mirrors
/
rspamd
镜像自地址 https://github.com/vstakhov/rspamd.git
关注 1
点赞 0
派生 0
代码 工单 0 版本发布 159 百科 动态
您最多选择25个主题 主题必须以字母或数字开头,可以包含连字符 (-),并且长度不得超过35个字符
14206 提交
29 分支
目录树: 81bc945a76
分支列表 标签列表
${ item.name }
创建分支 ${ searchTerm }
从 '81bc945a76'
${ noResults }
rspamd/src/libserver/html.c

html.c 69KB
原始文件 Blame 文件历史

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808809810811812813814815816817818819820821822823824825826827828829830831832833834835836837838839840841842843844845846847848849850851852853854855856857858859860861862863864865866867868869870871872873874875876877878879880881882883884885886887888889890891892893894895896897898899900901902903904905906907908909910911912913914915916917918919920921922923924925926927928929930931932933934935936937938939940941942943944945946947948949950951952953954955956957958959960961962963964965966967968969970971972973974975976977978979980981982983984985986987988989990991992993994995996997998999100010011002100310041005100610071008100910101011101210131014101510161017101810191020102110221023102410251026102710281029103010311032103310341035103610371038103910401041104210431044104510461047104810491050105110521053105410551056105710581059106010611062106310641065106610671068106910701071107210731074107510761077107810791080108110821083108410851086108710881089109010911092109310941095109610971098109911001101110211031104110511061107110811091110111111121113111411151116111711181119112011211122112311241125112611271128112911301131113211331134113511361137113811391140114111421143114411451146114711481149115011511152115311541155115611571158115911601161116211631164116511661167116811691170117111721173117411751176117711781179118011811182118311841185118611871188118911901191119211931194119511961197119811991200120112021203120412051206120712081209121012111212121312141215121612171218121912201221122212231224122512261227122812291230123112321233123412351236123712381239124012411242124312441245124612471248124912501251125212531254125512561257125812591260126112621263126412651266126712681269127012711272127312741275127612771278127912801281128212831284128512861287128812891290129112921293129412951296129712981299130013011302130313041305130613071308130913101311131213131314131513161317131813191320132113221323132413251326132713281329133013311332133313341335133613371338133913401341134213431344134513461347134813491350135113521353135413551356135713581359136013611362136313641365136613671368136913701371137213731374137513761377137813791380138113821383138413851386138713881389139013911392139313941395139613971398139914001401140214031404140514061407140814091410141114121413141414151416141714181419142014211422142314241425142614271428142914301431143214331434143514361437143814391440144114421443144414451446144714481449145014511452145314541455145614571458145914601461146214631464146514661467146814691470147114721473147414751476147714781479148014811482148314841485148614871488148914901491149214931494149514961497149814991500150115021503150415051506150715081509151015111512151315141515151615171518151915201521152215231524152515261527152815291530153115321533153415351536153715381539154015411542154315441545154615471548154915501551155215531554155515561557155815591560156115621563156415651566156715681569157015711572157315741575157615771578157915801581158215831584158515861587158815891590159115921593159415951596159715981599160016011602160316041605160616071608160916101611161216131614161516161617161816191620162116221623162416251626162716281629163016311632163316341635163616371638163916401641164216431644164516461647164816491650165116521653165416551656165716581659166016611662166316641665166616671668166916701671167216731674167516761677167816791680168116821683168416851686168716881689169016911692169316941695169616971698169917001701170217031704170517061707170817091710171117121713171417151716171717181719172017211722172317241725172617271728172917301731173217331734173517361737173817391740174117421743174417451746174717481749175017511752175317541755175617571758175917601761176217631764176517661767176817691770177117721773177417751776177717781779178017811782178317841785178617871788178917901791179217931794179517961797179817991800180118021803180418051806180718081809181018111812181318141815181618171818181918201821182218231824182518261827182818291830183118321833183418351836183718381839184018411842184318441845184618471848184918501851185218531854185518561857185818591860186118621863186418651866186718681869187018711872187318741875187618771878187918801881188218831884188518861887188818891890189118921893189418951896189718981899190019011902190319041905190619071908190919101911191219131914191519161917191819191920192119221923192419251926192719281929193019311932193319341935193619371938193919401941194219431944194519461947194819491950195119521953195419551956195719581959196019611962196319641965196619671968196919701971197219731974197519761977197819791980198119821983198419851986198719881989199019911992199319941995199619971998199920002001200220032004200520062007200820092010201120122013201420152016201720182019202020212022202320242025202620272028202920302031203220332034203520362037203820392040204120422043204420452046204720482049205020512052205320542055205620572058205920602061206220632064206520662067206820692070207120722073207420752076207720782079208020812082208320842085208620872088208920902091209220932094209520962097209820992100210121022103210421052106210721082109211021112112211321142115211621172118211921202121212221232124212521262127212821292130213121322133213421352136213721382139214021412142214321442145214621472148214921502151215221532154215521562157215821592160216121622163216421652166216721682169217021712172217321742175217621772178217921802181218221832184218521862187218821892190219121922193219421952196219721982199220022012202220322042205220622072208220922102211221222132214221522162217221822192220222122222223222422252226222722282229223022312232223322342235223622372238223922402241224222432244224522462247224822492250225122522253225422552256225722582259226022612262226322642265226622672268226922702271227222732274227522762277227822792280228122822283228422852286228722882289229022912292229322942295229622972298229923002301230223032304230523062307230823092310231123122313231423152316231723182319232023212322232323242325232623272328232923302331233223332334233523362337233823392340234123422343234423452346234723482349235023512352235323542355235623572358235923602361236223632364236523662367236823692370237123722373237423752376237723782379238023812382238323842385238623872388238923902391239223932394239523962397239823992400240124022403240424052406240724082409241024112412241324142415241624172418241924202421242224232424242524262427242824292430243124322433243424352436243724382439244024412442244324442445244624472448244924502451245224532454245524562457245824592460246124622463246424652466246724682469247024712472247324742475247624772478247924802481248224832484248524862487248824892490249124922493249424952496249724982499250025012502250325042505250625072508250925102511251225132514251525162517251825192520252125222523252425252526252725282529253025312532253325342535253625372538253925402541254225432544254525462547254825492550255125522553255425552556255725582559256025612562256325642565256625672568256925702571257225732574257525762577257825792580258125822583258425852586258725882589259025912592259325942595259625972598259926002601260226032604260526062607260826092610261126122613261426152616261726182619262026212622262326242625262626272628262926302631263226332634263526362637263826392640264126422643264426452646264726482649265026512652265326542655265626572658265926602661266226632664266526662667266826692670267126722673267426752676267726782679268026812682268326842685268626872688268926902691269226932694269526962697269826992700270127022703270427052706270727082709271027112712271327142715271627172718271927202721272227232724272527262727272827292730273127322733273427352736273727382739274027412742274327442745274627472748274927502751275227532754275527562757275827592760276127622763276427652766276727682769277027712772277327742775277627772778277927802781278227832784278527862787278827892790279127922793279427952796279727982799280028012802280328042805280628072808280928102811281228132814281528162817281828192820282128222823282428252826282728282829283028312832283328342835283628372838283928402841284228432844284528462847284828492850285128522853285428552856285728582859286028612862286328642865286628672868286928702871287228732874287528762877287828792880288128822883288428852886288728882889289028912892289328942895289628972898289929002901290229032904290529062907290829092910291129122913291429152916291729182919292029212922292329242925292629272928292929302931293229332934293529362937293829392940294129422943294429452946294729482949295029512952295329542955295629572958295929602961296229632964296529662967296829692970297129722973297429752976297729782979298029812982298329842985298629872988298929902991299229932994299529962997299829993000300130023003300430053006300730083009301030113012301330143015301630173018301930203021302230233024302530263027302830293030303130323033303430353036303730383039 
  1. /*-

  2.  * Copyright 2016 Vsevolod Stakhov

  3.  *

  4.  * Licensed under the Apache License, Version 2.0 (the "License");

  5.  * you may not use this file except in compliance with the License.

  6.  * You may obtain a copy of the License at

  7.  *

  8.  *   http://www.apache.org/licenses/LICENSE-2.0

  9.  *

  10.  * Unless required by applicable law or agreed to in writing, software

  11.  * distributed under the License is distributed on an "AS IS" BASIS,

  12.  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

  13.  * See the License for the specific language governing permissions and

  14.  * limitations under the License.

  15.  */

  16. #include "config.h"

  17. #include "util.h"

  18. #include "rspamd.h"

  19. #include "message.h"

  20. #include "html.h"

  21. #include "html_tags.h"

  22. #include "html_colors.h"

  23. #include "html_entities.h"

  24. #include "url.h"

  25. #include "contrib/libucl/khash.h"

  26. #include "libmime/images.h"

  27. 

  28. #include <unicode/uversion.h>

  29. #include <unicode/ucnv.h>

  30. #if U_ICU_VERSION_MAJOR_NUM >= 46

  31. #include <unicode/uidna.h>

  32. #endif

  33. 

  34. static sig_atomic_t tags_sorted = 0;

  35. static sig_atomic_t entities_sorted = 0;

  36. static const guint max_tags = 8192; /* Ignore tags if this maximum is reached */

  37. 

  38. struct html_tag_def {

  39. 	const gchar *name;

  40. 	gint16 id;

  41. 	guint16 len;

  42. 	guint flags;

  43. };

  44. 

  45. #define msg_debug_html(...)  rspamd_conditional_debug_fast (NULL, NULL, \

  46.         rspamd_html_log_id, "html", pool->tag.uid, \

  47.         G_STRFUNC, \

  48.         __VA_ARGS__)

  49. 

  50. INIT_LOG_MODULE(html)

  51. 

  52. #define TAG_DEF(id, name, flags) {(name), (id), (sizeof(name) - 1), (flags)}

  53. 

