAMD_URL_FLAG_OBSCURED) && (url->protocol & PROTOCOL_UNKNOWN))) {

  1447. 		url->flags |= saved_flags;

  1448. 

  1449. 		if (has_bad_chars) {

  1450. 			url->flags |= RSPAMD_URL_FLAG_OBSCURED;

  1451. 		}

  1452. 

  1453. 		if (no_prefix) {

  1454. 			url->flags |= RSPAMD_URL_FLAG_SCHEMALESS;

  1455. 		}

  1456. 

  1457. 		decoded = url->string;

  1458. 		decoded_len = url->urllen;

  1459. 

  1460. 		if (comp) {

  1461. 			comp->start = decoded;

  1462. 			comp->len = decoded_len;

  1463. 		}

  1464. 		/* Spaces in href usually mean an attempt to obfuscate URL */

  1465. 		/* See https://github.com/vstakhov/rspamd/issues/593 */

  1466. #if 0

  1467. 		if (has_spaces) {

  1468. 			url->flags |= RSPAMD_URL_FLAG_OBSCURED;

  1469. 		}

  1470. #endif

  1471. 

  1472. 		return url;

  1473. 	}

  1474. 

  1475. 	return NULL;

  1476. }

  1477. 

  1478. static struct rspamd_url *

  1479. rspamd_html_process_url_tag (rspamd_mempool_t *pool, struct html_tag *tag,

  1480. 		struct html_content *hc)

  1481. {

  1482. 	struct html_tag_component *comp;

  1483. 	GList *cur;

  1484. 	struct rspamd_url *url;

  1485. 	const gchar *start;

  1486. 	gsize len;

  1487. 

  1488. 	cur = tag->params->head;

  1489. 

  1490. 	while (cur) {

  1491. 		comp = cur->data;

  1492. 

  1493. 		if (comp->type == RSPAMD_HTML_COMPONENT_HREF && comp->len > 0) {

  1494. 			start = comp->start;

  1495. 			len = comp->len;

  1496. 

  1497. 			/* Check base url */

  1498. 			if (hc && hc->base_url && comp->len > 2) {

  1499. 				/*

  1500. 				 * Relative url canot start from the following:

  1501. 				 * schema://

  1502. 				 * slash

  1503. 				 */

  1504. 				gchar *buf;

  1505. 				gsize orig_len;

  1506. 

  1507. 				if (rspamd_substring_search (start, len, "://", 3) == -1) {

  1508. 					/* Assume relative url */

  1509. 

  1510. 					gboolean need_slash = FALSE;

  1511. 

  1512. 					orig_len = len;

  1513. 					len += hc->base_url->urllen;

  1514. 

  1515. 					if (hc->base_url->string[hc->base_url->urllen - 1] != '/') {

  1516. 						need_slash = TRUE;

  1517. 						len ++;

  1518. 					}

  1519. 

  1520. 					buf = rspamd_mempool_alloc (pool, len + 1);

  1521. 					rspamd_snprintf (buf, len + 1, "%*s%s%*s",

  1522. 							hc->base_url->urllen, hc->base_url->string,

  1523. 							need_slash ? "/" : "",

  1524. 							(gint)orig_len, start);

  1525. 					start = buf;

  1526. 				}

  1527. 				else if (start[0] == '/' && start[1] != '/') {

  1528. 					/* Relative to the hostname */

  1529. 					orig_len = len;

  1530. 					len += hc->base_url->hostlen + hc->base_url->protocollen +

  1531. 							3 /* for :// */;

  1532. 					buf = rspamd_mempool_alloc (pool, len + 1);

  1533. 					rspamd_snprintf (buf, len + 1, "%*s://%*s/%*s",

  1534. 							hc->base_url->protocollen, hc->base_url->string,

  1535. 							hc->base_url->hostlen, hc->base_url->host,

  1536. 							(gint)orig_len, start);

  1537. 					start = buf;

  1538. 				}

  1539. 			}

  1540. 

  1541. 			url = rspamd_html_process_url (pool, start, len, comp);

  1542. 

  1543. 			if (url && tag->extra == NULL) {

  1544. 				tag->extra = url;

  1545. 			}

  1546. 

  1547. 			return url;

  1548. 		}

  1549. 

  1550. 		cur = g_list_next (cur);

  1551. 	}

  1552. 

  1553. 	return NULL;

  1554. }

  1555. 

  1556. static void

  1557. rspamd_process_html_url (rspamd_mempool_t *pool, struct rspamd_url *url,

  1558. 		GHashTable *tbl_urls, GHashTable *tbl_emails)

  1559. {

  1560. 	GHashTable *target_tbl;

  1561. 	struct rspamd_url *query_url, *existing;

  1562. 	gchar *url_str;

  1563. 	gint rc;

  1564. 	gboolean prefix_added;

  1565. 

  1566. 	if (url->flags & RSPAMD_URL_FLAG_UNNORMALISED) {

  1567. 		url->flags |= RSPAMD_URL_FLAG_OBSCURED;

  1568. 	}

  1569. 

  1570. 	if (url->querylen > 0) {

  1571. 

  1572. 		if (rspamd_url_find (pool, url->query, url->querylen, &url_str,

  1573. 				RSPAMD_URL_FIND_ALL,

  1574. 				NULL, &prefix_added)) {

  1575. 			query_url = rspamd_mempool_alloc0 (pool,

  1576. 					sizeof (struct rspamd_url));

  1577. 

  1578. 			rc = rspamd_url_parse (query_url,

  1579. 					url_str,

  1580. 					strlen (url_str),

  1581. 					pool,

  1582. 					RSPAMD_URL_PARSE_TEXT);

  1583. 

  1584. 			if (rc == URI_ERRNO_OK &&

  1585. 					query_url->hostlen > 0) {

  1586. 				msg_debug_html ("found url %s in query of url"

  1587. 						" %*s", url_str, url->querylen, url->query);

  1588. 

  1589. 				if (query_url->protocol == PROTOCOL_MAILTO) {

  1590. 					target_tbl = tbl_emails;

  1591. 				}

  1592. 				else {

  1593. 					target_tbl = tbl_urls;

  1594. 				}

  1595. 

  1596. 				if (prefix_added) {

  1597. 					query_url->flags |= RSPAMD_URL_FLAG_SCHEMALESS;

  1598. 				}

  1599. 

  1600. 				if (query_url->flags

  1601. 						& (RSPAMD_URL_FLAG_UNNORMALISED|RSPAMD_URL_FLAG_OBSCURED|

  1602. 							RSPAMD_URL_FLAG_NUMERIC)) {

  1603. 					/* Set obscured flag if query url is bad */

  1604. 					url->flags |= RSPAMD_URL_FLAG_OBSCURED;

  1605. 				}

  1606. 

  1607. 				/* And vice-versa */

  1608. 				if (url->flags & RSPAMD_URL_FLAG_OBSCURED) {

  1609. 					query_url->flags |= RSPAMD_URL_FLAG_OBSCURED;

  1610. 				}

  1611. 

  1612. 				if ((existing = g_hash_table_lookup (target_tbl,

  1613. 						query_url)) == NULL) {

  1614. 					g_hash_table_insert (target_tbl,

  1615. 							query_url,

  1616. 							query_url);

  1617. 				}

  1618. 				else {

  1619. 					existing->count ++;

  1620. 				}

  1621. 			}

  1622. 		}

  1623. 	}

  1624. }

  1625. 

  1626. static void

  1627. rspamd_html_process_data_image (rspamd_mempool_t *pool,

  1628. 								struct html_image *img,

  1629. 								struct html_tag_component *src)

  1630. {

  1631. 	/*

  1632. 	 * Here, we do very basic processing of the data:

  1633. 	 * detect if we have something like: `data:image/xxx;base64,yyyzzz==`

  1634. 	 * We only parse base64 encoded data.

  1635. 	 * We ignore content type so far

  1636. 	 */

  1637. 	struct rspamd_image *parsed_image;

  1638. 	const gchar *semicolon_pos = NULL, *end = src->start + src->len;

  1639. 

  1640. 	semicolon_pos = src->start;

  1641. 

  1642. 	while ((semicolon_pos = memchr (semicolon_pos, ';', end - semicolon_pos)) != NULL) {

  1643. 		if (end - semicolon_pos > sizeof ("base64,")) {

  1644. 			if (memcmp (semicolon_pos + 1, "base64,", sizeof ("base64,") - 1) == 0) {

  1645. 				const gchar *data_pos = semicolon_pos + sizeof ("base64,");

  1646. 				gchar *decoded;

  1647. 				gsize encoded_len = end - data_pos, decoded_len;

  1648. 				rspamd_ftok_t inp;

  1649. 

  1650. 				decoded_len = (encoded_len / 4 * 3) + 12;

  1651. 				decoded = rspamd_mempool_alloc (pool, decoded_len);

  1652. 				rspamd_cryptobox_base64_decode (data_pos, encoded_len,

  1653. 						decoded, &decoded_len);

  1654. 				inp.begin = decoded;

  1655. 				inp.len = decoded_len;

  1656. 

  1657. 				parsed_image = rspamd_maybe_process_image (pool, &inp);

  1658. 

  1659. 				if (parsed_image) {

  1660. 					msg_debug_html ("detected %s image of size %ud x %ud in data url",

  1661. 							rspamd_image_type_str (parsed_image->type),

  1662. 							parsed_image->width, parsed_image->height);

  1663. 					img->embedded_image = parsed_image;

  1664. 				}

  1665. 			}

  1666. 

  1667. 			break;

  1668. 		}

  1669. 		else {

  1670. 			/* Nothing useful */

  1671. 			return;

  1672. 		}

  1673. 

  1674. 		semicolon_pos ++;

  1675. 	}

  1676. }

  1677. 

  1678. static void

  1679. rspamd_html_process_img_tag (rspamd_mempool_t *pool, struct html_tag *tag,

  1680. 		struct html_content *hc)

  1681. {

  1682. 	struct html_tag_component *comp;

  1683. 	struct html_image *img;

  1684. 	rspamd_ftok_t fstr;

  1685. 	const guchar *p;

  1686. 	GList *cur;

  1687. 	gulong val;

  1688. 	gboolean seen_width = FALSE, seen_height = FALSE;

  1689. 	goffset pos;

  1690. 

  1691. 	cur = tag->params->head;

  1692. 	img = rspamd_mempool_alloc0 (pool, sizeof (*img));

  1693. 	img->tag = tag;

  1694. 

  1695. 	while (cur) {

  1696. 		comp = cur->data;

  1697. 

  1698. 		if (comp->type == RSPAMD_HTML_COMPONENT_HREF && comp->len > 0) {

  1699. 			fstr.begin = (gchar *)comp->start;

  1700. 			fstr.len = comp->len;

  1701. 			img->src = rspamd_mempool_ftokdup (pool, &fstr);

  1702. 

  1703. 			if (comp->len > sizeof ("cid:") - 1 && memcmp (comp->start,

  1704. 					"cid:", sizeof ("cid:") - 1) == 0) {

  1705. 				/* We have an embedded image */

  1706. 				img->flags |= RSPAMD_HTML_FLAG_IMAGE_EMBEDDED;

  1707. 			}

  1708. 			else {

  1709. 				if (comp->len > sizeof ("data:") - 1 && memcmp (comp->start,

  1710. 						"data:", sizeof ("data:") - 1) == 0) {

  1711. 					/* We have an embedded image in HTML tag */

  1712. 					img->flags |=

  1713. 							(RSPAMD_HTML_FLAG_IMAGE_EMBEDDED | RSPAMD_HTML_FLAG_IMAGE_DATA);

  1714. 					rspamd_html_process_data_image (pool, img, comp);

  1715. 					hc->flags |= RSPAMD_HTML_FLAG_HAS_DATA_URLS;

  1716. 				}

  1717. 				else {

  1718. 					img->flags |= RSPAMD_HTML_FLAG_IMAGE_EXTERNAL;

  1719. 					if (img->src) {

  1720. 						img->url = rspamd_html_process_url (pool,

  1721. 								img->src, fstr.len, NULL);

  1722. 					}

  1723. 				}

  1724. 			}

  1725. 		}

  1726. 		else if (comp->type == RSPAMD_HTML_COMPONENT_HEIGHT) {

  1727. 			rspamd_strtoul (comp->start, comp->len, &val);

  1728. 			img->height = val;

  1729. 			seen_height = TRUE;

  1730. 		}

  1731. 		else if (comp->type == RSPAMD_HTML_COMPONENT_WIDTH) {

  1732. 			rspamd_strtoul (comp->start, comp->len, &val);

  1733. 			img->width = val;

  1734. 			seen_width = TRUE;

  1735. 		}

  1736. 		else if (comp->type == RSPAMD_HTML_COMPONENT_STYLE) {

  1737. 			/* Try to search for height= or width= in style tag */

  1738. 			if (!seen_height && comp->len > 0) {

  1739. 				pos = rspamd_substring_search_caseless (comp->start, comp->len,

  1740. 						"height", sizeof ("height") - 1);

  1741. 

  1742. 				if (pos != -1) {

  1743. 					p = comp->start + pos + sizeof ("height") - 1;

  1744. 

  1745. 					while (p < comp->start + comp->len) {

  1746. 						if (g_ascii_isdigit (*p)) {

  1747. 							rspamd_strtoul (p, comp->len - (p - comp->start), &val);

  1748. 							img->height = val;

  1749. 							break;

  1750. 						}

  1751. 						else if (!g_ascii_isspace (*p) && *p != '=' && *p != ':') {

  1752. 							/* Fallback */

  1753. 							break;

  1754. 						}

  1755. 						p ++;

  1756. 					}

  1757. 				}

  1758. 			}

  1759. 

  1760. 			if (!seen_width && comp->len > 0) {

  1761. 				pos = rspamd_substring_search_caseless (comp->start, comp->len,

  1762. 						"width", sizeof ("width") - 1);

  1763. 

  1764. 				if (pos != -1) {

  1765. 					p = comp->start + pos + sizeof ("width") - 1;

  1766. 

  1767. 					while (p < comp->start + comp->len) {

  1768. 						if (g_ascii_isdigit (*p)) {

  1769. 							rspamd_strtoul (p, comp->len - (p - comp->start), &val);

  1770. 							img->width = val;

  1771. 							break;

  1772. 						}

  1773. 						else if (!g_ascii_isspace (*p) && *p != '=' && *p != ':') {

  1774. 							/* Fallback */

  1775. 							break;

  1776. 						}

  1777. 						p ++;

  1778. 					}

  1779. 				}

  1780. 			}

  1781. 		}

  1782. 

  1783. 		cur = g_list_next (cur);

  1784. 	}

  1785. 

  1786. 	if (hc->images == NULL) {

  1787. 		hc->images = g_ptr_array_sized_new (4);

  1788. 		rspamd_mempool_add_destructor (pool, rspamd_ptr_array_free_hard,

  1789. 				hc->images);

  1790. 	}

  1791. 

  1792. 	if (img->embedded_image) {

  1793. 		if (!seen_height) {

  1794. 			img->height = img->embedded_image->height;

  1795. 		}

  1796. 		if (!seen_width) {

  1797. 			img->width = img->embedded_image->width;

  1798. 		}

  1799. 	}

  1800. 

  1801. 	g_ptr_array_add (hc->images, img);

  1802. 	tag->extra = img;

  1803. }

  1804. 

  1805. static void

  1806. rspamd_html_process_color (const gchar *line, guint len, struct html_color *cl)

  1807. {

  1808. 	const gchar *p = line, *end = line + len;

  1809. 	char hexbuf[7];

  1810. 	rspamd_ftok_t search;

  1811. 	struct html_color *el;

  1812. 

  1813. 	memset (cl, 0, sizeof (*cl));

  1814. 

  1815. 	if (*p == '#') {

  1816. 		/* HEX color */

  1817. 		p ++;

  1818. 		rspamd_strlcpy (hexbuf, p, MIN ((gint)sizeof(hexbuf), end - p + 1));

  1819. 		cl->d.val = strtoul (hexbuf, NULL, 16);

  1820. 		cl->d.comp.alpha = 255;

  1821. 		cl->valid = TRUE;

  1822. 	}

  1823. 	else if (len > 4 && rspamd_lc_cmp (p, "rgb", 3) == 0) {

  1824. 		/* We have something like rgba(x,x,x,x) or rgb(x,x,x) */

  1825. 		enum {

  1826. 			obrace,

  1827. 			num1,

  1828. 			num2,

  1829. 			num3,

  1830. 			num4,

  1831. 			skip_spaces

  1832. 		} state = skip_spaces, next_state = obrace;

  1833. 		gulong r = 0, g = 0, b = 0, opacity = 255;

  1834. 		const gchar *c;

  1835. 		gboolean valid = FALSE;

  1836. 