  54. static struct html_tag_def tag_defs[] = {

  55. 	/* W3C defined elements */

  56. 	TAG_DEF(Tag_A, "a", 0),

  57. 	TAG_DEF(Tag_ABBR, "abbr", (CM_INLINE)),

  58. 	TAG_DEF(Tag_ACRONYM, "acronym", (CM_INLINE)),

  59. 	TAG_DEF(Tag_ADDRESS, "address", (CM_BLOCK)),

  60. 	TAG_DEF(Tag_APPLET, "applet", (CM_OBJECT | CM_IMG | CM_INLINE | CM_PARAM)),

  61. 	TAG_DEF(Tag_AREA, "area", (CM_BLOCK | CM_EMPTY)),

  62. 	TAG_DEF(Tag_B, "b", (CM_INLINE|FL_BLOCK)),

  63. 	TAG_DEF(Tag_BASE, "base", (CM_HEAD | CM_EMPTY)),

  64. 	TAG_DEF(Tag_BASEFONT, "basefont", (CM_INLINE | CM_EMPTY)),

  65. 	TAG_DEF(Tag_BDO, "bdo", (CM_INLINE)),

  66. 	TAG_DEF(Tag_BIG, "big", (CM_INLINE)),

  67. 	TAG_DEF(Tag_BLOCKQUOTE, "blockquote", (CM_BLOCK)),

  68. 	TAG_DEF(Tag_BODY, "body", (CM_HTML | CM_OPT | CM_OMITST | CM_UNIQUE | FL_BLOCK)),

  69. 	TAG_DEF(Tag_BR, "br", (CM_INLINE | CM_EMPTY)),

  70. 	TAG_DEF(Tag_BUTTON, "button", (CM_INLINE|FL_BLOCK)),

  71. 	TAG_DEF(Tag_CAPTION, "caption", (CM_TABLE)),

  72. 	TAG_DEF(Tag_CENTER, "center", (CM_BLOCK)),

  73. 	TAG_DEF(Tag_CITE, "cite", (CM_INLINE)),

  74. 	TAG_DEF(Tag_CODE, "code", (CM_INLINE)),

  75. 	TAG_DEF(Tag_COL, "col", (CM_TABLE | CM_EMPTY)),

  76. 	TAG_DEF(Tag_COLGROUP, "colgroup", (CM_TABLE | CM_OPT)),

  77. 	TAG_DEF(Tag_DD, "dd", (CM_DEFLIST | CM_OPT | CM_NO_INDENT)),

  78. 	TAG_DEF(Tag_DEL, "del", (CM_INLINE | CM_BLOCK | CM_MIXED)),

  79. 	TAG_DEF(Tag_DFN, "dfn", (CM_INLINE)),

  80. 	TAG_DEF(Tag_DIR, "dir", (CM_BLOCK | CM_OBSOLETE)),

  81. 	TAG_DEF(Tag_DIV, "div", (CM_BLOCK|FL_BLOCK)),

  82. 	TAG_DEF(Tag_DL, "dl", (CM_BLOCK|FL_BLOCK)),

  83. 	TAG_DEF(Tag_DT, "dt", (CM_DEFLIST | CM_OPT | CM_NO_INDENT)),

  84. 	TAG_DEF(Tag_EM, "em", (CM_INLINE)),

  85. 	TAG_DEF(Tag_FIELDSET, "fieldset", (CM_BLOCK)),

  86. 	TAG_DEF(Tag_FONT, "font", (FL_BLOCK)),

  87. 	TAG_DEF(Tag_FORM, "form", (CM_BLOCK)),

  88. 	TAG_DEF(Tag_FRAME, "frame", (CM_FRAMES | CM_EMPTY)),

  89. 	TAG_DEF(Tag_FRAMESET, "frameset", (CM_HTML | CM_FRAMES)),

  90. 	TAG_DEF(Tag_H1, "h1", (CM_BLOCK | CM_HEADING)),

  91. 	TAG_DEF(Tag_H2, "h2", (CM_BLOCK | CM_HEADING)),

  92. 	TAG_DEF(Tag_H3, "h3", (CM_BLOCK | CM_HEADING)),

  93. 	TAG_DEF(Tag_H4, "h4", (CM_BLOCK | CM_HEADING)),

  94. 	TAG_DEF(Tag_H5, "h5", (CM_BLOCK | CM_HEADING)),

  95. 	TAG_DEF(Tag_H6, "h6", (CM_BLOCK | CM_HEADING)),

  96. 	TAG_DEF(Tag_HEAD, "head", (CM_HTML | CM_OPT | CM_OMITST | CM_UNIQUE)),

  97. 	TAG_DEF(Tag_HR, "hr", (CM_BLOCK | CM_EMPTY)),

  98. 	TAG_DEF(Tag_HTML, "html", (CM_HTML | CM_OPT | CM_OMITST | CM_UNIQUE)),

  99. 	TAG_DEF(Tag_I, "i", (CM_INLINE)),

  100. 	TAG_DEF(Tag_IFRAME, "iframe", (0)),

  101. 	TAG_DEF(Tag_IMG, "img", (CM_INLINE | CM_IMG | CM_EMPTY)),

  102. 	TAG_DEF(Tag_INPUT, "input", (CM_INLINE | CM_IMG | CM_EMPTY)),

  103. 	TAG_DEF(Tag_INS, "ins", (CM_INLINE | CM_BLOCK | CM_MIXED)),

  104. 	TAG_DEF(Tag_ISINDEX, "isindex", (CM_BLOCK | CM_EMPTY)),

  105. 	TAG_DEF(Tag_KBD, "kbd", (CM_INLINE)),

  106. 	TAG_DEF(Tag_LABEL, "label", (CM_INLINE)),

  107. 	TAG_DEF(Tag_LEGEND, "legend", (CM_INLINE)),

  108. 	TAG_DEF(Tag_LI, "li", (CM_LIST | CM_OPT | CM_NO_INDENT | FL_BLOCK)),

  109. 	TAG_DEF(Tag_LINK, "link", (CM_HEAD | CM_EMPTY)),

  110. 	TAG_DEF(Tag_LISTING, "listing", (CM_BLOCK | CM_OBSOLETE)),

  111. 	TAG_DEF(Tag_MAP, "map", (CM_INLINE)),

  112. 	TAG_DEF(Tag_MENU, "menu", (CM_BLOCK | CM_OBSOLETE)),

  113. 	TAG_DEF(Tag_META, "meta", (CM_HEAD | CM_INLINE | CM_EMPTY)),

  114. 	TAG_DEF(Tag_NOFRAMES, "noframes", (CM_BLOCK | CM_FRAMES)),

  115. 	TAG_DEF(Tag_NOSCRIPT, "noscript", (CM_BLOCK | CM_INLINE | CM_MIXED)),

  116. 	TAG_DEF(Tag_OBJECT, "object", (CM_OBJECT | CM_HEAD | CM_IMG | CM_INLINE | CM_PARAM)),

  117. 	TAG_DEF(Tag_OL, "ol", (CM_BLOCK | FL_BLOCK)),

  118. 	TAG_DEF(Tag_OPTGROUP, "optgroup", (CM_FIELD | CM_OPT)),

  119. 	TAG_DEF(Tag_OPTION, "option", (CM_FIELD | CM_OPT)),

  120. 	TAG_DEF(Tag_P, "p", (CM_BLOCK | CM_OPT | FL_BLOCK)),

  121. 	TAG_DEF(Tag_PARAM, "param", (CM_INLINE | CM_EMPTY)),

  122. 	TAG_DEF(Tag_PLAINTEXT, "plaintext", (CM_BLOCK | CM_OBSOLETE)),

  123. 	TAG_DEF(Tag_PRE, "pre", (CM_BLOCK)),

  124. 	TAG_DEF(Tag_Q, "q", (CM_INLINE)),

  125. 	TAG_DEF(Tag_RB, "rb", (CM_INLINE)),

  126. 	TAG_DEF(Tag_RBC, "rbc", (CM_INLINE)),

  127. 	TAG_DEF(Tag_RP, "rp", (CM_INLINE)),

  128. 	TAG_DEF(Tag_RT, "rt", (CM_INLINE)),

  129. 	TAG_DEF(Tag_RTC, "rtc", (CM_INLINE)),

  130. 	TAG_DEF(Tag_RUBY, "ruby", (CM_INLINE)),

  131. 	TAG_DEF(Tag_S, "s", (CM_INLINE)),

  132. 	TAG_DEF(Tag_SAMP, "samp", (CM_INLINE)),

  133. 	TAG_DEF(Tag_SCRIPT, "script", (CM_HEAD | CM_MIXED)),

  134. 	TAG_DEF(Tag_SELECT, "select", (CM_INLINE | CM_FIELD)),

  135. 	TAG_DEF(Tag_SMALL, "small", (CM_INLINE)),

  136. 	TAG_DEF(Tag_SPAN, "span", (CM_BLOCK|FL_BLOCK)),

  137. 	TAG_DEF(Tag_STRIKE, "strike", (CM_INLINE)),

  138. 	TAG_DEF(Tag_STRONG, "strong", (CM_INLINE)),

  139. 	TAG_DEF(Tag_STYLE, "style", (CM_HEAD)),

  140. 	TAG_DEF(Tag_SUB, "sub", (CM_INLINE)),

  141. 	TAG_DEF(Tag_SUP, "sup", (CM_INLINE)),

  142. 	TAG_DEF(Tag_TABLE, "table", (CM_BLOCK | FL_BLOCK)),

  143. 	TAG_DEF(Tag_TBODY, "tbody", (CM_TABLE | CM_ROWGRP | CM_OPT| FL_BLOCK)),

  144. 	TAG_DEF(Tag_TD, "td", (CM_ROW | CM_OPT | CM_NO_INDENT | FL_BLOCK)),

  145. 	TAG_DEF(Tag_TEXTAREA, "textarea", (CM_INLINE | CM_FIELD)),

  146. 	TAG_DEF(Tag_TFOOT, "tfoot", (CM_TABLE | CM_ROWGRP | CM_OPT)),

  147. 	TAG_DEF(Tag_TH, "th", (CM_ROW | CM_OPT | CM_NO_INDENT | FL_BLOCK)),

  148. 	TAG_DEF(Tag_THEAD, "thead", (CM_TABLE | CM_ROWGRP | CM_OPT)),

  149. 	TAG_DEF(Tag_TITLE, "title", (CM_HEAD | CM_UNIQUE)),

  150. 	TAG_DEF(Tag_TR, "tr", (CM_TABLE | CM_OPT| FL_BLOCK)),

  151. 	TAG_DEF(Tag_TT, "tt", (CM_INLINE)),

  152. 	TAG_DEF(Tag_U, "u", (CM_INLINE)),

  153. 	TAG_DEF(Tag_UL, "ul", (CM_BLOCK|FL_BLOCK)),

  154. 	TAG_DEF(Tag_VAR, "var", (CM_INLINE)),

  155. 	TAG_DEF(Tag_XMP, "xmp", (CM_BLOCK | CM_OBSOLETE)),

  156. 	TAG_DEF(Tag_NEXTID, "nextid", (CM_HEAD | CM_EMPTY)),

  157. 

  158. 	/* proprietary elements */

  159. 	TAG_DEF(Tag_ALIGN, "align", (CM_BLOCK)),

  160. 	TAG_DEF(Tag_BGSOUND, "bgsound", (CM_HEAD | CM_EMPTY)),

  161. 	TAG_DEF(Tag_BLINK, "blink", (CM_INLINE)),

  162. 	TAG_DEF(Tag_COMMENT, "comment", (CM_INLINE)),

  163. 	TAG_DEF(Tag_EMBED, "embed", (CM_INLINE | CM_IMG | CM_EMPTY)),

  164. 	TAG_DEF(Tag_ILAYER, "ilayer", (CM_INLINE)),

  165. 	TAG_DEF(Tag_KEYGEN, "keygen", (CM_INLINE | CM_EMPTY)),

  166. 	TAG_DEF(Tag_LAYER, "layer", (CM_BLOCK)),

  167. 	TAG_DEF(Tag_MARQUEE, "marquee", (CM_INLINE | CM_OPT)),

  168. 	TAG_DEF(Tag_MULTICOL, "multicol", (CM_BLOCK)),

  169. 	TAG_DEF(Tag_NOBR, "nobr", (CM_INLINE)),

  170. 	TAG_DEF(Tag_NOEMBED, "noembed", (CM_INLINE)),

  171. 	TAG_DEF(Tag_NOLAYER, "nolayer", (CM_BLOCK | CM_INLINE | CM_MIXED)),

  172. 	TAG_DEF(Tag_NOSAVE, "nosave", (CM_BLOCK)),

  173. 	TAG_DEF(Tag_SERVER, "server", (CM_HEAD | CM_MIXED | CM_BLOCK | CM_INLINE)),

  174. 	TAG_DEF(Tag_SERVLET, "servlet", (CM_OBJECT | CM_IMG | CM_INLINE | CM_PARAM)),

  175. 	TAG_DEF(Tag_SPACER, "spacer", (CM_INLINE | CM_EMPTY)),

  176. 	TAG_DEF(Tag_WBR, "wbr", (CM_INLINE | CM_EMPTY)),

  177. };

  178. 

  179. KHASH_MAP_INIT_INT (entity_by_number, const char *);

  180. KHASH_MAP_INIT_STR (entity_by_name, const char *);

  181. KHASH_MAP_INIT_STR (tag_by_name, struct html_tag_def);

  182. KHASH_MAP_INIT_INT (tag_by_id, struct html_tag_def);

  183. KHASH_INIT (color_by_name, const rspamd_ftok_t *, struct html_color, true,

  184. 		rspamd_ftok_icase_hash, rspamd_ftok_icase_equal);

  185. 

  186. khash_t(entity_by_number) *html_entity_by_number;

  187. khash_t(entity_by_name) *html_entity_by_name;

  188. khash_t(tag_by_name) *html_tag_by_name;

  189. khash_t(tag_by_id) *html_tag_by_id;

  190. khash_t(color_by_name) *html_color_by_name;

  191. 

  192. static void

  193. rspamd_html_library_init (void)

  194. {

  195. 	guint i;

  196. 	khiter_t k;

  197. 	gint rc;

  198. 

  199. 	if (!tags_sorted) {

  200. 		html_tag_by_id = kh_init (tag_by_id);

  201. 		html_tag_by_name = kh_init (tag_by_name);

  202. 		kh_resize (tag_by_id, html_tag_by_id, G_N_ELEMENTS (tag_defs));

  203. 		kh_resize (tag_by_name, html_tag_by_name, G_N_ELEMENTS (tag_defs));

  204. 

  205. 		for (i = 0; i < G_N_ELEMENTS (tag_defs); i++) {

  206. 			k = kh_put (tag_by_id, html_tag_by_id, tag_defs[i].id, &rc);

  207. 			kh_val (html_tag_by_id, k) = tag_defs[i];

  208. 

  209. 			k = kh_put (tag_by_name, html_tag_by_name, tag_defs[i].name, &rc);

  210. 			kh_val (html_tag_by_name, k) = tag_defs[i];

  211. 		}

  212. 

  213. 		tags_sorted = 1;

  214. 	}

  215. 

  216. 	if (!entities_sorted) {

  217. 		html_entity_by_number = kh_init (entity_by_number);

  218. 		html_entity_by_name = kh_init (entity_by_name);

  219. 		kh_resize (entity_by_number, html_entity_by_number,

  220. 				G_N_ELEMENTS (entities_defs));

  221. 		kh_resize (entity_by_name, html_entity_by_name,

  222. 				G_N_ELEMENTS (entities_defs));

  223. 

  224. 		for (i = 0; i < G_N_ELEMENTS (entities_defs); i++) {

  225. 			k = kh_put (entity_by_number, html_entity_by_number,

  226. 					entities_defs[i].code, &rc);

  227. 			kh_val (html_entity_by_number, k) = entities_defs[i].replacement;

  228. 

  229. 			k = kh_put (entity_by_name, html_entity_by_name,

  230. 					entities_defs[i].name, &rc);

  231. 			kh_val (html_entity_by_name, k) = entities_defs[i].replacement;

  232. 	}

  233. 

  234. 		html_color_by_name = kh_init (color_by_name);

  235. 		kh_resize (color_by_name, html_color_by_name,

  236. 				G_N_ELEMENTS (html_colornames));

  237. 

  238. 		rspamd_ftok_t *keys;

  239. 

  240. 		keys = g_malloc0 (sizeof (rspamd_ftok_t) *

  241. 				G_N_ELEMENTS (html_colornames));

  242. 

  243. 		for (i = 0; i < G_N_ELEMENTS (html_colornames); i ++) {

  244. 			struct html_color c;

  245. 

  246. 			keys[i].begin = html_colornames[i].name;

  247. 			keys[i].len = strlen (html_colornames[i].name);

  248. 			k = kh_put (color_by_name, html_color_by_name,

  249. 					&keys[i], &rc);

  250. 			c.valid = true;

  251. 			c.d.comp.r = html_colornames[i].rgb.r;

  252. 			c.d.comp.g = html_colornames[i].rgb.g;

  253. 			c.d.comp.b = html_colornames[i].rgb.b;

  254. 			c.d.comp.alpha = 255;

  255. 			kh_val (html_color_by_name, k) = c;

  256. 

  257. 		}

  258. 

  259. 		entities_sorted = 1;

  260. 	}

  261. }

  262. 

  263. static gboolean

  264. rspamd_html_check_balance (GNode * node, GNode ** cur_level)

  265. {

  266. 	struct html_tag *arg = node->data, *tmp;

  267. 	GNode *cur;

  268. 

  269. 	if (arg->flags & FL_CLOSING) {

  270. 		/* First of all check whether this tag is closing tag for parent node */

  271. 		cur = node->parent;

  272. 		while (cur && cur->data) {

  273. 			tmp = cur->data;

  274. 			if (tmp->id == arg->id &&

  275. 				(tmp->flags & FL_CLOSED) == 0) {

  276. 				tmp->flags |= FL_CLOSED;

  277. 				/* Destroy current node as we find corresponding parent node */

  278. 				g_node_destroy (node);

  279. 				/* Change level */

  280. 				*cur_level = cur->parent;

  281. 				return TRUE;

  282. 			}

  283. 			cur = cur->parent;

  284. 		}

  285. 	}

  286. 	else {

  287. 		return TRUE;

  288. 	}

  289. 

  290. 	return FALSE;

  291. }

  292. 

  293. gint

  294. rspamd_html_tag_by_name (const gchar *name)

  295. {

  296. 	khiter_t k;

  297. 

  298. 	k = kh_get (tag_by_name, html_tag_by_name, name);

  299. 

  300. 	if (k != kh_end (html_tag_by_name)) {

  301. 		return kh_val (html_tag_by_name, k).id;

  302. 	}

  303. 

  304. 	return -1;

  305. }

  306. 

  307. gboolean

  308. rspamd_html_tag_seen (struct html_content *hc, const gchar *tagname)

  309. {

  310. 	gint id;

  311. 

  312. 	g_assert (hc != NULL);

  313. 	g_assert (hc->tags_seen != NULL);

  314. 

  315. 	id = rspamd_html_tag_by_name (tagname);

  316. 

  317. 	if (id != -1) {

  318. 		return isset (hc->tags_seen, id);

  319. 	}

  320. 

  321. 	return FALSE;

  322. }

  323. 

  324. const gchar *

  325. rspamd_html_tag_by_id (gint id)

  326. {

  327. 	khiter_t k;

  328. 

  329. 	k = kh_get (tag_by_id, html_tag_by_id, id);

  330. 

  331. 	if (k != kh_end (html_tag_by_id)) {

  332. 		return kh_val (html_tag_by_id, k).name;

  333. 	}

  334. 

  335. 	return NULL;

  336. }

  337. 

  338. /* Decode HTML entitles in text */

  339. guint

  340. rspamd_html_decode_entitles_inplace (gchar *s, gsize len)

  341. {

  342. 	goffset l, rep_len;

  343. 	gchar *t = s, *h = s, *e = s, *end_ptr;

  344. 	const gchar *end;

  345. 	const gchar *entity;

  346. 	gint state = 0, base;

  347. 	UChar32 uc;

  348. 	khiter_t k;

  349. 

  350. 	if (len == 0) {

  351. 		l = strlen (s);

  352. 	}

  353. 	else {

  354. 		l = len;

  355. 	}

  356. 

  357. 	end = s + l;

  358. 

  359. 	while (h - s < l) {

  360. 		switch (state) {

  361. 		/* Out of entity */

  362. 		case 0:

  363. 			if (*h == '&') {

  364. 				state = 1;

  365. 				e = h;

  366. 				h++;

  367. 				continue;

  368. 			}

  369. 			else {

  370. 				*t = *h;

  371. 				h++;

  372. 				t++;

  373. 			}

  374. 			break;

  375. 		case 1:

  376. 			if (*h == ';' && h > e) {

  377. 				/* Determine base */

  378. 				/* First find in entities table */

  379. 				*h = '\0';

  380. 				entity = e + 1;

  381. 				uc = 0;

  382. 

  383. 				if (*entity != '#') {

  384. 					k = kh_get (entity_by_name, html_entity_by_name, entity);

  385. 					*h = ';';

  386. 

  387. 					if (k != kh_end (html_entity_by_name)) {

  388. 						if (kh_val (html_entity_by_name, k)) {

  389. 							rep_len = strlen (kh_val (html_entity_by_name, k));

  390. 

  391. 							if (end - t >= rep_len) {

  392. 								memcpy (t, kh_val (html_entity_by_name, k),

  393. 										rep_len);

  394. 								t += rep_len;

  395. 							}

  396. 						} else {

  397. 							if (end - t > h - e + 1) {

  398. 								memmove (t, e, h - e + 1);

  399. 								t += h - e + 1;

  400. 							}

  401. 						}

  402. 					}

  403. 					else {

  404. 						if (end - t > h - e + 1) {

  405. 							memmove (t, e, h - e + 1);

  406. 							t += h - e + 1;

  407. 						}

  408. 					}

  409. 				}

  410. 				else if (e + 2 < h) {

  411. 					if (*(e + 2) == 'x' || *(e + 2) == 'X') {

  412. 						base = 16;

  413. 					}

  414. 					else if (*(e + 2) == 'o' || *(e + 2) == 'O') {

  415. 						base = 8;

  416. 					}

  417. 					else {

  418. 						base = 10;

  419. 					}

  420. 

  421. 					if (base == 10) {

  422. 						uc = strtoul ((e + 2), &end_ptr, base);

  423. 					}

  424. 					else {

  425. 						uc = strtoul ((e + 3), &end_ptr, base);

  426. 					}

  427. 

  428. 					if (end_ptr != NULL && *end_ptr != '\0') {

  429. 						/* Skip undecoded */

  430. 						*h = ';';

  431. 

  432. 						if (end - t > h - e + 1) {

  433. 							memmove (t, e, h - e + 1);

  434. 							t += h - e + 1;

  435. 						}

  436. 					}

  437. 					else {

  438. 						/* Search for a replacement */

  439. 						*h = ';';

  440. 						k = kh_get (entity_by_number, html_entity_by_number, uc);

  441. 

  442. 						if (k != kh_end (html_entity_by_number)) {

  443. 							if (kh_val (html_entity_by_number, k)) {

  444. 								rep_len = strlen (kh_val (html_entity_by_number, k));

  445. 

  446. 								if (end - t >= rep_len) {

  447. 									memcpy (t, kh_val (html_entity_by_number, k),

  448. 											rep_len);

  449. 									t += rep_len;

  450. 								}

  451. 							} else {

  452. 								if (end - t > h - e + 1) {

  453. 									memmove (t, e, h - e + 1);

  454. 									t += h - e + 1;

  455. 								}

  456. 							}

  457. 						}

  458. 						else {

  459. 							/* Unicode point */

  460. 							goffset off = t - s;

  461. 							UBool is_error = 0;

  462. 

  463. 							if (uc > 0) {

  464. 								U8_APPEND (s, off, len, uc, is_error);

  465. 								if (!is_error) {

  466. 									t = s + off;

  467. 								}

  468. 								else {

  469. 									/* Leave invalid entities as is */

  470. 									if (end - t > h - e + 1) {

  471. 										memmove (t, e, h - e + 1);

  472. 										t += h - e + 1;

  473. 									}

  474. 								}

  475. 							}

  476. 							else if (end - t > h - e + 1) {

  477. 								memmove (t, e, h - e + 1);

  478. 								t += h - e + 1;

  479. 							}

  480. 						}

  481. 					}

  482. 				}

  483. 

  484. 				state = 0;

  485. 			}

  486. 			else if (*h == '&') {

  487. 				/* Previous `&` was bogus */

  488. 				state = 1;

  489. 

  490. 				if (end - t > h - e) {

  491. 					memmove (t, e, h - e);

  492. 					t += h - e;

  493. 				}

  494. 

  495. 				e = h;

  496. 			}

  497. 

  498. 			h++;

  499. 

  500. 			break;

  501. 		}

  502. 	}

  503. 

  504. 	/* Leftover */

  505. 	if (state == 1 && h > e) {

  506. 		/* Unfinished entity, copy as is */

  507. 		if (end - t > h - e) {

  508. 			memmove (t, e, h - e);

  509. 			t += h - e;

  510. 		}

  511. 	}

  512. 

  513. 	return (t - s);

  514. }

  515. 

  516. static gboolean

  517. rspamd_url_is_subdomain (rspamd_ftok_t *t1, rspamd_ftok_t *t2)

  518. {

  519. 	const gchar *p1, *p2;

  520. 

  521. 	p1 = t1->begin + t1->len - 1;

  522. 	p2 = t2->begin + t2->len - 1;

  523. 

  524. 	/* Skip trailing dots */

  525. 	while (p1 > t1->begin) {

  526. 		if (*p1 != '.') {

  527. 			break;

  528. 		}

  529. 

  530. 		p1 --;

  531. 	}

  532. 

  533. 	while (p2 > t2->begin) {

  534. 		if (*p2 != '.') {

  535. 			break;

  536. 		}

  537. 

  538. 		p2 --;

  539. 	}

  540. 

  541. 	while (p1 > t1->begin && p2 > t2->begin) {

  542. 		if (*p1 != *p2) {

  543. 			break;

  544. 		}

  545. 

  546. 		p1 --;

  547. 		p2 --;

  548. 	}

  549. 

  550. 	if (p2 == t2->begin) {

  551. 		/* p2 can be subdomain of p1 if *p1 is '.' */

  552. 		if (p1 != t1->begin && *(p1 - 1) == '.') {

  553. 			return TRUE;

  554. 		}

  555. 	}

  556. 	else if (p1 == t1->begin) {

  557. 		if (p2 != t2->begin && *(p2 - 1) == '.') {

  558. 			return TRUE;

  559. 		}

  560. 	}

  561. 

  562. 	return FALSE;

  563. }

  564. 

  565. static void

  566. rspamd_html_url_is_phished (rspamd_mempool_t *pool,

  567. 	struct rspamd_url *href_url,

  568. 	const guchar *url_text,

  569. 	gsize len,

  570. 	gboolean *url_found,

  571. 	struct rspamd_url **ptext_url)

  572. {

  573. 	struct rspamd_url *text_url;

  574. 	rspamd_ftok_t phished_tld, disp_tok, href_tok;

  575. 	gint rc;

  576. 	goffset url_pos;

  577. 	gchar *url_str = NULL, *idn_hbuf;

  578. 	const guchar *end = url_text + len, *p;

  579. #if U_ICU_VERSION_MAJOR_NUM >= 46

  580. 	static UIDNA *udn;

  581. 	UErrorCode uc_err = U_ZERO_ERROR;

  582. 	UIDNAInfo uinfo = UIDNA_INFO_INITIALIZER;

  583. #endif

  584. 