  1837. 		p += 3;

  1838. 

  1839. 		if (*p == 'a') {

  1840. 			p ++;

  1841. 		}

  1842. 

  1843. 		c = p;

  1844. 

  1845. 		while (p < end) {

  1846. 			switch (state) {

  1847. 			case obrace:

  1848. 				if (*p == '(') {

  1849. 					p ++;

  1850. 					state = skip_spaces;

  1851. 					next_state = num1;

  1852. 				}

  1853. 				else if (g_ascii_isspace (*p)) {

  1854. 					state = skip_spaces;

  1855. 					next_state = obrace;

  1856. 				}

  1857. 				else {

  1858. 					goto stop;

  1859. 				}

  1860. 				break;

  1861. 			case num1:

  1862. 				if (*p == ',') {

  1863. 					if (!rspamd_strtoul (c, p - c, &r)) {

  1864. 						goto stop;

  1865. 					}

  1866. 

  1867. 					p ++;

  1868. 					state = skip_spaces;

  1869. 					next_state = num2;

  1870. 				}

  1871. 				else if (!g_ascii_isdigit (*p)) {

  1872. 					goto stop;

  1873. 				}

  1874. 				else {

  1875. 					p ++;

  1876. 				}

  1877. 				break;

  1878. 			case num2:

  1879. 				if (*p == ',') {

  1880. 					if (!rspamd_strtoul (c, p - c, &g)) {

  1881. 						goto stop;

  1882. 					}

  1883. 

  1884. 					p ++;

  1885. 					state = skip_spaces;

  1886. 					next_state = num3;

  1887. 				}

  1888. 				else if (!g_ascii_isdigit (*p)) {

  1889. 					goto stop;

  1890. 				}

  1891. 				else {

  1892. 					p ++;

  1893. 				}

  1894. 				break;

  1895. 			case num3:

  1896. 				if (*p == ',') {

  1897. 					if (!rspamd_strtoul (c, p - c, &b)) {

  1898. 						goto stop;

  1899. 					}

  1900. 

  1901. 					valid = TRUE;

  1902. 					p ++;

  1903. 					state = skip_spaces;

  1904. 					next_state = num4;

  1905. 				}

  1906. 				else if (*p == ')') {

  1907. 					if (!rspamd_strtoul (c, p - c, &b)) {

  1908. 						goto stop;

  1909. 					}

  1910. 

  1911. 					valid = TRUE;

  1912. 					goto stop;

  1913. 				}

  1914. 				else if (!g_ascii_isdigit (*p)) {

  1915. 					goto stop;

  1916. 				}

  1917. 				else {

  1918. 					p ++;

  1919. 				}

  1920. 				break;

  1921. 			case num4:

  1922. 				if (*p == ',') {

  1923. 					if (!rspamd_strtoul (c, p - c, &opacity)) {

  1924. 						goto stop;

  1925. 					}

  1926. 

  1927. 					valid = TRUE;

  1928. 					goto stop;

  1929. 				}

  1930. 				else if (*p == ')') {

  1931. 					if (!rspamd_strtoul (c, p - c, &opacity)) {

  1932. 						goto stop;

  1933. 					}

  1934. 

  1935. 					valid = TRUE;

  1936. 					goto stop;

  1937. 				}

  1938. 				else if (!g_ascii_isdigit (*p)) {

  1939. 					goto stop;

  1940. 				}

  1941. 				else {

  1942. 					p ++;

  1943. 				}

  1944. 				break;

  1945. 			case skip_spaces:

  1946. 				if (!g_ascii_isspace (*p)) {

  1947. 					c = p;

  1948. 					state = next_state;

  1949. 				}

  1950. 				else {

  1951. 					p ++;

  1952. 				}

  1953. 				break;

  1954. 			}

  1955. 		}

  1956. 

  1957. 		stop:

  1958. 

  1959. 		if (valid) {

  1960. 			cl->d.comp.r = r;

  1961. 			cl->d.comp.g = g;

  1962. 			cl->d.comp.b = b;

  1963. 			cl->d.comp.alpha = opacity;

  1964. 			cl->valid = TRUE;

  1965. 		}

  1966. 	}

  1967. 	else {

  1968. 		khiter_t k;

  1969. 		/* Compare color by name */

  1970. 		search.begin = line;

  1971. 		search.len = len;

  1972. 

  1973. 		k = kh_get (color_by_name, html_color_by_name, &search);

  1974. 

  1975. 		if (k != kh_end (html_color_by_name)) {

  1976. 			el = &kh_val (html_color_by_name, k);

  1977. 			memcpy (cl, el, sizeof (*cl));

  1978. 			cl->d.comp.alpha = 255; /* Non transparent */

  1979. 		}

  1980. 	}

  1981. }

  1982. 

  1983. /*

  1984.  * Target is used for in and out if this function returns TRUE

  1985.  */

  1986. static gboolean

  1987. rspamd_html_process_css_size (const gchar *suffix, gsize len,

  1988. 		gdouble *tgt)

  1989. {

  1990. 	gdouble sz = *tgt;

  1991. 	gboolean ret = FALSE;

  1992. 

  1993. 	if (len >= 2) {

  1994. 		if (memcmp (suffix, "px", 2) == 0) {

  1995. 			sz = (guint) sz; /* Round to number */

  1996. 			ret = TRUE;

  1997. 		}

  1998. 		else if (memcmp (suffix, "em", 2) == 0) {

  1999. 			/* EM is 16 px, so multiply and round */

  2000. 			sz = (guint) (sz * 16.0);

  2001. 			ret = TRUE;

  2002. 		}

  2003. 		else if (len >= 3 && memcmp (suffix, "rem", 3) == 0) {

  2004. 			/* equal to EM in our case */

  2005. 			sz = (guint) (sz * 16.0);

  2006. 			ret = TRUE;

  2007. 		}

  2008. 		else if (memcmp (suffix, "ex", 2) == 0) {

  2009. 			/*

  2010. 			 * Represents the x-height of the element's font.

  2011. 			 * On fonts with the "x" letter, this is generally the height

  2012. 			 * of lowercase letters in the font; 1ex = 0.5em in many fonts.

  2013. 			 */

  2014. 			sz = (guint) (sz * 8.0);

  2015. 			ret = TRUE;

  2016. 		}

  2017. 		else if (memcmp (suffix, "vw", 2) == 0) {

  2018. 			/*

  2019. 			 * Vewport width in percentages:

  2020. 			 * we assume 1% of viewport width as 8px

  2021. 			 */

  2022. 			sz = (guint) (sz * 8.0);

  2023. 			ret = TRUE;

  2024. 		}

  2025. 		else if (memcmp (suffix, "vh", 2) == 0) {

  2026. 			/*

  2027. 			 * Vewport height in percentages

  2028. 			 * we assume 1% of viewport width as 6px

  2029. 			 */

  2030. 			sz = (guint) (sz * 6.0);

  2031. 			ret = TRUE;

  2032. 		}

  2033. 		else if (len >= 4 && memcmp (suffix, "vmax", 4) == 0) {

  2034. 			/*

  2035. 			 * Vewport width in percentages

  2036. 			 * we assume 1% of viewport width as 6px

  2037. 			 */

  2038. 			sz = (guint) (sz * 8.0);

  2039. 			ret = TRUE;

  2040. 		}

  2041. 		else if (len >= 4 && memcmp (suffix, "vmin", 4) == 0) {

  2042. 			/*

  2043. 			 * Vewport height in percentages

  2044. 			 * we assume 1% of viewport width as 6px

  2045. 			 */

  2046. 			sz = (guint) (sz * 6.0);

  2047. 			ret = TRUE;

  2048. 		}

  2049. 		else if (memcmp (suffix, "pt", 2) == 0) {

  2050. 			sz = (guint) (sz * 96.0 / 72.0); /* One point. 1pt = 1/72nd of 1in */

  2051. 			ret = TRUE;

  2052. 		}

  2053. 		else if (memcmp (suffix, "cm", 2) == 0) {

  2054. 			sz = (guint) (sz * 96.0 / 2.54); /* 96px/2.54 */

  2055. 			ret = TRUE;

  2056. 		}

  2057. 		else if (memcmp (suffix, "mm", 2) == 0) {

  2058. 			sz = (guint) (sz * 9.6 / 2.54); /* 9.6px/2.54 */

  2059. 			ret = TRUE;

  2060. 		}

  2061. 		else if (memcmp (suffix, "in", 2) == 0) {

  2062. 			sz = (guint) (sz * 96.0); /* 96px */

  2063. 			ret = TRUE;

  2064. 		}

  2065. 		else if (memcmp (suffix, "pc", 2) == 0) {

  2066. 			sz = (guint) (sz * 96.0 / 6.0); /* 1pc = 12pt = 1/6th of 1in. */

  2067. 			ret = TRUE;

  2068. 		}

  2069. 	}

  2070. 	else if (suffix[0] == '%') {

  2071. 		/* Percentages from 16 px */

  2072. 		sz = (guint)(sz / 100.0 * 16.0);

  2073. 		ret = TRUE;

  2074. 	}

  2075. 

  2076. 	if (ret) {

  2077. 		*tgt = sz;

  2078. 	}

  2079. 

  2080. 	return ret;

  2081. }

  2082. 

  2083. static void

  2084. rspamd_html_process_font_size (const gchar *line, guint len, guint *fs,

  2085. 							   gboolean is_css)

  2086. {

  2087. 	const gchar *p = line, *end = line + len;

  2088. 	gchar *err = NULL, numbuf[64];

  2089. 	gdouble sz = 0;

  2090. 	gboolean failsafe = FALSE;

  2091. 

  2092. 	while (p < end && g_ascii_isspace (*p)) {

  2093. 		p ++;

  2094. 		len --;

  2095. 	}

  2096. 

  2097. 	if (g_ascii_isdigit (*p)) {

  2098. 		rspamd_strlcpy (numbuf, p, MIN (sizeof (numbuf), len + 1));

  2099. 		sz = strtod (numbuf, &err);

  2100. 

  2101. 		/* Now check leftover */

  2102. 		if (sz < 0) {

  2103. 			sz = 0;

  2104. 		}

  2105. 	}

  2106. 	else {

  2107. 		/* Ignore the rest */

  2108. 		failsafe = TRUE;

  2109. 		sz = is_css ? 16 : 1;

  2110. 		/* TODO: add textual fonts descriptions */

  2111. 	}

  2112. 

  2113. 	if (err && *err != '\0') {

  2114. 		const gchar *e = err;

  2115. 		gsize slen;

  2116. 

  2117. 		/* Skip spaces */

  2118. 		while (*e && g_ascii_isspace (*e)) {

  2119. 			e ++;

  2120. 		}

  2121. 

  2122. 		/* Lowercase */

  2123. 		slen = strlen (e);

  2124. 		rspamd_str_lc ((gchar *)e, slen);

  2125. 

  2126. 		if (!rspamd_html_process_css_size (e, slen, &sz)) {

  2127. 			failsafe = TRUE;

  2128. 		}

  2129. 	}

  2130. 	else {

  2131. 		/* Failsafe naked number */

  2132. 		failsafe = TRUE;

  2133. 	}

  2134. 

  2135. 	if (failsafe) {

  2136. 		if (is_css) {

  2137. 			/*

  2138. 			 * In css mode we usually ignore sizes, but let's treat

  2139. 			 * small sizes specially

  2140. 			 */

  2141. 			if (sz < 1) {

  2142. 				sz = 0;

  2143. 			} else {

  2144. 				sz = 16; /* Ignore */

  2145. 			}

  2146. 		} else {

  2147. 			/* In non-css mode we have to check legacy size */

  2148. 			sz = sz >= 1 ? sz * 16 : 16;

  2149. 		}

  2150. 	}

  2151. 

  2152. 	if (sz > 32) {

  2153. 		sz = 32;

  2154. 	}

  2155. 

  2156. 	*fs = sz;

  2157. }

  2158. 

  2159. static void

  2160. rspamd_html_process_style (rspamd_mempool_t *pool, struct html_block *bl,

  2161. 		struct html_content *hc, const gchar *style, guint len)

  2162. {

  2163. 	const gchar *p, *c, *end, *key = NULL;

  2164. 	enum {

  2165. 		read_key,

  2166. 		read_colon,

  2167. 		read_value,

  2168. 		skip_spaces,

  2169. 	} state = skip_spaces, next_state = read_key;

  2170. 	guint klen = 0;

  2171. 	gdouble opacity = 1.0;

  2172. 

  2173. 	p = style;

  2174. 	c = p;

  2175. 	end = p + len;

  2176. 

  2177. 	while (p <= end) {

  2178. 		switch(state) {

  2179. 		case read_key:

  2180. 			if (p == end || *p == ':') {

  2181. 				key = c;

  2182. 				klen = p - c;

  2183. 				state = skip_spaces;

  2184. 				next_state = read_value;

  2185. 			}

  2186. 			else if (g_ascii_isspace (*p)) {

  2187. 				key = c;

  2188. 				klen = p - c;

  2189. 				state = skip_spaces;

  2190. 				next_state = read_colon;

  2191. 			}

  2192. 

  2193. 			p ++;

  2194. 			break;

  2195. 

  2196. 		case read_colon:

  2197. 			if (p == end || *p == ':') {

  2198. 				state = skip_spaces;

  2199. 				next_state = read_value;

  2200. 			}

  2201. 

  2202. 			p ++;

  2203. 			break;

  2204. 

  2205. 		case read_value:

  2206. 			if (p == end || *p == ';') {

  2207. 				if (key && klen && p - c > 0) {

  2208. 					if ((klen == 5 && g_ascii_strncasecmp (key, "color", 5) == 0)

  2209. 					|| (klen == 10 && g_ascii_strncasecmp (key, "font-color", 10) == 0)) {

  2210. 

  2211. 						rspamd_html_process_color (c, p - c, &bl->font_color);

  2212. 						msg_debug_html ("got color: %xd", bl->font_color.d.val);

  2213. 					}

  2214. 					else if ((klen == 16 && g_ascii_strncasecmp (key,

  2215. 							"background-color", 16) == 0) ||

  2216. 							(klen == 10 && g_ascii_strncasecmp (key,

  2217. 									"background", 10) == 0)) {

  2218. 

  2219. 						rspamd_html_process_color (c, p - c, &bl->background_color);

  2220. 						msg_debug_html ("got bgcolor: %xd", bl->background_color.d.val);

  2221. 					}

  2222. 					else if (klen == 7 && g_ascii_strncasecmp (key, "display", 7) == 0) {

  2223. 						if (p - c >= 4 && rspamd_substring_search_caseless (c, p - c,

  2224. 								"none", 4) != -1) {

  2225. 							bl->visible = FALSE;

  2226. 							msg_debug_html ("tag is not visible");

  2227. 						}

  2228. 					}

  2229. 					else if (klen == 9 &&

  2230. 							 g_ascii_strncasecmp (key, "font-size", 9) == 0) {

  2231. 						rspamd_html_process_font_size (c, p - c,

  2232. 								&bl->font_size, TRUE);

  2233. 						msg_debug_html ("got font size: %ud", bl->font_size);

  2234. 					}

  2235. 					else if (klen == 7 &&

  2236. 							 g_ascii_strncasecmp (key, "opacity", 7) == 0) {

  2237. 						gchar numbuf[64];

  2238. 

  2239. 						rspamd_strlcpy (numbuf, c,

  2240. 								MIN (sizeof (numbuf), p - c + 1));

  2241. 						opacity = strtod (numbuf, NULL);

  2242. 

  2243. 						if (opacity > 1) {

  2244. 							opacity = 1;

  2245. 						}

  2246. 						else if (opacity < 0) {

  2247. 							opacity = 0;

  2248. 						}

  2249. 