  585. 	*url_found = FALSE;

  586. #if U_ICU_VERSION_MAJOR_NUM >= 46

  587. 	if (udn == NULL) {

  588. 		udn = uidna_openUTS46 (UIDNA_DEFAULT, &uc_err);

  589. 

  590. 		if (uc_err != U_ZERO_ERROR) {

  591. 			msg_err_pool ("cannot init idna converter: %s", u_errorName (uc_err));

  592. 		}

  593. 	}

  594. #endif

  595. 

  596. 	while (url_text < end && g_ascii_isspace (*url_text)) {

  597. 		url_text ++;

  598. 	}

  599. 

  600. 	if (end > url_text + 4 &&

  601. 			rspamd_url_find (pool, url_text, end - url_text, &url_str, FALSE,

  602. 					&url_pos, NULL) &&

  603. 			url_str != NULL) {

  604. 		if (url_pos > 0) {

  605. 			/*

  606. 			 * We have some url at some offset, so we need to check what is

  607. 			 * at the start of the text

  608. 			 */

  609. 			p = url_text;

  610. 

  611. 			while (p < url_text + url_pos) {

  612. 				if (!g_ascii_isspace (*p)) {

  613. 					*url_found = FALSE;

  614. 					return;

  615. 				}

  616. 

  617. 				p++;

  618. 			}

  619. 		}

  620. 		text_url = rspamd_mempool_alloc0 (pool, sizeof (struct rspamd_url));

  621. 		rc = rspamd_url_parse (text_url, url_str, strlen (url_str), pool,

  622. 				RSPAMD_URL_PARSE_TEXT);

  623. 

  624. 		if (rc == URI_ERRNO_OK) {

  625. 			disp_tok.len = text_url->hostlen;

  626. 			disp_tok.begin = text_url->host;

  627. #if U_ICU_VERSION_MAJOR_NUM >= 46

  628. 			if (rspamd_substring_search_caseless (text_url->host,

  629. 					text_url->hostlen, "xn--", 4) != -1) {

  630. 				idn_hbuf = rspamd_mempool_alloc (pool, text_url->hostlen * 2 + 1);

  631. 				/* We need to convert it to the normal value first */

  632. 				disp_tok.len = uidna_nameToUnicodeUTF8 (udn,

  633. 						text_url->host, text_url->hostlen,

  634. 						idn_hbuf, text_url->hostlen * 2 + 1, &uinfo, &uc_err);

  635. 

  636. 				if (uc_err != U_ZERO_ERROR) {

  637. 					msg_err_pool ("cannot convert to IDN: %s",

  638. 							u_errorName (uc_err));

  639. 					disp_tok.len = text_url->hostlen;

  640. 				}

  641. 				else {

  642. 					disp_tok.begin = idn_hbuf;

  643. 				}

  644. 			}

  645. #endif

  646. 			href_tok.len = href_url->hostlen;

  647. 			href_tok.begin = href_url->host;

  648. #if U_ICU_VERSION_MAJOR_NUM >= 46

  649. 			if (rspamd_substring_search_caseless (href_url->host,

  650. 					href_url->hostlen, "xn--", 4) != -1) {

  651. 				idn_hbuf = rspamd_mempool_alloc (pool, href_url->hostlen * 2 + 1);

  652. 				/* We need to convert it to the normal value first */

  653. 				href_tok.len = uidna_nameToUnicodeUTF8 (udn,

  654. 						href_url->host, href_url->hostlen,

  655. 						idn_hbuf, href_url->hostlen * 2 + 1, &uinfo, &uc_err);

  656. 

  657. 				if (uc_err != U_ZERO_ERROR) {

  658. 					msg_err_pool ("cannot convert to IDN: %s",

  659. 							u_errorName (uc_err));

  660. 					href_tok.len = href_url->hostlen;

  661. 				}

  662. 				else {

  663. 					href_tok.begin = idn_hbuf;

  664. 				}

  665. 			}

  666. #endif

  667. 			if (rspamd_ftok_casecmp (&disp_tok, &href_tok) != 0) {

  668. 

  669. 				/* Apply the same logic for TLD */

  670. 				disp_tok.len = text_url->tldlen;

  671. 				disp_tok.begin = text_url->tld;

  672. #if U_ICU_VERSION_MAJOR_NUM >= 46

  673. 				if (rspamd_substring_search_caseless (text_url->tld,

  674. 						text_url->tldlen, "xn--", 4) != -1) {

  675. 					idn_hbuf = rspamd_mempool_alloc (pool, text_url->tldlen * 2 + 1);

  676. 					/* We need to convert it to the normal value first */

  677. 					disp_tok.len = uidna_nameToUnicodeUTF8 (udn,

  678. 							text_url->tld, text_url->tldlen,

  679. 							idn_hbuf, text_url->tldlen * 2 + 1, &uinfo, &uc_err);

  680. 

  681. 					if (uc_err != U_ZERO_ERROR) {

  682. 						msg_err_pool ("cannot convert to IDN: %s",

  683. 								u_errorName (uc_err));

  684. 						disp_tok.len = text_url->tldlen;

  685. 					}

  686. 					else {

  687. 						disp_tok.begin = idn_hbuf;

  688. 					}

  689. 				}

  690. #endif

  691. 				href_tok.len = href_url->tldlen;

  692. 				href_tok.begin = href_url->tld;

  693. #if U_ICU_VERSION_MAJOR_NUM >= 46

  694. 				if (rspamd_substring_search_caseless (href_url->tld,

  695. 						href_url->tldlen, "xn--", 4) != -1) {

  696. 					idn_hbuf = rspamd_mempool_alloc (pool, href_url->tldlen * 2 + 1);

  697. 					/* We need to convert it to the normal value first */

  698. 					href_tok.len = uidna_nameToUnicodeUTF8 (udn,

  699. 							href_url->tld, href_url->tldlen,

  700. 							idn_hbuf, href_url->tldlen * 2 + 1, &uinfo, &uc_err);

  701. 

  702. 					if (uc_err != U_ZERO_ERROR) {

  703. 						msg_err_pool ("cannot convert to IDN: %s",

  704. 								u_errorName (uc_err));

  705. 						href_tok.len = href_url->tldlen;

  706. 					}

  707. 					else {

  708. 						href_tok.begin = idn_hbuf;

  709. 					}

  710. 				}

  711. #endif

  712. 				if (rspamd_ftok_casecmp (&disp_tok, &href_tok) != 0) {

  713. 					/* Check if one url is a subdomain for another */

  714. 

  715. 					if (!rspamd_url_is_subdomain (&disp_tok, &href_tok)) {

  716. 						href_url->flags |= RSPAMD_URL_FLAG_PHISHED;

  717. 						href_url->phished_url = text_url;

  718. 						phished_tld.begin = href_tok.begin;

  719. 						phished_tld.len = href_tok.len;

  720. 						rspamd_url_add_tag (text_url, "phishing",

  721. 								rspamd_mempool_ftokdup (pool, &phished_tld),

  722. 								pool);

  723. 						text_url->flags |= RSPAMD_URL_FLAG_HTML_DISPLAYED;

  724. 					}

  725. 				}

  726. 			}

  727. 

  728. 			*ptext_url = text_url;

  729. 			*url_found = TRUE;

  730. 		}

  731. 		else {

  732. 			msg_info_pool ("extract of url '%s' failed: %s",

  733. 					url_str,

  734. 					rspamd_url_strerror (rc));

  735. 		}

  736. 	}

  737. 

  738. }

  739. 

  740. static gboolean

  741. rspamd_html_process_tag (rspamd_mempool_t *pool, struct html_content *hc,

  742. 		struct html_tag *tag, GNode **cur_level, gboolean *balanced)

  743. {

  744. 	GNode *nnode;

  745. 	struct html_tag *parent;

  746. 

  747. 	if (hc->html_tags == NULL) {

  748. 		nnode = g_node_new (NULL);

  749. 		*cur_level = nnode;

  750. 		hc->html_tags = nnode;

  751. 		rspamd_mempool_add_destructor (pool,

  752. 				(rspamd_mempool_destruct_t) g_node_destroy,

  753. 				nnode);

  754. 	}

  755. 

  756. 	if (hc->total_tags > max_tags) {

  757. 		hc->flags |= RSPAMD_HTML_FLAG_TOO_MANY_TAGS;

  758. 	}

  759. 

  760. 	if (tag->id == -1) {

  761. 		/* Ignore unknown tags */

  762. 		hc->total_tags ++;

  763. 		return FALSE;

  764. 	}

  765. 

  766. 	tag->parent = *cur_level;

  767. 

  768. 	if (!(tag->flags & CM_INLINE)) {

  769. 		/* Block tag */

  770. 		if (tag->flags & (FL_CLOSING|FL_CLOSED)) {

  771. 			if (!*cur_level) {

  772. 				msg_debug_html ("bad parent node");

  773. 				return FALSE;

  774. 			}

  775. 

  776. 			if (hc->total_tags < max_tags) {

  777. 				nnode = g_node_new (tag);

  778. 				g_node_append (*cur_level, nnode);

  779. 

  780. 				if (!rspamd_html_check_balance (nnode, cur_level)) {

  781. 					msg_debug_html (

  782. 							"mark part as unbalanced as it has not pairable closing tags");

  783. 					hc->flags |= RSPAMD_HTML_FLAG_UNBALANCED;

  784. 					*balanced = FALSE;

  785. 				} else {

  786. 					*balanced = TRUE;

  787. 				}

  788. 

  789. 				hc->total_tags ++;

  790. 			}

  791. 		}

  792. 		else {

  793. 			parent = (*cur_level)->data;

  794. 

  795. 			if (parent) {

  796. 				if ((parent->flags & FL_IGNORE)) {

  797. 					tag->flags |= FL_IGNORE;

  798. 				}

  799. 

  800. 				if (!(tag->flags & FL_CLOSED) &&

  801. 						!(parent->flags & FL_BLOCK)) {

  802. 					/* We likely have some bad nesting */

  803. 					if (parent->id == tag->id) {

  804. 						/* Something like <a>bla<a>foo... */

  805. 						hc->flags |= RSPAMD_HTML_FLAG_UNBALANCED;

  806. 						*balanced = FALSE;

  807. 						tag->parent = parent->parent;

  808. 

  809. 						if (hc->total_tags < max_tags) {

  810. 							nnode = g_node_new (tag);

  811. 							g_node_append (parent->parent, nnode);

  812. 							*cur_level = nnode;

  813. 							hc->total_tags ++;

  814. 						}

  815. 

  816. 						return TRUE;

  817. 					}

  818. 				}

  819. 

  820. 				parent->content_length += tag->content_length;

  821. 			}

  822. 

  823. 			if (hc->total_tags < max_tags) {

  824. 				nnode = g_node_new (tag);

  825. 				g_node_append (*cur_level, nnode);

  826. 

  827. 				if ((tag->flags & FL_CLOSED) == 0) {

  828. 					*cur_level = nnode;

  829. 				}

  830. 

  831. 				hc->total_tags ++;

  832. 			}

  833. 

  834. 			if (tag->flags & (CM_HEAD|CM_UNKNOWN|FL_IGNORE)) {

  835. 				tag->flags |= FL_IGNORE;

  836. 

  837. 				return FALSE;

  838. 			}

  839. 

  840. 		}

  841. 	}

  842. 	else {

  843. 		/* Inline tag */

  844. 		parent = (*cur_level)->data;

  845. 

  846. 		if (parent && (parent->flags & (CM_HEAD|CM_UNKNOWN|FL_IGNORE))) {

  847. 			tag->flags |= FL_IGNORE;

  848. 

  849. 			return FALSE;

  850. 		}

  851. 	}

  852. 

  853. 	return TRUE;

  854. }

  855. 

  856. #define NEW_COMPONENT(comp_type) do {							\

  857. 	comp = rspamd_mempool_alloc (pool, sizeof (*comp));			\

  858. 	comp->type = (comp_type);									\

  859. 	comp->start = NULL;											\

  860. 	comp->len = 0;												\

  861. 	g_queue_push_tail (tag->params, comp);						\

  862. 	ret = TRUE;													\

  863. } while(0)

  864. 

  865. static gboolean

  866. rspamd_html_parse_tag_component (rspamd_mempool_t *pool,

  867. 		const guchar *begin, const guchar *end,

  868. 		struct html_tag *tag)

  869. {

  870. 	struct html_tag_component *comp;

  871. 	gint len;

  872. 	gboolean ret = FALSE;

  873. 	gchar *p;

  874. 

  875. 	g_assert (end >= begin);

  876. 	p = rspamd_mempool_alloc (pool, end - begin);

  877. 	memcpy (p, begin, end - begin);

  878. 	len = rspamd_html_decode_entitles_inplace (p, end - begin);

  879. 