  2250. 						bl->font_color.d.comp.alpha = (guint8)(opacity * 255.0);

  2251. 					}

  2252. 					else if (klen == 10 &&

  2253. 							 g_ascii_strncasecmp (key, "visibility", 10) == 0) {

  2254. 						if (p - c >= 6 && rspamd_substring_search_caseless (c,

  2255. 								p - c,

  2256. 								"hidden", 6) != -1) {

  2257. 							bl->visible = FALSE;

  2258. 							msg_debug_html ("tag is not visible");

  2259. 						}

  2260. 					}

  2261. 				}

  2262. 

  2263. 				key = NULL;

  2264. 				klen = 0;

  2265. 				state = skip_spaces;

  2266. 				next_state = read_key;

  2267. 			}

  2268. 

  2269. 			p ++;

  2270. 			break;

  2271. 

  2272. 		case skip_spaces:

  2273. 			if (p < end && !g_ascii_isspace (*p)) {

  2274. 				c = p;

  2275. 				state = next_state;

  2276. 			}

  2277. 			else {

  2278. 				p ++;

  2279. 			}

  2280. 

  2281. 			break;

  2282. 		}

  2283. 	}

  2284. }

  2285. 

  2286. static void

  2287. rspamd_html_process_block_tag (rspamd_mempool_t *pool, struct html_tag *tag,

  2288. 		struct html_content *hc)

  2289. {

  2290. 	struct html_tag_component *comp;

  2291. 	struct html_block *bl;

  2292. 	rspamd_ftok_t fstr;

  2293. 	GList *cur;

  2294. 

  2295. 	cur = tag->params->head;

  2296. 	bl = rspamd_mempool_alloc0 (pool, sizeof (*bl));

  2297. 	bl->tag = tag;

  2298. 	bl->visible = TRUE;

  2299. 	bl->font_size = (guint)-1;

  2300. 	bl->font_color.d.comp.alpha = 255;

  2301. 

  2302. 	while (cur) {

  2303. 		comp = cur->data;

  2304. 

  2305. 		if (comp->len > 0) {

  2306. 			switch (comp->type) {

  2307. 			case RSPAMD_HTML_COMPONENT_COLOR:

  2308. 				fstr.begin = (gchar *) comp->start;

  2309. 				fstr.len = comp->len;

  2310. 				rspamd_html_process_color (comp->start, comp->len,

  2311. 						&bl->font_color);

  2312. 				msg_debug_html ("got color: %xd", bl->font_color.d.val);

  2313. 				break;

  2314. 			case RSPAMD_HTML_COMPONENT_BGCOLOR:

  2315. 				fstr.begin = (gchar *) comp->start;

  2316. 				fstr.len = comp->len;

  2317. 				rspamd_html_process_color (comp->start, comp->len,

  2318. 						&bl->background_color);

  2319. 				msg_debug_html ("got color: %xd", bl->font_color.d.val);

  2320. 

  2321. 				if (tag->id == Tag_BODY) {

  2322. 					/* Set global background color */

  2323. 					memcpy (&hc->bgcolor, &bl->background_color,

  2324. 							sizeof (hc->bgcolor));

  2325. 				}

  2326. 				break;

  2327. 			case RSPAMD_HTML_COMPONENT_STYLE:

  2328. 				bl->style.len = comp->len;

  2329. 				bl->style.start = comp->start;

  2330. 				msg_debug_html ("got style: %*s", (gint) bl->style.len,

  2331. 						bl->style.start);

  2332. 				rspamd_html_process_style (pool, bl, hc, comp->start, comp->len);

  2333. 				break;

  2334. 			case RSPAMD_HTML_COMPONENT_CLASS:

  2335. 				fstr.begin = (gchar *) comp->start;

  2336. 				fstr.len = comp->len;

  2337. 				bl->html_class = rspamd_mempool_ftokdup (pool, &fstr);

  2338. 				msg_debug_html ("got class: %s", bl->html_class);

  2339. 				break;

  2340. 			case RSPAMD_HTML_COMPONENT_SIZE:

  2341. 				/* Not supported by html5 */

  2342. 				/* FIXME maybe support it */

  2343. 				bl->font_size = 16;

  2344. 				msg_debug_html ("got size: %*s", (gint)comp->len, comp->start);

  2345. 				break;

  2346. 			default:

  2347. 				/* NYI */

  2348. 				break;

  2349. 			}

  2350. 		}

  2351. 

  2352. 		cur = g_list_next (cur);

  2353. 	}

  2354. 

  2355. 	if (hc->blocks == NULL) {

  2356. 		hc->blocks = g_ptr_array_sized_new (64);

  2357. 		rspamd_mempool_add_destructor (pool, rspamd_ptr_array_free_hard,

  2358. 				hc->blocks);

  2359. 	}

  2360. 

  2361. 	g_ptr_array_add (hc->blocks, bl);

  2362. 	tag->extra = bl;

  2363. }

  2364. 

  2365. static void

  2366. rspamd_html_check_displayed_url (rspamd_mempool_t *pool,

  2367. 		GList **exceptions, GHashTable *urls, GHashTable *emails,

  2368. 		GByteArray *dest, GHashTable *target_tbl,

  2369. 		gint href_offset,

  2370. 		struct rspamd_url *url)

  2371. {

  2372. 	struct rspamd_url *displayed_url = NULL;

  2373. 	struct rspamd_url *turl;

  2374. 	gboolean url_found = FALSE;

  2375. 	struct rspamd_process_exception *ex;

  2376. 

  2377. 	if (href_offset <= 0) {

  2378. 		/* No dispalyed url, just some text within <a> tag */

  2379. 		return;

  2380. 	}

  2381. 

  2382. 	url->visible_part = rspamd_mempool_alloc (pool, dest->len - href_offset + 1);

  2383. 	rspamd_strlcpy (url->visible_part, dest->data + href_offset,

  2384. 			dest->len - href_offset + 1);

  2385. 	g_strstrip (url->visible_part);

  2386. 

  2387. 	rspamd_html_url_is_phished (pool, url,

  2388. 			dest->data + href_offset,

  2389. 			dest->len - href_offset,

  2390. 			&url_found, &displayed_url);

  2391. 

  2392. 	if (url_found) {

  2393. 		url->flags |= RSPAMD_URL_FLAG_DISPLAY_URL;

  2394. 	}

  2395. 	if (exceptions && url_found) {

  2396. 		ex = rspamd_mempool_alloc (pool,

  2397. 				sizeof (*ex));

  2398. 		ex->pos = href_offset;

  2399. 		ex->len = dest->len - href_offset;

  2400. 		ex->type = RSPAMD_EXCEPTION_URL;

  2401. 		ex->ptr = url;

  2402. 

  2403. 		*exceptions = g_list_prepend (*exceptions,

  2404. 				ex);

  2405. 	}

  2406. 

  2407. 	if (displayed_url) {

  2408. 		if (displayed_url->protocol ==

  2409. 				PROTOCOL_MAILTO) {

  2410. 			target_tbl = emails;

  2411. 		}

  2412. 		else {

  2413. 			target_tbl = urls;

  2414. 		}

  2415. 

  2416. 		if (target_tbl != NULL) {

  2417. 			turl = g_hash_table_lookup (target_tbl,

  2418. 					displayed_url);

  2419. 

  2420. 			if (turl != NULL) {

  2421. 				/* Here, we assume the following:

  2422. 				 * if we have a URL in the text part which

  2423. 				 * is the same as displayed URL in the

  2424. 				 * HTML part, we assume that it is also

  2425. 				 * hint only.

  2426. 				 */

  2427. 				if (turl->flags &

  2428. 						RSPAMD_URL_FLAG_FROM_TEXT) {

  2429. 					turl->flags |= RSPAMD_URL_FLAG_HTML_DISPLAYED;

  2430. 					turl->flags &= ~RSPAMD_URL_FLAG_FROM_TEXT;

  2431. 				}

  2432. 

  2433. 				turl->count ++;

  2434. 			}

  2435. 			else {

  2436. 				g_hash_table_insert (target_tbl,

  2437. 						displayed_url,

  2438. 						displayed_url);

  2439. 			}

  2440. 		}

  2441. 	}

  2442. }

  2443. 

  2444. static gboolean

  2445. rspamd_html_propagate_lengths (GNode *node, gpointer _unused)

  2446. {

  2447. 	GNode *child;

  2448. 	struct html_tag *tag = node->data, *cld_tag;

  2449. 

  2450. 	if (tag) {

  2451. 		child = node->children;

  2452. 

  2453. 		/* Summarize content length from children */

  2454. 		while (child) {

  2455. 			cld_tag = child->data;

  2456. 			tag->content_length += cld_tag->content_length;

  2457. 			child = child->next;

  2458. 		}

  2459. 	}

  2460. 

  2461. 	return FALSE;

  2462. }

  2463. 

  2464. static void

  2465. rspamd_html_propagate_style (struct html_content *hc,

  2466. 							 struct html_tag *tag,

  2467. 							 struct html_block *bl,

  2468. 							 GQueue *blocks)

  2469. {

  2470. 	struct html_block *bl_parent;

  2471. 	gboolean push_block = FALSE;

  2472. 

  2473. 

  2474. 	/* Propagate from the parent if needed */

  2475. 	bl_parent = g_queue_peek_tail (blocks);

  2476. 

  2477. 	if (bl_parent) {

  2478. 		if (!bl->background_color.valid) {

  2479. 			/* Try to propagate background color from parent nodes */

  2480. 			if (bl_parent->background_color.valid) {

  2481. 				memcpy (&bl->background_color, &bl_parent->background_color,

  2482. 						sizeof (bl->background_color));

  2483. 			}

  2484. 		}

  2485. 		else {

  2486. 			push_block = TRUE;

  2487. 		}

  2488. 

  2489. 		if (!bl->font_color.valid) {

  2490. 			/* Try to propagate background color from parent nodes */

  2491. 			if (bl_parent->font_color.valid) {

  2492. 				memcpy (&bl->font_color, &bl_parent->font_color,

  2493. 						sizeof (bl->font_color));

  2494. 			}

  2495. 		}

  2496. 		else {

  2497. 			push_block = TRUE;

  2498. 		}

  2499. 

  2500. 		/* Propagate font size */

  2501. 		if (bl->font_size == (guint)-1) {

  2502. 			if (bl_parent->font_size != (guint)-1) {

  2503. 				bl->font_size = bl_parent->font_size;

  2504. 			}

  2505. 		}

  2506. 		else {

  2507. 			push_block = TRUE;

  2508. 		}

  2509. 	}

  2510. 

  2511. 	/* Set bgcolor to the html bgcolor and font color to black as a last resort */

  2512. 	if (!bl->font_color.valid) {

  2513. 		/* Don't touch opacity as it can be set separately */

  2514. 		bl->font_color.d.comp.r = 0;

  2515. 		bl->font_color.d.comp.g = 0;

  2516. 		bl->font_color.d.comp.b = 0;

  2517. 		bl->font_color.valid = TRUE;

  2518. 	}

  2519. 	else {

  2520. 		push_block = TRUE;

  2521. 	}

  2522. 

  2523. 	if (!bl->background_color.valid) {

  2524. 		memcpy (&bl->background_color, &hc->bgcolor, sizeof (hc->bgcolor));

  2525. 	}

  2526. 	else {

  2527. 		push_block = TRUE;

  2528. 	}

  2529. 

  2530. 	if (bl->font_size == (guint)-1) {

  2531. 		bl->font_size = 16; /* Default for browsers */

  2532. 	}

  2533. 	else {

  2534. 		push_block = TRUE;

  2535. 	}

  2536. 

  2537. 	if (push_block && !(tag->flags & FL_CLOSED)) {

  2538. 		g_queue_push_tail (blocks, bl);

  2539. 	}

  2540. }

  2541. 

  2542. GByteArray*

  2543. rspamd_html_process_part_full (rspamd_mempool_t *pool, struct html_content *hc,

  2544. 		GByteArray *in, GList **exceptions, GHashTable *urls,  GHashTable *emails)

  2545. {

  2546. 	const guchar *p, *c, *end, *savep = NULL;

  2547. 	guchar t;

  2548. 	gboolean closing = FALSE, need_decode = FALSE, save_space = FALSE,

  2549. 			balanced;

  2550. 	GByteArray *dest;

  2551. 	GHashTable *target_tbl;

  2552. 	guint obrace = 0, ebrace = 0;

  2553. 	GNode *cur_level = NULL;

  2554. 	gint substate = 0, len, href_offset = -1;

  2555. 	struct html_tag *cur_tag = NULL, *content_tag = NULL;

  2556. 	struct rspamd_url *url = NULL, *turl;

  2557. 	GQueue *styles_blocks;

  2558. 

  2559. 	enum {

  2560. 		parse_start = 0,

  2561. 		tag_begin,

  2562. 		sgml_tag,

  2563. 		xml_tag,

  2564. 		compound_tag,

  2565. 		comment_tag,

  2566. 		comment_content,

  2567. 		sgml_content,

  2568. 		tag_content,

  2569. 		tag_end,

  2570. 		xml_tag_end,

  2571. 		content_ignore,

  2572. 		content_write,

  2573. 		content_ignore_sp

  2574. 	} state = parse_start;

  2575. 

  2576. 	g_assert (in != NULL);

  2577. 	g_assert (hc != NULL);

  2578. 	g_assert (pool != NULL);

  2579. 

  2580. 	rspamd_html_library_init ();

  2581. 	hc->tags_seen = rspamd_mempool_alloc0 (pool, NBYTES (G_N_ELEMENTS (tag_defs)));

  2582. 

  2583. 	/* Set white background color by default */

  2584. 	hc->bgcolor.d.comp.alpha = 0;

  2585. 	hc->bgcolor.d.comp.r = 255;

  2586. 	hc->bgcolor.d.comp.g = 255;

  2587. 	hc->bgcolor.d.comp.b = 255;

  2588. 	hc->bgcolor.valid = TRUE;

  2589. 

  2590. 	dest = g_byte_array_sized_new (in->len / 3 * 2);

  2591. 	styles_blocks = g_queue_new ();

  2592. 

  2593. 	p = in->data;

  2594. 	c = p;

  2595. 	end = p + in->len;

  2596. 

  2597. 	while (p < end) {

  2598. 		t = *p;

  2599. 

  2600. 		switch (state) {

  2601. 		case parse_start:

  2602. 			if (t == '<') {

  2603. 				state = tag_begin;

  2604. 			}

  2605. 			else {

  2606. 				/* We have no starting tag, so assume that it's content */

  2607. 				hc->flags |= RSPAMD_HTML_FLAG_BAD_START;

  2608. 				state = content_write;

  2609. 			}

  2610. 

  2611. 			break;

  2612. 		case tag_begin:

  2613. 			switch (t) {

  2614. 			case '<':

  2615. 				p ++;

  2616. 				closing = FALSE;

  2617. 				break;

  2618. 			case '!':

  2619. 				state = sgml_tag;

  2620. 				p ++;

  2621. 				break;

  2622. 			case '?':

  2623. 				state = xml_tag;

  2624. 				hc->flags |= RSPAMD_HTML_FLAG_XML;

  2625. 				p ++;

  2626. 				break;

  2627. 			case '/':

  2628. 				closing = TRUE;

  2629. 				p ++;

  2630. 				break;

  2631. 			case '>':

  2632. 				/* Empty tag */

  2633. 				hc->flags |= RSPAMD_HTML_FLAG_BAD_ELEMENTS;

  2634. 				state = tag_end;

  2635. 				continue;

  2636. 			default:

  2637. 				state = tag_content;

  2638. 				substate = 0;

  2639. 				savep = NULL;

  2640. 				cur_tag = rspamd_mempool_alloc0 (pool, sizeof (*cur_tag));

  2641. 				cur_tag->params = g_queue_new ();

  2642. 				rspamd_mempool_add_destructor (pool,

  2643. 						(rspamd_mempool_destruct_t)g_queue_free, cur_tag->params);

  2644. 				break;

  2645. 			}

  2646. 

  2647. 			break;

  2648. 

  2649. 		case sgml_tag:

  2650. 			switch (t) {

  2651. 			case '[':

  2652. 				state = compound_tag;

  2653. 				obrace = 1;

  2654. 				ebrace = 0;

  2655. 				p ++;

  2656. 				break;

  2657. 			case '-':

  2658. 				state = comment_tag;

  2659. 				p ++;

  2660. 				break;

  2661. 			default:

  2662. 				state = sgml_content;

  2663. 				break;

  2664. 			}

  2665. 