  880. 	if (len == 3) {

  881. 		if (g_ascii_strncasecmp (p, "src", len) == 0) {

  882. 			NEW_COMPONENT (RSPAMD_HTML_COMPONENT_HREF);

  883. 		}

  884. 	}

  885. 	else if (len == 4) {

  886. 		if (g_ascii_strncasecmp (p, "href", len) == 0) {

  887. 			NEW_COMPONENT (RSPAMD_HTML_COMPONENT_HREF);

  888. 		}

  889. 	}

  890. 

  891. 	if (tag->id == Tag_IMG) {

  892. 		/* Check width and height if presented */

  893. 		if (len == 5 && g_ascii_strncasecmp (p, "width", len) == 0) {

  894. 			NEW_COMPONENT (RSPAMD_HTML_COMPONENT_WIDTH);

  895. 		}

  896. 		else if (len == 6 && g_ascii_strncasecmp (p, "height", len) == 0) {

  897. 			NEW_COMPONENT (RSPAMD_HTML_COMPONENT_HEIGHT);

  898. 		}

  899. 		else if (g_ascii_strncasecmp (p, "style", len) == 0) {

  900. 			NEW_COMPONENT (RSPAMD_HTML_COMPONENT_STYLE);

  901. 		}

  902. 	}

  903. 	else if (tag->id == Tag_FONT) {

  904. 		if (len == 5){

  905. 			if (g_ascii_strncasecmp (p, "color", len) == 0) {

  906. 				NEW_COMPONENT (RSPAMD_HTML_COMPONENT_COLOR);

  907. 			}

  908. 			else if (g_ascii_strncasecmp (p, "style", len) == 0) {

  909. 				NEW_COMPONENT (RSPAMD_HTML_COMPONENT_STYLE);

  910. 			}

  911. 			else if (g_ascii_strncasecmp (p, "class", len) == 0) {

  912. 				NEW_COMPONENT (RSPAMD_HTML_COMPONENT_CLASS);

  913. 			}

  914. 		}

  915. 		else if (len == 7) {

  916. 			if (g_ascii_strncasecmp (p, "bgcolor", len) == 0) {

  917. 				NEW_COMPONENT (RSPAMD_HTML_COMPONENT_BGCOLOR);

  918. 			}

  919. 		}

  920. 		else if (len == 4) {

  921. 			if (g_ascii_strncasecmp (p, "size", len) == 0) {

  922. 				NEW_COMPONENT (RSPAMD_HTML_COMPONENT_SIZE);

  923. 			}

  924. 		}

  925. 	}

  926. 	else if (tag->flags & FL_BLOCK) {

  927. 		if (len == 5){

  928. 			if (g_ascii_strncasecmp (p, "color", len) == 0) {

  929. 				NEW_COMPONENT (RSPAMD_HTML_COMPONENT_COLOR);

  930. 			}

  931. 			else if (g_ascii_strncasecmp (p, "style", len) == 0) {

  932. 				NEW_COMPONENT (RSPAMD_HTML_COMPONENT_STYLE);

  933. 			}

  934. 			else if (g_ascii_strncasecmp (p, "class", len) == 0) {

  935. 				NEW_COMPONENT (RSPAMD_HTML_COMPONENT_CLASS);

  936. 			}

  937. 		}

  938. 		else if (len == 7) {

  939. 			if (g_ascii_strncasecmp (p, "bgcolor", len) == 0) {

  940. 				NEW_COMPONENT (RSPAMD_HTML_COMPONENT_BGCOLOR);

  941. 			}

  942. 		}

  943. 	}

  944. 

  945. 	return ret;

  946. }

  947. 

  948. static inline void

  949. rspamd_html_parse_tag_content (rspamd_mempool_t *pool,

  950. 		struct html_content *hc, struct html_tag *tag, const guchar *in,

  951. 		gint *statep, guchar const **savep)

  952. {

  953. 	enum {

  954. 		parse_start = 0,

  955. 		parse_name,

  956. 		parse_attr_name,

  957. 		parse_equal,

  958. 		parse_start_dquote,

  959. 		parse_dqvalue,

  960. 		parse_end_dquote,

  961. 		parse_start_squote,

  962. 		parse_sqvalue,

  963. 		parse_end_squote,

  964. 		parse_value,

  965. 		spaces_after_name,

  966. 		spaces_before_eq,

  967. 		spaces_after_eq,

  968. 		spaces_after_param,

  969. 		ignore_bad_tag

  970. 	} state;

  971. 	struct html_tag_def *found;

  972. 	gboolean store = FALSE;

  973. 	struct html_tag_component *comp;

  974. 

  975. 	state = *statep;

  976. 

  977. 	switch (state) {

  978. 	case parse_start:

  979. 		if (!g_ascii_isalpha (*in) && !g_ascii_isspace (*in)) {

  980. 			hc->flags |= RSPAMD_HTML_FLAG_BAD_ELEMENTS;

  981. 			state = ignore_bad_tag;

  982. 			tag->id = -1;

  983. 			tag->flags |= FL_BROKEN;

  984. 		}

  985. 		else if (g_ascii_isalpha (*in)) {

  986. 			state = parse_name;

  987. 			tag->name.start = in;

  988. 		}

  989. 		break;

  990. 

  991. 	case parse_name:

  992. 		if (g_ascii_isspace (*in) || *in == '>' || *in == '/') {

  993. 			g_assert (in >= tag->name.start);

  994. 

  995. 			if (*in == '/') {

  996. 				tag->flags |= FL_CLOSED;

  997. 			}

  998. 

  999. 			tag->name.len = in - tag->name.start;

  1000. 

  1001. 			if (tag->name.len == 0) {

  1002. 				hc->flags |= RSPAMD_HTML_FLAG_BAD_ELEMENTS;

  1003. 				tag->id = -1;

  1004. 				tag->flags |= FL_BROKEN;

  1005. 				state = ignore_bad_tag;

  1006. 			}

  1007. 			else {

  1008. 				gchar *s;

  1009. 				khiter_t k;

  1010. 				/* We CANNOT safely modify tag's name here, as it is already parsed */

  1011. 

  1012. 				s = rspamd_mempool_alloc (pool, tag->name.len + 1);

  1013. 				memcpy (s, tag->name.start, tag->name.len);

  1014. 				tag->name.len = rspamd_html_decode_entitles_inplace (s,

  1015. 						tag->name.len);

  1016. 				tag->name.start = s;

  1017. 				s[tag->name.len] = '\0';

  1018. 				rspamd_str_lc_utf8 (s, tag->name.len);

  1019. 

  1020. 				k = kh_get (tag_by_name, html_tag_by_name, s);

  1021. 

  1022. 				if (k == kh_end (html_tag_by_name)) {

  1023. 					hc->flags |= RSPAMD_HTML_FLAG_UNKNOWN_ELEMENTS;

  1024. 					tag->id = -1;

  1025. 				}

  1026. 				else {

  1027. 					found = &kh_val (html_tag_by_name, k);

  1028. 					tag->id = found->id;

  1029. 					tag->flags = found->flags;

  1030. 				}

  1031. 

  1032. 				state = spaces_after_name;

  1033. 			}

  1034. 		}

  1035. 		break;

  1036. 

  1037. 	case parse_attr_name:

  1038. 		if (*savep == NULL) {

  1039. 			state = ignore_bad_tag;

  1040. 		}

  1041. 		else {

  1042. 			const guchar *attr_name_end = in;

  1043. 

  1044. 			if (*in == '=') {

  1045. 				state = parse_equal;

  1046. 			}

  1047. 			else if (*in == '"') {

  1048. 				/* No equal or something sane but we have quote character */

  1049. 				state = parse_start_dquote;

  1050. 				attr_name_end = in - 1;

  1051. 

  1052. 				while (attr_name_end > *savep) {

  1053. 					if (!g_ascii_isalnum (*attr_name_end)) {

  1054. 						attr_name_end --;

  1055. 					}

  1056. 					else {

  1057. 						break;

  1058. 					}

  1059. 				}

  1060. 

  1061. 				/* One character forward to obtain length */

  1062. 				attr_name_end ++;

  1063. 			}

  1064. 			else if (g_ascii_isspace (*in)) {

  1065. 				state = spaces_before_eq;

  1066. 			}

  1067. 			else if (*in == '/') {

  1068. 				tag->flags |= FL_CLOSED;

  1069. 			}

  1070. 			else if (!g_ascii_isgraph (*in)) {

  1071. 				state = parse_value;

  1072. 				attr_name_end = in - 1;

  1073. 

  1074. 				while (attr_name_end > *savep) {

  1075. 					if (!g_ascii_isalnum (*attr_name_end)) {

  1076. 						attr_name_end --;

  1077. 					}

  1078. 					else {

  1079. 						break;

  1080. 					}

  1081. 				}

  1082. 

  1083. 				/* One character forward to obtain length */

  1084. 				attr_name_end ++;

  1085. 			}

  1086. 			else {

  1087. 				return;

  1088. 			}

  1089. 

  1090. 			if (!rspamd_html_parse_tag_component (pool, *savep, attr_name_end, tag)) {

  1091. 				/* Ignore unknown params */

  1092. 				*savep = NULL;

  1093. 			}

  1094. 			else if (state == parse_value) {

  1095. 				*savep = in + 1;

  1096. 			}

  1097. 		}

  1098. 

  1099. 		break;

  1100. 

  1101. 	case spaces_after_name:

  1102. 		if (!g_ascii_isspace (*in)) {

  1103. 			*savep = in;

  1104. 			if (*in == '/') {

  1105. 				tag->flags |= FL_CLOSED;

  1106. 			}

  1107. 			else if (*in != '>') {

  1108. 				state = parse_attr_name;

  1109. 			}

  1110. 		}

  1111. 		break;

  1112. 

  1113. 	case spaces_before_eq:

  1114. 		if (*in == '=') {

  1115. 			state = parse_equal;

  1116. 		}

  1117. 		else if (!g_ascii_isspace (*in)) {

  1118. 			hc->flags |= RSPAMD_HTML_FLAG_BAD_ELEMENTS;

  1119. 			tag->flags |= FL_BROKEN;

  1120. 			state = ignore_bad_tag;

  1121. 		}

  1122. 		break;

  1123. 

  1124. 	case spaces_after_eq:

  1125. 		if (*in == '"') {

  1126. 			state = parse_start_dquote;

  1127. 		}

  1128. 		else if (*in == '\'') {

  1129. 			state = parse_start_squote;

  1130. 		}

  1131. 		else if (!g_ascii_isspace (*in)) {

  1132. 			if (*savep != NULL) {

  1133. 				/* We need to save this param */

  1134. 				*savep = in;

  1135. 			}

  1136. 			state = parse_value;

  1137. 		}

  1138. 		break;

  1139. 

  1140. 	case parse_equal:

  1141. 		if (g_ascii_isspace (*in)) {

  1142. 			state = spaces_after_eq;

  1143. 		}

  1144. 		else if (*in == '"') {

  1145. 			state = parse_start_dquote;

  1146. 		}

  1147. 		else if (*in == '\'') {

  1148. 			state = parse_start_squote;

  1149. 		}

  1150. 		else {

  1151. 			if (*savep != NULL) {

  1152. 				/* We need to save this param */

  1153. 				*savep = in;

  1154. 			}

  1155. 			state = parse_value;

  1156. 		}

  1157. 		break;

  1158. 

  1159. 	case parse_start_dquote:

  1160. 		if (*in == '"') {

  1161. 			if (*savep != NULL) {

  1162. 				/* We have an empty attribute value */

  1163. 				savep = NULL;

  1164. 			}

  1165. 			state = spaces_after_param;

  1166. 		}

  1167. 		else {

  1168. 			if (*savep != NULL) {

  1169. 				/* We need to save this param */

  1170. 				*savep = in;

  1171. 			}

  1172. 			state = parse_dqvalue;

  1173. 		}

  1174. 		break;

  1175. 

  1176. 	case parse_start_squote:

  1177. 		if (*in == '\'') {

  1178. 			if (*savep != NULL) {

  1179. 				/* We have an empty attribute value */

  1180. 				savep = NULL;

  1181. 			}

  1182. 			state = spaces_after_param;

  1183. 		}

  1184. 		else {

  1185. 			if (*savep != NULL) {

  1186. 				/* We need to save this param */

  1187. 				*savep = in;

  1188. 			}

  1189. 			state = parse_sqvalue;

  1190. 		}

  1191. 		break;

  1192. 

  1193. 	case parse_dqvalue:

  1194. 		if (*in == '"') {

  1195. 			store = TRUE;

  1196. 			state = parse_end_dquote;

  1197. 		}

  1198. 

  1199. 		if (store) {

  1200. 			if (*savep != NULL) {

  1201. 				gchar *s;

  1202. 

  1203. 				g_assert (tag->params != NULL);

  1204. 				comp = g_queue_peek_tail (tag->params);

  1205. 				g_assert (comp != NULL);

  1206. 				comp->len = in - *savep;

  1207. 				s = rspamd_mempool_alloc (pool, comp->len);

  1208. 				memcpy (s, *savep, comp->len);

  1209. 				comp->len = rspamd_html_decode_entitles_inplace (s, comp->len);

  1210. 				comp->start = s;

  1211. 				*savep = NULL;

  1212. 			}

  1213. 		}

  1214. 		break;

  1215. 

  1216. 	case parse_sqvalue:

  1217. 		if (*in == '\'') {

  1218. 			store = TRUE;

  1219. 			state = parse_end_squote;

  1220. 		}

  1221. 		if (store) {

  1222. 			if (*savep != NULL) {

  1223. 				gchar *s;

  1224. 

  1225. 				g_assert (tag->params != NULL);

  1226. 				comp = g_queue_peek_tail (tag->params);

  1227. 				g_assert (comp != NULL);

  1228. 				comp->len = in - *savep;

  1229. 				s = rspamd_mempool_alloc (pool, comp->len);

  1230. 				memcpy (s, *savep, comp->len);

  1231. 				comp->len = rspamd_html_decode_entitles_inplace (s, comp->len);

  1232. 				comp->start = s;

  1233. 				*savep = NULL;

  1234. 			}

  1235. 		}

  1236. 		break;

  1237. 

  1238. 	case parse_value:

  1239. 		if (*in == '/' && *(in + 1) == '>') {

  1240. 			tag->flags |= FL_CLOSED;

  1241. 			store = TRUE;

  1242. 		}

  1243. 		else if (g_ascii_isspace (*in) || *in == '>' || *in == '"') {

  1244. 			store = TRUE;

  1245. 			state = spaces_after_param;

  1246. 		}

  1247. 

  1248. 		if (store) {

  1249. 			if (*savep != NULL) {

  1250. 				gchar *s;

  1251. 

  1252. 				g_assert (tag->params != NULL);

  1253. 				comp = g_queue_peek_tail (tag->params);

  1254. 				g_assert (comp != NULL);

  1255. 				comp->len = in - *savep;

  1256. 				s = rspamd_mempool_alloc (pool, comp->len);

  1257. 				memcpy (s, *savep, comp->len);

  1258. 				comp->len = rspamd_html_decode_entitles_inplace (s, comp->len);

  1259. 				comp->start = s;

  1260. 				*savep = NULL;

  1261. 			}

  1262. 		}

  1263. 		break;

  1264. 

  1265. 	case parse_end_dquote:

  1266. 	case parse_end_squote:

  1267. 		if (g_ascii_isspace (*in)) {

  1268. 			state = spaces_after_param;

  1269. 		}

  1270. 		else if (*in == '/' && *(in + 1) == '>') {

  1271. 			tag->flags |= FL_CLOSED;

  1272. 		}

  1273. 		break;

  1274. 

  1275. 	case spaces_after_param:

  1276. 		if (!g_ascii_isspace (*in)) {

  1277. 			if (*in == '/' && *(in + 1) == '>') {

  1278. 				tag->flags |= FL_CLOSED;

  1279. 			}

  1280. 

  1281. 			state = parse_attr_name;

  1282. 			*savep = in;

  1283. 		}

  1284. 		break;

  1285. 

  1286. 	case ignore_bad_tag:

  1287. 		break;

  1288. 	}

  1289. 

  1290. 	*statep = state;

  1291. }

  1292. 

  1293. 

  1294. 

  1295. struct rspamd_url *

  1296. rspamd_html_process_url (rspamd_mempool_t *pool, const gchar *start, guint len,

  1297. 		struct html_tag_component *comp)

  1298. {

  1299. 	struct rspamd_url *url;

  1300. 	guint saved_flags = 0;

  1301. 	gchar *decoded;

  1302. 	gint rc;

  1303. 	gsize decoded_len;

  1304. 	const gchar *p, *s;

  1305. 	gchar *d;

  1306. 	guint i, dlen;

  1307. 	gboolean has_bad_chars = FALSE, no_prefix = FALSE;

  1308. 	static const gchar hexdigests[16] = "0123456789abcdef";

  1309. 

  1310. 	p = start;

  1311. 

  1312. 	/* Strip spaces from the url */

  1313. 	/* Head spaces */

  1314. 	while (p < start + len && g_ascii_isspace (*p)) {

  1315. 		p ++;

  1316. 		start ++;

  1317. 		len --;

  1318. 	}

  1319. 

  1320. 	if (comp) {

  1321. 		comp->start = p;

  1322. 		comp->len = len;

  1323. 	}

  1324. 

  1325. 	/* Trailing spaces */

  1326. 	p = start + len - 1;

  1327. 

  1328. 	while (p >= start && g_ascii_isspace (*p)) {

  1329. 		p --;

  1330. 		len --;

  1331. 

  1332. 		if (comp) {

  1333. 			comp->len --;

  1334. 		}

  1335. 	}

  1336. 

  1337. 	s = start;

  1338. 	dlen = 0;

  1339. 

  1340. 	for (i = 0; i < len; i ++) {

  1341. 		if (G_UNLIKELY (((guint)s[i]) < 0x80 && !g_ascii_isgraph (s[i]))) {

  1342. 			dlen += 3;

  1343. 		}

  1344. 		else {

  1345. 			dlen ++;

  1346. 		}

  1347. 	}

  1348. 

  1349. 	if (memchr (s, ':', len) == NULL) {

  1350. 		/* We have no prefix */

  1351. 		dlen += sizeof ("http://") - 1;

  1352. 		no_prefix = TRUE;

  1353. 	}

  1354. 

  1355. 	decoded = rspamd_mempool_alloc (pool, dlen + 1);

  1356. 	d = decoded;

  1357. 

  1358. 	if (no_prefix) {

  1359. 		if (s[0] == '/' && (len > 2 && s[1] == '/')) {

  1360. 			/* //bla case */

  1361. 			memcpy (d, "http:", sizeof ("http:") - 1);

  1362. 			d += sizeof ("http:") - 1;

  1363. 		}

  1364. 		else {

  1365. 			memcpy (d, "http://", sizeof ("http://") - 1);

  1366. 			d += sizeof ("http://") - 1;

  1367. 		}

  1368. 	}

  1369. 

  1370. 	/*

  1371. 	 * We also need to remove all internal newlines, spaces

  1372. 	 * and encode unsafe characters

  1373. 	 */

  1374. 	for (i = 0; i < len; i ++) {

  1375. 		if (G_UNLIKELY (g_ascii_isspace (s[i]))) {

  1376. 			continue;

  1377. 		}

  1378. 		else if (G_UNLIKELY (((guint)s[i]) < 0x80 && !g_ascii_isgraph (s[i]))) {

  1379. 			/* URL encode */

  1380. 			*d++ = '%';

  1381. 			*d++ = hexdigests[(s[i] >> 4) & 0xf];

  1382. 			*d++ = hexdigests[s[i] & 0xf];

  1383. 			has_bad_chars = TRUE;

  1384. 		}

  1385. 		else {

  1386. 			*d++ = s[i];

  1387. 		}

  1388. 	}

  1389. 

  1390. 	*d = '\0';

  1391. 	dlen = d - decoded;

  1392. 

  1393. 	url = rspamd_mempool_alloc0 (pool, sizeof (*url));

  1394. 

  1395. 	enum rspamd_normalise_result norm_res;

  1396. 

  1397. 	norm_res = rspamd_normalise_unicode_inplace (pool, decoded, &dlen);

  1398. 

  1399. 	if (norm_res & RSPAMD_UNICODE_NORM_UNNORMAL) {

  1400. 		saved_flags |= RSPAMD_URL_FLAG_UNNORMALISED;

  1401. 	}

  1402. 

  1403. 	if (norm_res & (RSPAMD_UNICODE_NORM_ZERO_SPACES|RSPAMD_UNICODE_NORM_ERROR)) {

  1404. 		saved_flags |= RSPAMD_URL_FLAG_OBSCURED;

  1405. 

  1406. 		if (norm_res & RSPAMD_UNICODE_NORM_ZERO_SPACES) {

  1407. 			saved_flags |= RSPAMD_URL_FLAG_ZW_SPACES;

  1408. 		}

  1409. 	}

  1410. 

  1411. 	rc = rspamd_url_parse (url, decoded, dlen, pool, RSPAMD_URL_PARSE_HREF);

  1412. 

  1413. 	if (rc == URI_ERRNO_OK) {

  1414. 		url->flags |= saved_flags;

  1415. 

  1416. 		if (has_bad_chars) {

  1417. 			url->flags |= RSPAMD_URL_FLAG_OBSCURED;

  1418. 		}

  1419. 

  1420. 		if (no_prefix) {

  1421. 			url->flags |= RSPAMD_URL_FLAG_SCHEMALESS;

  1422. 		}

  1423. 

  1424. 		decoded = url->string;

  1425. 		decoded_len = url->urllen;

  1426. 

  1427. 		if (comp) {

  1428. 			comp->start = decoded;

  1429. 			comp->len = decoded_len;

  1430. 		}

  1431. 		/* Spaces in href usually mean an attempt to obfuscate URL */

  1432. 		/* See https://github.com/vstakhov/rspamd/issues/593 */

  1433. #if 0

  1434. 		if (has_spaces) {

  1435. 			url->flags |= RSPAMD_URL_FLAG_OBSCURED;

  1436. 		}

  1437. #endif

  1438. 

  1439. 		return url;

  1440. 	}

  1441. 

  1442. 	return NULL;

  1443. }

  1444. 

  1445. static struct rspamd_url *

  1446. rspamd_html_process_url_tag (rspamd_mempool_t *pool, struct html_tag *tag,

  1447. 		struct html_content *hc)

  1448. {

  1449. 	struct html_tag_component *comp;

  1450. 	GList *cur;

  1451. 	struct rspamd_url *url;

  1452. 	const gchar *start;

  1453. 	gsize len;

  1454. 

  1455. 	cur = tag->params->head;

  1456. 

  1457. 	while (cur) {

  1458. 		comp = cur->data;

  1459. 

  1460. 		if (comp->type == RSPAMD_HTML_COMPONENT_HREF && comp->len > 0) {

  1461. 			start = comp->start;

  1462. 			len = comp->len;

  1463. 

  1464. 			/* Check base url */

  1465. 			if (hc && hc->base_url && comp->len > 2) {

  1466. 				/*

  1467. 				 * Relative url canot start from the following:

  1468. 				 * schema://

  1469. 				 * slash

  1470. 				 */

  1471. 				gchar *buf;

  1472. 				gsize orig_len;

  1473. 

  1474. 				if (rspamd_substring_search (start, len, "://", 3) == -1) {

  1475. 					/* Assume relative url */

  1476. 

  1477. 					gboolean need_slash = FALSE;

  1478. 

  1479. 					orig_len = len;

  1480. 					len += hc->base_url->urllen;

  1481. 

  1482. 					if (hc->base_url->string[hc->base_url->urllen - 1] != '/') {

  1483. 						need_slash = TRUE;

  1484. 						len ++;

  1485. 					}

  1486. 

  1487. 					buf = rspamd_mempool_alloc (pool, len + 1);

  1488. 					rspamd_snprintf (buf, len + 1, "%*s%s%*s",

  1489. 							hc->base_url->urllen, hc->base_url->string,

  1490. 							need_slash ? "/" : "",

  1491. 							(gint)orig_len, start);

  1492. 					start = buf;

  1493. 				}

  1494. 				else if (start[0] == '/' && start[1] != '/') {

  1495. 					/* Relative to the hostname */

  1496. 					orig_len = len;

  1497. 					len += hc->base_url->hostlen + hc->base_url->protocollen +

  1498. 							3 /* for :// */;

  1499. 					buf = rspamd_mempool_alloc (pool, len + 1);

  1500. 					rspamd_snprintf (buf, len + 1, "%*s://%*s/%*s",

  1501. 							hc->base_url->protocollen, hc->base_url->string,

  1502. 							hc->base_url->hostlen, hc->base_url->host,

  1503. 							(gint)orig_len, start);

  1504. 					start = buf;

  1505. 				}

  1506. 			}

  1507. 

  1508. 			url = rspamd_html_process_url (pool, start, len, comp);

  1509. 

  1510. 			if (url && tag->extra == NULL) {

  1511. 				tag->extra = url;

  1512. 			}

  1513. 