  2666. 			break;

  2667. 

  2668. 		case xml_tag:

  2669. 			if (t == '?') {

  2670. 				state = xml_tag_end;

  2671. 			}

  2672. 			else if (t == '>') {

  2673. 				/* Misformed xml tag */

  2674. 				hc->flags |= RSPAMD_HTML_FLAG_BAD_ELEMENTS;

  2675. 				state = tag_end;

  2676. 				continue;

  2677. 			}

  2678. 			/* We efficiently ignore xml tags */

  2679. 			p ++;

  2680. 			break;

  2681. 

  2682. 		case xml_tag_end:

  2683. 			if (t == '>') {

  2684. 				state = tag_end;

  2685. 				continue;

  2686. 			}

  2687. 			else {

  2688. 				hc->flags |= RSPAMD_HTML_FLAG_BAD_ELEMENTS;

  2689. 				p ++;

  2690. 			}

  2691. 			break;

  2692. 

  2693. 		case compound_tag:

  2694. 			if (t == '[') {

  2695. 				obrace ++;

  2696. 			}

  2697. 			else if (t == ']') {

  2698. 				ebrace ++;

  2699. 			}

  2700. 			else if (t == '>' && obrace == ebrace) {

  2701. 				state = tag_end;

  2702. 				continue;

  2703. 			}

  2704. 			p ++;

  2705. 			break;

  2706. 

  2707. 		case comment_tag:

  2708. 			if (t != '-')  {

  2709. 				hc->flags |= RSPAMD_HTML_FLAG_BAD_ELEMENTS;

  2710. 				state = tag_end;

  2711. 			}

  2712. 			else {

  2713. 				p++;

  2714. 				ebrace = 0;

  2715. 				/*

  2716. 				 * https://www.w3.org/TR/2012/WD-html5-20120329/syntax.html#syntax-comments

  2717. 				 *  ... the text must not start with a single

  2718. 				 *  U+003E GREATER-THAN SIGN character (>),

  2719. 				 *  nor start with a "-" (U+002D) character followed by

  2720. 				 *  a U+003E GREATER-THAN SIGN (>) character,

  2721. 				 *  nor contain two consecutive U+002D HYPHEN-MINUS

  2722. 				 *  characters (--), nor end with a "-" (U+002D) character.

  2723. 				 */

  2724. 				if (p[0] == '-' && p + 1 < end && p[1] == '>') {

  2725. 					hc->flags |= RSPAMD_HTML_FLAG_BAD_ELEMENTS;

  2726. 					p ++;

  2727. 					state = tag_end;

  2728. 				}

  2729. 				else if (*p == '>') {

  2730. 					hc->flags |= RSPAMD_HTML_FLAG_BAD_ELEMENTS;

  2731. 					state = tag_end;

  2732. 				}

  2733. 				else {

  2734. 					state = comment_content;

  2735. 				}

  2736. 			}

  2737. 			break;

  2738. 

  2739. 		case comment_content:

  2740. 			if (t == '-') {

  2741. 				ebrace ++;

  2742. 			}

  2743. 			else if (t == '>' && ebrace >= 2) {

  2744. 				state = tag_end;

  2745. 				continue;

  2746. 			}

  2747. 			else {

  2748. 				ebrace = 0;

  2749. 			}

  2750. 

  2751. 			p ++;

  2752. 			break;

  2753. 

  2754. 		case content_ignore:

  2755. 			if (t != '<') {

  2756. 				p ++;

  2757. 			}

  2758. 			else {

  2759. 				if (content_tag) {

  2760. 					if (content_tag->content == NULL) {

  2761. 						content_tag->content = c;

  2762. 					}

  2763. 

  2764. 					content_tag->content_length += p - c;

  2765. 				}

  2766. 				state = tag_begin;

  2767. 			}

  2768. 			break;

  2769. 

  2770. 		case content_write:

  2771. 

  2772. 			if (t != '<') {

  2773. 				if (t == '&') {

  2774. 					need_decode = TRUE;

  2775. 				}

  2776. 				else if (g_ascii_isspace (t)) {

  2777. 					save_space = TRUE;

  2778. 

  2779. 					if (p > c) {

  2780. 						if (need_decode) {

  2781. 							goffset old_offset = dest->len;

  2782. 

  2783. 							g_byte_array_append (dest, c, (p - c));

  2784. 

  2785. 							len = rspamd_html_decode_entitles_inplace (

  2786. 									dest->data + old_offset,

  2787. 									p - c);

  2788. 							dest->len = dest->len + len - (p - c);

  2789. 						}

  2790. 						else {

  2791. 							len = p - c;

  2792. 							g_byte_array_append (dest, c, len);

  2793. 						}

  2794. 

  2795. 						if (content_tag) {

  2796. 							if (content_tag->content == NULL) {

  2797. 								content_tag->content = c;

  2798. 							}

  2799. 

  2800. 							content_tag->content_length += p - c + 1;

  2801. 						}

  2802. 					}

  2803. 

  2804. 					c = p;

  2805. 					state = content_ignore_sp;

  2806. 				}

  2807. 				else {

  2808. 					if (save_space) {

  2809. 						/* Append one space if needed */

  2810. 						if (dest->len > 0 &&

  2811. 								!g_ascii_isspace (dest->data[dest->len - 1])) {

  2812. 							g_byte_array_append (dest, " ", 1);

  2813. 						}

  2814. 						save_space = FALSE;

  2815. 					}

  2816. 				}

  2817. 			}

  2818. 			else {

  2819. 				if (c != p) {

  2820. 

  2821. 					if (need_decode) {

  2822. 						goffset old_offset = dest->len;

  2823. 

  2824. 						g_byte_array_append (dest, c, (p - c));

  2825. 						len = rspamd_html_decode_entitles_inplace (

  2826. 								dest->data + old_offset,

  2827. 								p - c);

  2828. 						dest->len = dest->len + len - (p - c);

  2829. 					}

  2830. 					else {

  2831. 						len = p - c;

  2832. 						g_byte_array_append (dest, c, len);

  2833. 					}

  2834. 

  2835. 

  2836. 					if (content_tag) {

  2837. 						if (content_tag->content == NULL) {

  2838. 							content_tag->content = c;

  2839. 						}

  2840. 

  2841. 						content_tag->content_length += p - c;

  2842. 					}

  2843. 				}

  2844. 

  2845. 				content_tag = NULL;

  2846. 

  2847. 				state = tag_begin;

  2848. 				continue;

  2849. 			}

  2850. 

  2851. 			p ++;

  2852. 			break;

  2853. 

  2854. 		case content_ignore_sp:

  2855. 			if (!g_ascii_isspace (t)) {

  2856. 				c = p;

  2857. 				state = content_write;

  2858. 				continue;

  2859. 			}

  2860. 

  2861. 			if (content_tag) {

  2862. 				content_tag->content_length ++;

  2863. 			}

  2864. 

  2865. 			p ++;

  2866. 			break;

  2867. 

  2868. 		case sgml_content:

  2869. 			/* TODO: parse DOCTYPE here */

  2870. 			if (t == '>') {

  2871. 				state = tag_end;

  2872. 				/* We don't know a lot about sgml tags, ignore them */

  2873. 				cur_tag = NULL;

  2874. 				continue;

  2875. 			}

  2876. 			p ++;

  2877. 			break;

  2878. 

  2879. 		case tag_content:

  2880. 			rspamd_html_parse_tag_content (pool, hc, cur_tag,

  2881. 					p, &substate, &savep);

  2882. 			if (t == '>') {

  2883. 				if (closing) {

  2884. 					cur_tag->flags |= FL_CLOSING;

  2885. 

  2886. 					if (cur_tag->flags & FL_CLOSED) {

  2887. 						/* Bad mix of closed and closing */

  2888. 						hc->flags |= RSPAMD_HTML_FLAG_BAD_ELEMENTS;

  2889. 					}

  2890. 

  2891. 					closing = FALSE;

  2892. 				}

  2893. 

  2894. 				state = tag_end;

  2895. 				continue;

  2896. 			}

  2897. 			p ++;

  2898. 			break;

  2899. 