  1514. 			return url;

  1515. 		}

  1516. 

  1517. 		cur = g_list_next (cur);

  1518. 	}

  1519. 

  1520. 	return NULL;

  1521. }

  1522. 

  1523. static void

  1524. rspamd_process_html_url (rspamd_mempool_t *pool, struct rspamd_url *url,

  1525. 		GHashTable *tbl_urls, GHashTable *tbl_emails)

  1526. {

  1527. 	GHashTable *target_tbl;

  1528. 	struct rspamd_url *query_url, *existing;

  1529. 	gchar *url_str;

  1530. 	gint rc;

  1531. 	gboolean prefix_added;

  1532. 

  1533. 	if (url->flags & RSPAMD_URL_FLAG_UNNORMALISED) {

  1534. 		url->flags |= RSPAMD_URL_FLAG_OBSCURED;

  1535. 	}

  1536. 

  1537. 	if (url->querylen > 0) {

  1538. 

  1539. 		if (rspamd_url_find (pool, url->query, url->querylen, &url_str, FALSE,

  1540. 				NULL, &prefix_added)) {

  1541. 			query_url = rspamd_mempool_alloc0 (pool,

  1542. 					sizeof (struct rspamd_url));

  1543. 

  1544. 			rc = rspamd_url_parse (query_url,

  1545. 					url_str,

  1546. 					strlen (url_str),

  1547. 					pool,

  1548. 					RSPAMD_URL_PARSE_TEXT);

  1549. 

  1550. 			if (rc == URI_ERRNO_OK &&

  1551. 					query_url->hostlen > 0) {

  1552. 				msg_debug_html ("found url %s in query of url"

  1553. 						" %*s", url_str, url->querylen, url->query);

  1554. 

  1555. 				if (query_url->protocol == PROTOCOL_MAILTO) {

  1556. 					target_tbl = tbl_emails;

  1557. 				}

  1558. 				else {

  1559. 					target_tbl = tbl_urls;

  1560. 				}

  1561. 

  1562. 				if (prefix_added) {

  1563. 					query_url->flags |= RSPAMD_URL_FLAG_SCHEMALESS;

  1564. 				}

  1565. 

  1566. 				if (query_url->flags

  1567. 						& (RSPAMD_URL_FLAG_UNNORMALISED|RSPAMD_URL_FLAG_OBSCURED|

  1568. 							RSPAMD_URL_FLAG_NUMERIC)) {

  1569. 					/* Set obscured flag if query url is bad */

  1570. 					url->flags |= RSPAMD_URL_FLAG_OBSCURED;

  1571. 				}

  1572. 

  1573. 				/* And vice-versa */

  1574. 				if (url->flags & RSPAMD_URL_FLAG_OBSCURED) {

  1575. 					query_url->flags |= RSPAMD_URL_FLAG_OBSCURED;

  1576. 				}

  1577. 

  1578. 				if ((existing = g_hash_table_lookup (target_tbl,

  1579. 						query_url)) == NULL) {

  1580. 					g_hash_table_insert (target_tbl,

  1581. 							query_url,

  1582. 							query_url);

  1583. 				}

  1584. 				else {

  1585. 					existing->count ++;

  1586. 				}

  1587. 			}

  1588. 		}

  1589. 	}

  1590. }

  1591. 

  1592. static void

  1593. rspamd_html_process_data_image (rspamd_mempool_t *pool,

  1594. 								struct html_image *img,

  1595. 								struct html_tag_component *src)

  1596. {

  1597. 	/*

  1598. 	 * Here, we do very basic processing of the data:

  1599. 	 * detect if we have something like: `data:image/xxx;base64,yyyzzz==`

  1600. 	 * We only parse base64 encoded data.

  1601. 	 * We ignore content type so far

  1602. 	 */

  1603. 	struct rspamd_image *parsed_image;

  1604. 	const gchar *semicolon_pos = NULL, *end = src->start + src->len;

  1605. 

  1606. 	semicolon_pos = src->start;

  1607. 

  1608. 	while ((semicolon_pos = memchr (semicolon_pos, ';', end - semicolon_pos)) != NULL) {

  1609. 		if (end - semicolon_pos > sizeof ("base64,")) {

  1610. 			if (memcmp (semicolon_pos + 1, "base64,", sizeof ("base64,") - 1) == 0) {

  1611. 				const gchar *data_pos = semicolon_pos + sizeof ("base64,");

  1612. 				gchar *decoded;

  1613. 				gsize encoded_len = end - data_pos, decoded_len;

  1614. 				rspamd_ftok_t inp;

  1615. 

  1616. 				decoded_len = (encoded_len / 4 * 3) + 12;

  1617. 				decoded = rspamd_mempool_alloc (pool, decoded_len);

  1618. 				rspamd_cryptobox_base64_decode (data_pos, encoded_len,

  1619. 						decoded, &decoded_len);

  1620. 				inp.begin = decoded;

  1621. 				inp.len = decoded_len;

  1622. 

  1623. 				parsed_image = rspamd_maybe_process_image (pool, &inp);

  1624. 

  1625. 				if (parsed_image) {

  1626. 					msg_debug_html ("detected %s image of size %ud x %ud in data url",

  1627. 							rspamd_image_type_str (parsed_image->type),

  1628. 							parsed_image->width, parsed_image->height);

  1629. 					img->embedded_image = parsed_image;

  1630. 				}

  1631. 			}

  1632. 

  1633. 			break;

  1634. 		}

  1635. 		else {

  1636. 			/* Nothing useful */

  1637. 			return;

  1638. 		}

  1639. 

  1640. 		semicolon_pos ++;

  1641. 	}

  1642. }

  1643. 

  1644. static void

  1645. rspamd_html_process_img_tag (rspamd_mempool_t *pool, struct html_tag *tag,

  1646. 		struct html_content *hc)

  1647. {

  1648. 	struct html_tag_component *comp;

  1649. 	struct html_image *img;

  1650. 	rspamd_ftok_t fstr;

  1651. 	const guchar *p;

  1652. 	GList *cur;

  1653. 	gulong val;

  1654. 	gboolean seen_width = FALSE, seen_height = FALSE;

  1655. 	goffset pos;

  1656. 

  1657. 	cur = tag->params->head;

  1658. 	img = rspamd_mempool_alloc0 (pool, sizeof (*img));

  1659. 	img->tag = tag;

  1660. 

  1661. 	while (cur) {

  1662. 		comp = cur->data;

  1663. 

  1664. 		if (comp->type == RSPAMD_HTML_COMPONENT_HREF && comp->len > 0) {

  1665. 			fstr.begin = (gchar *)comp->start;

  1666. 			fstr.len = comp->len;

  1667. 			img->src = rspamd_mempool_ftokdup (pool, &fstr);

  1668. 

  1669. 			if (comp->len > sizeof ("cid:") - 1 && memcmp (comp->start,

  1670. 					"cid:", sizeof ("cid:") - 1) == 0) {

  1671. 				/* We have an embedded image */

  1672. 				img->flags |= RSPAMD_HTML_FLAG_IMAGE_EMBEDDED;

  1673. 			}

  1674. 			if (comp->len > sizeof ("data:") - 1 && memcmp (comp->start,

  1675. 					"data:", sizeof ("data:") - 1) == 0) {

  1676. 				/* We have an embedded image in HTML tag */

  1677. 				img->flags |=

  1678. 						(RSPAMD_HTML_FLAG_IMAGE_EMBEDDED|RSPAMD_HTML_FLAG_IMAGE_DATA);

  1679. 				rspamd_html_process_data_image (pool, img, comp);

  1680. 				hc->flags |= RSPAMD_HTML_FLAG_HAS_DATA_URLS;

  1681. 			}

  1682. 			else {

  1683. 				img->flags |= RSPAMD_HTML_FLAG_IMAGE_EXTERNAL;

  1684. 				if (img->src) {

  1685. 					img->url = rspamd_html_process_url (pool,

  1686. 							img->src, fstr.len, NULL);

  1687. 				}

  1688. 			}

  1689. 		}

  1690. 		else if (comp->type == RSPAMD_HTML_COMPONENT_HEIGHT) {

  1691. 			rspamd_strtoul (comp->start, comp->len, &val);

  1692. 			img->height = val;

  1693. 			seen_height = TRUE;

  1694. 		}

  1695. 		else if (comp->type == RSPAMD_HTML_COMPONENT_WIDTH) {

  1696. 			rspamd_strtoul (comp->start, comp->len, &val);

  1697. 			img->width = val;

  1698. 			seen_width = TRUE;

  1699. 		}

  1700. 		else if (comp->type == RSPAMD_HTML_COMPONENT_STYLE) {

  1701. 			/* Try to search for height= or width= in style tag */

  1702. 			if (!seen_height && comp->len > 0) {

  1703. 				pos = rspamd_substring_search_caseless (comp->start, comp->len,

  1704. 						"height", sizeof ("height") - 1);

  1705. 

  1706. 				if (pos != -1) {

  1707. 					p = comp->start + pos + sizeof ("height") - 1;

  1708. 

  1709. 					while (p < comp->start + comp->len) {

  1710. 						if (g_ascii_isdigit (*p)) {

  1711. 							rspamd_strtoul (p, comp->len - (p - comp->start), &val);

  1712. 							img->height = val;

  1713. 							break;

  1714. 						}

  1715. 						else if (!g_ascii_isspace (*p) && *p != '=' && *p != ':') {

  1716. 							/* Fallback */

  1717. 							break;

  1718. 						}

  1719. 						p ++;

  1720. 					}

  1721. 				}

  1722. 			}

  1723. 

  1724. 			if (!seen_width && comp->len > 0) {

  1725. 				pos = rspamd_substring_search_caseless (comp->start, comp->len,

  1726. 						"width", sizeof ("width") - 1);

  1727. 

  1728. 				if (pos != -1) {

  1729. 					p = comp->start + pos + sizeof ("width") - 1;

  1730. 

  1731. 					while (p < comp->start + comp->len) {

  1732. 						if (g_ascii_isdigit (*p)) {

  1733. 							rspamd_strtoul (p, comp->len - (p - comp->start), &val);

  1734. 							img->width = val;

  1735. 							break;

  1736. 						}

  1737. 						else if (!g_ascii_isspace (*p) && *p != '=' && *p != ':') {

  1738. 							/* Fallback */

  1739. 							break;

  1740. 						}

  1741. 						p ++;

  1742. 					}

  1743. 				}

  1744. 			}

  1745. 		}

  1746. 

  1747. 		cur = g_list_next (cur);

  1748. 	}

  1749. 

  1750. 	if (hc->images == NULL) {

  1751. 		hc->images = g_ptr_array_sized_new (4);

  1752. 		rspamd_mempool_add_destructor (pool, rspamd_ptr_array_free_hard,

  1753. 				hc->images);

  1754. 	}

  1755. 

  1756. 	if (img->embedded_image) {

  1757. 		if (!seen_height) {

  1758. 			img->height = img->embedded_image->height;

  1759. 		}

  1760. 		if (!seen_width) {

  1761. 			img->width = img->embedded_image->width;

  1762. 		}

  1763. 	}

  1764. 

  1765. 	g_ptr_array_add (hc->images, img);

  1766. 	tag->extra = img;

  1767. }

  1768. 

  1769. static void

  1770. rspamd_html_process_color (const gchar *line, guint len, struct html_color *cl)

  1771. {

  1772. 	const gchar *p = line, *end = line + len;

  1773. 	char hexbuf[7];

  1774. 	rspamd_ftok_t search;

  1775. 	struct html_color *el;

  1776. 

  1777. 	memset (cl, 0, sizeof (*cl));

  1778. 

  1779. 	if (*p == '#') {

  1780. 		/* HEX color */

  1781. 		p ++;

  1782. 		rspamd_strlcpy (hexbuf, p, MIN ((gint)sizeof(hexbuf), end - p + 1));

  1783. 		cl->d.val = strtoul (hexbuf, NULL, 16);

  1784. 		cl->d.comp.alpha = 255;

  1785. 		cl->valid = TRUE;

  1786. 	}

  1787. 	else if (len > 4 && rspamd_lc_cmp (p, "rgb", 3) == 0) {

  1788. 		/* We have something like rgba(x,x,x,x) or rgb(x,x,x) */

  1789. 		enum {

  1790. 			obrace,

  1791. 			num1,

  1792. 			num2,

  1793. 			num3,

  1794. 			num4,

  1795. 			skip_spaces

  1796. 		} state = skip_spaces, next_state = obrace;

  1797. 		gulong r = 0, g = 0, b = 0, opacity = 255;

  1798. 		const gchar *c;

  1799. 		gboolean valid = FALSE;

  1800. 