  2900. 		case tag_end:

  2901. 			substate = 0;

  2902. 			savep = NULL;

  2903. 

  2904. 			if (cur_tag != NULL) {

  2905. 				balanced = TRUE;

  2906. 

  2907. 				if (rspamd_html_process_tag (pool, hc, cur_tag, &cur_level,

  2908. 						&balanced)) {

  2909. 					state = content_write;

  2910. 					need_decode = FALSE;

  2911. 				}

  2912. 				else {

  2913. 					state = content_ignore;

  2914. 				}

  2915. 

  2916. 				if (cur_tag->id != -1 && cur_tag->id < N_TAGS) {

  2917. 					if (cur_tag->flags & CM_UNIQUE) {

  2918. 						if (isset (hc->tags_seen, cur_tag->id)) {

  2919. 							/* Duplicate tag has been found */

  2920. 							hc->flags |= RSPAMD_HTML_FLAG_DUPLICATE_ELEMENTS;

  2921. 						}

  2922. 					}

  2923. 					setbit (hc->tags_seen, cur_tag->id);

  2924. 				}

  2925. 

  2926. 				if (!(cur_tag->flags & (FL_CLOSED|FL_CLOSING))) {

  2927. 					content_tag = cur_tag;

  2928. 				}

  2929. 

  2930. 				/* Handle newlines */

  2931. 				if (cur_tag->id == Tag_BR || cur_tag->id == Tag_HR) {

  2932. 					if (dest->len > 0 && dest->data[dest->len - 1] != '\n') {

  2933. 						g_byte_array_append (dest, "\r\n", 2);

  2934. 					}

  2935. 					save_space = FALSE;

  2936. 				}

  2937. 

  2938. 				if ((cur_tag->id == Tag_P ||

  2939. 						cur_tag->id == Tag_TR ||

  2940. 						cur_tag->id == Tag_DIV)) {

  2941. 					if (dest->len > 0 && dest->data[dest->len - 1] != '\n') {

  2942. 						g_byte_array_append (dest, "\r\n", 2);

  2943. 					}

  2944. 					save_space = FALSE;

  2945. 				}

  2946. 

  2947. 				if (cur_tag->flags & FL_HREF) {

  2948. 					if (!(cur_tag->flags & (FL_CLOSING))) {

  2949. 						url = rspamd_html_process_url_tag (pool, cur_tag, hc);

  2950. 

  2951. 						if (url != NULL) {

  2952. 

  2953. 							if (url->protocol == PROTOCOL_MAILTO) {

  2954. 								target_tbl = emails;

  2955. 							}

  2956. 							else {

  2957. 								target_tbl = urls;

  2958. 							}

  2959. 

  2960. 							if (target_tbl != NULL) {

  2961. 								turl = g_hash_table_lookup (target_tbl, url);

  2962. 

  2963. 								if (turl == NULL) {

  2964. 									g_hash_table_insert (target_tbl, url, url);

  2965. 								}

  2966. 								else {

  2967. 									turl->count ++;

  2968. 									url = NULL;

  2969. 								}

  2970. 

  2971. 								if (turl == NULL && url != NULL) {

  2972. 									rspamd_process_html_url (pool,

  2973. 											url,

  2974. 											urls, emails);

  2975. 								}

  2976. 							}

  2977. 

  2978. 							href_offset = dest->len;

  2979. 						}

  2980. 					}

  2981. 

  2982. 					if (cur_tag->id == Tag_A) {

  2983. 						if (!balanced && cur_level && cur_level->prev) {

  2984. 							struct html_tag *prev_tag;

  2985. 							struct rspamd_url *prev_url;

  2986. 

  2987. 							prev_tag = cur_level->prev->data;

  2988. 

  2989. 							if (prev_tag->id == Tag_A &&

  2990. 									!(prev_tag->flags & (FL_CLOSING)) &&

  2991. 									prev_tag->extra) {

  2992. 								prev_url = prev_tag->extra;

  2993. 

  2994. 								rspamd_html_check_displayed_url (pool,

  2995. 										exceptions, urls, emails,

  2996. 										dest, target_tbl, href_offset,

  2997. 										prev_url);

  2998. 							}

  2999. 						}

  3000. 

  3001. 						if (cur_tag->flags & (FL_CLOSING)) {

  3002. 

  3003. 							/* Insert exception */

  3004. 							if (url != NULL && (gint) dest->len > href_offset) {

  3005. 								rspamd_html_check_displayed_url (pool,

  3006. 										exceptions, urls, emails,

  3007. 										dest, target_tbl, href_offset,

  3008. 										url);

  3009. 

  3010. 							}

  3011. 

  3012. 							href_offset = -1;

  3013. 							url = NULL;

  3014. 						}

  3015. 					}

  3016. 				}

  3017. 				else if (cur_tag->id == Tag_BASE && !(cur_tag->flags & (FL_CLOSING))) {

  3018. 					struct html_tag *prev_tag = NULL;

  3019. 

  3020. 					if (cur_level && cur_level->parent) {

  3021. 						prev_tag = cur_level->parent->data;

  3022. 					}

  3023. 

  3024. 					/*

  3025. 					 * Base is allowed only within head tag but we slightly

  3026. 					 * relax that

  3027. 					 */

  3028. 					if (!prev_tag || prev_tag->id == Tag_HEAD ||

  3029. 						prev_tag->id == Tag_HTML) {

  3030. 						url = rspamd_html_process_url_tag (pool, cur_tag, hc);

  3031. 

  3032. 						if (url != NULL) {

  3033. 							if (hc->base_url == NULL) {

  3034. 								/* We have a base tag available */

  3035. 								hc->base_url = url;

  3036. 							}

  3037. 

  3038. 							cur_tag->extra = url;

  3039. 						}

  3040. 					}

  3041. 				}

  3042. 

  3043. 				if (cur_tag->id == Tag_IMG && !(cur_tag->flags & FL_CLOSING)) {

  3044. 					rspamd_html_process_img_tag (pool, cur_tag, hc);

  3045. 				}

  3046. 				else if (cur_tag->flags & FL_BLOCK) {

  3047. 					struct html_block *bl;

  3048. 

  3049. 					if (cur_tag->flags & FL_CLOSING) {

  3050. 						/* Just remove block element from the queue if any */

  3051. 						if (styles_blocks->length > 0) {

  3052. 							g_queue_pop_tail (styles_blocks);

  3053. 						}

  3054. 					}

  3055. 					else {

  3056. 						rspamd_html_process_block_tag (pool, cur_tag, hc);

  3057. 						bl = cur_tag->extra;

  3058. 

  3059. 						if (bl) {

  3060. 							rspamd_html_propagate_style (hc, cur_tag,

  3061. 									cur_tag->extra, styles_blocks);

  3062. 

  3063. 							/* Check visibility */

  3064. 							if (bl->font_size < 3 ||

  3065. 								bl->font_color.d.comp.alpha < 10) {

  3066. 

  3067. 								bl->visible = FALSE;

  3068. 								msg_debug_html ("tag is not visible");

  3069. 							}

  3070. 

  3071. 							if (!bl->visible) {

  3072. 								state = content_ignore;

  3073. 							}

  3074. 						}

  3075. 					}

  3076. 				}

  3077. 			}

  3078. 			else {

  3079. 				state = content_write;

  3080. 			}

  3081. 

  3082. 

  3083. 			p++;

  3084. 			c = p;

  3085. 			cur_tag = NULL;

  3086. 			break;

  3087. 		}

  3088. 	}

  3089. 

  3090. 	if (hc->html_tags) {

  3091. 		g_node_traverse (hc->html_tags, G_POST_ORDER, G_TRAVERSE_ALL, -1,

  3092. 				rspamd_html_propagate_lengths, NULL);

  3093. 	}

  3094. 

  3095. 	g_queue_free (styles_blocks);

  3096. 

  3097. 	return dest;

  3098. }

  3099. 

  3100. GByteArray*

  3101. rspamd_html_process_part (rspamd_mempool_t *pool,

  3102. 		struct html_content *hc,

  3103. 		GByteArray *in)

  3104. {

  3105. 	return rspamd_html_process_part_full (pool, hc, in, NULL, NULL, NULL);

  3106. }