  1801. 		p += 3;

  1802. 

  1803. 		if (*p == 'a') {

  1804. 			p ++;

  1805. 		}

  1806. 

  1807. 		c = p;

  1808. 

  1809. 		while (p < end) {

  1810. 			switch (state) {

  1811. 			case obrace:

  1812. 				if (*p == '(') {

  1813. 					p ++;

  1814. 					state = skip_spaces;

  1815. 					next_state = num1;

  1816. 				}

  1817. 				else if (g_ascii_isspace (*p)) {

  1818. 					state = skip_spaces;

  1819. 					next_state = obrace;

  1820. 				}

  1821. 				else {

  1822. 					goto stop;

  1823. 				}

  1824. 				break;

  1825. 			case num1:

  1826. 				if (*p == ',') {

  1827. 					if (!rspamd_strtoul (c, p - c, &r)) {

  1828. 						goto stop;

  1829. 					}

  1830. 

  1831. 					p ++;

  1832. 					state = skip_spaces;

  1833. 					next_state = num2;

  1834. 				}

  1835. 				else if (!g_ascii_isdigit (*p)) {

  1836. 					goto stop;

  1837. 				}

  1838. 				else {

  1839. 					p ++;

  1840. 				}

  1841. 				break;

  1842. 			case num2:

  1843. 				if (*p == ',') {

  1844. 					if (!rspamd_strtoul (c, p - c, &g)) {

  1845. 						goto stop;

  1846. 					}

  1847. 

  1848. 					p ++;

  1849. 					state = skip_spaces;

  1850. 					next_state = num3;

  1851. 				}

  1852. 				else if (!g_ascii_isdigit (*p)) {

  1853. 					goto stop;

  1854. 				}

  1855. 				else {

  1856. 					p ++;

  1857. 				}

  1858. 				break;

  1859. 			case num3:

  1860. 				if (*p == ',') {

  1861. 					if (!rspamd_strtoul (c, p - c, &b)) {

  1862. 						goto stop;

  1863. 					}

  1864. 

  1865. 					valid = TRUE;

  1866. 					p ++;

  1867. 					state = skip_spaces;

  1868. 					next_state = num4;

  1869. 				}

  1870. 				else if (*p == ')') {

  1871. 					if (!rspamd_strtoul (c, p - c, &b)) {

  1872. 						goto stop;

  1873. 					}

  1874. 

  1875. 					valid = TRUE;

  1876. 					goto stop;

  1877. 				}

  1878. 				else if (!g_ascii_isdigit (*p)) {

  1879. 					goto stop;

  1880. 				}

  1881. 				else {

  1882. 					p ++;

  1883. 				}

  1884. 				break;

  1885. 			case num4:

  1886. 				if (*p == ',') {

  1887. 					if (!rspamd_strtoul (c, p - c, &opacity)) {

  1888. 						goto stop;

  1889. 					}

  1890. 

  1891. 					valid = TRUE;

  1892. 					goto stop;

  1893. 				}

  1894. 				else if (*p == ')') {

  1895. 					if (!rspamd_strtoul (c, p - c, &opacity)) {

  1896. 						goto stop;

  1897. 					}

  1898. 

  1899. 					valid = TRUE;

  1900. 					goto stop;

  1901. 				}

  1902. 				else if (!g_ascii_isdigit (*p)) {

  1903. 					goto stop;

  1904. 				}

  1905. 				else {

  1906. 					p ++;

  1907. 				}

  1908. 				break;

  1909. 			case skip_spaces:

  1910. 				if (!g_ascii_isspace (*p)) {

  1911. 					c = p;

  1912. 					state = next_state;

  1913. 				}

  1914. 				else {

  1915. 					p ++;

  1916. 				}

  1917. 				break;

  1918. 			}

  1919. 		}

  1920. 

  1921. 		stop:

  1922. 

  1923. 		if (valid) {

  1924. 			cl->d.comp.r = r;

  1925. 			cl->d.comp.g = g;

  1926. 			cl->d.comp.b = b;

  1927. 			cl->d.comp.alpha = opacity;

  1928. 			cl->valid = TRUE;

  1929. 		}

  1930. 	}

  1931. 	else {

  1932. 		khiter_t k;

  1933. 		/* Compare color by name */

  1934. 		search.begin = line;

  1935. 		search.len = len;

  1936. 

  1937. 		k = kh_get (color_by_name, html_color_by_name, &search);

  1938. 

  1939. 		if (k != kh_end (html_color_by_name)) {

  1940. 			el = &kh_val (html_color_by_name, k);

  1941. 			memcpy (cl, el, sizeof (*cl));

  1942. 			cl->d.comp.alpha = 255; /* Non transparent */

  1943. 		}

  1944. 	}

  1945. }

  1946. 

  1947. /*

  1948.  * Target is used for in and out if this function returns TRUE

  1949.  */

  1950. static gboolean

  1951. rspamd_html_process_css_size (const gchar *suffix, gsize len,

  1952. 		gdouble *tgt)

  1953. {

  1954. 	gdouble sz = *tgt;

  1955. 	gboolean ret = FALSE;

  1956. 

  1957. 	if (len >= 2) {

  1958. 		if (memcmp (suffix, "px", 2) == 0) {

  1959. 			sz = (guint) sz; /* Round to number */

  1960. 			ret = TRUE;

  1961. 		}

  1962. 		else if (memcmp (suffix, "em", 2) == 0) {

  1963. 			/* EM is 16 px, so multiply and round */

  1964. 			sz = (guint) (sz * 16.0);

  1965. 			ret = TRUE;

  1966. 		}

  1967. 		else if (len >= 3 && memcmp (suffix, "rem", 3) == 0) {

  1968. 			/* equal to EM in our case */

  1969. 			sz = (guint) (sz * 16.0);

  1970. 			ret = TRUE;

  1971. 		}

  1972. 		else if (memcmp (suffix, "ex", 2) == 0) {

  1973. 			/*

  1974. 			 * Represents the x-height of the element's font.

  1975. 			 * On fonts with the "x" letter, this is generally the height

  1976. 			 * of lowercase letters in the font; 1ex = 0.5em in many fonts.

  1977. 			 */

  1978. 			sz = (guint) (sz * 8.0);

  1979. 			ret = TRUE;

  1980. 		}

  1981. 		else if (memcmp (suffix, "vw", 2) == 0) {

  1982. 			/*

  1983. 			 * Vewport width in percentages:

  1984. 			 * we assume 1% of viewport width as 8px

  1985. 			 */

  1986. 			sz = (guint) (sz * 8.0);

  1987. 			ret = TRUE;

  1988. 		}

  1989. 		else if (memcmp (suffix, "vh", 2) == 0) {

  1990. 			/*

  1991. 			 * Vewport height in percentages

  1992. 			 * we assume 1% of viewport width as 6px

  1993. 			 */

  1994. 			sz = (guint) (sz * 6.0);

  1995. 			ret = TRUE;

  1996. 		}

  1997. 		else if (len >= 4 && memcmp (suffix, "vmax", 4) == 0) {

  1998. 			/*

  1999. 			 * Vewport width in percentages

  2000. 			 * we assume 1% of viewport width as 6px

  2001. 			 */

  2002. 			sz = (guint) (sz * 8.0);

  2003. 			ret = TRUE;

  2004. 		}

  2005. 		else if (len >= 4 && memcmp (suffix, "vmin", 4) == 0) {

  2006. 			/*

  2007. 			 * Vewport height in percentages

  2008. 			 * we assume 1% of viewport width as 6px

  2009. 			 */

  2010. 			sz = (guint) (sz * 6.0);

  2011. 			ret = TRUE;

  2012. 		}

  2013. 		else if (memcmp (suffix, "pt", 2) == 0) {

  2014. 			sz = (guint) (sz * 96.0 / 72.0); /* One point. 1pt = 1/72nd of 1in */

  2015. 			ret = TRUE;

  2016. 		}

  2017. 		else if (memcmp (suffix, "cm", 2) == 0) {

  2018. 			sz = (guint) (sz * 96.0 / 2.54); /* 96px/2.54 */

  2019. 			ret = TRUE;

  2020. 		}

  2021. 		else if (memcmp (suffix, "mm", 2) == 0) {

  2022. 			sz = (guint) (sz * 9.6 / 2.54); /* 9.6px/2.54 */

  2023. 			ret = TRUE;

  2024. 		}

  2025. 		else if (memcmp (suffix, "in", 2) == 0) {

  2026. 			sz = (guint) (sz * 96.0); /* 96px */

  2027. 			ret = TRUE;

  2028. 		}

  2029. 		else if (memcmp (suffix, "pc", 2) == 0) {

  2030. 			sz = (guint) (sz * 96.0 / 6.0); /* 1pc = 12pt = 1/6th of 1in. */

  2031. 			ret = TRUE;

  2032. 		}

  2033. 	}

  2034. 	else if (suffix[0] == '%') {

  2035. 		/* Percentages from 16 px */

  2036. 		sz = (guint)(sz / 100.0 * 16.0);

  2037. 		ret = TRUE;

  2038. 	}

  2039. 

  2040. 	if (ret) {

  2041. 		*tgt = sz;

  2042. 	}

  2043. 

  2044. 	return ret;

  2045. }

  2046. 

  2047. static void

  2048. rspamd_html_process_font_size (const gchar *line, guint len, guint *fs,

  2049. 							   gboolean is_css)

  2050. {

  2051. 	const gchar *p = line, *end = line + len;

  2052. 	gchar *err = NULL, numbuf[64];

  2053. 	gdouble sz = 0;

  2054. 	gboolean failsafe = FALSE;

  2055. 

  2056. 	while (p < end && g_ascii_isspace (*p)) {

  2057. 		p ++;

  2058. 		len --;

  2059. 	}

  2060. 

  2061. 	if (g_ascii_isdigit (*p)) {

  2062. 		rspamd_strlcpy (numbuf, p, MIN (sizeof (numbuf), len + 1));

  2063. 		sz = strtod (numbuf, &err);

  2064. 

  2065. 		/* Now check leftover */

  2066. 		if (sz < 0) {

  2067. 			sz = 0;

  2068. 		}

  2069. 	}

  2070. 	else {

  2071. 		/* Ignore the rest */

  2072. 		failsafe = TRUE;

  2073. 		sz = is_css ? 16 : 1;

  2074. 		/* TODO: add textual fonts descriptions */

  2075. 	}

  2076. 

  2077. 	if (err && *err != '\0') {

  2078. 		const gchar *e = err;

  2079. 		gsize slen;

  2080. 

  2081. 		/* Skip spaces */

  2082. 		while (*e && g_ascii_isspace (*e)) {

  2083. 			e ++;

  2084. 		}

  2085. 

  2086. 		/* Lowercase */

  2087. 		slen = strlen (e);

  2088. 		rspamd_str_lc ((gchar *)e, slen);

  2089. 

  2090. 		if (!rspamd_html_process_css_size (e, slen, &sz)) {

  2091. 			failsafe = TRUE;

  2092. 		}

  2093. 	}

  2094. 	else {

  2095. 		/* Failsafe naked number */

  2096. 		failsafe = TRUE;

  2097. 	}

  2098. 

  2099. 	if (failsafe) {

  2100. 		if (is_css) {

  2101. 			/*

  2102. 			 * In css mode we usually ignore sizes, but let's treat

  2103. 			 * small sizes specially

  2104. 			 */

  2105. 			if (sz < 1) {

  2106. 				sz = 0;

  2107. 			} else {

  2108. 				sz = 16; /* Ignore */

  2109. 			}

  2110. 		} else {

  2111. 			/* In non-css mode we have to check legacy size */

  2112. 			sz = sz >= 1 ? sz * 16 : 16;

  2113. 		}

  2114. 	}

  2115. 

  2116. 	if (sz > 32) {

  2117. 		sz = 32;

  2118. 	}

  2119. 

  2120. 	*fs = sz;

  2121. }

  2122. 

  2123. static void

  2124. rspamd_html_process_style (rspamd_mempool_t *pool, struct html_block *bl,

  2125. 		struct html_content *hc, const gchar *style, guint len)

  2126. {

  2127. 	const gchar *p, *c, *end, *key = NULL;

  2128. 	enum {

  2129. 		read_key,

  2130. 		read_colon,

  2131. 		read_value,

  2132. 		skip_spaces,

  2133. 	} state = skip_spaces, next_state = read_key;

  2134. 	guint klen = 0;

  2135. 	gdouble opacity = 1.0;

  2136. 

  2137. 	p = style;

  2138. 	c = p;

  2139. 	end = p + len;

  2140. 

  2141. 	while (p <= end) {

  2142. 		switch(state) {

  2143. 		case read_key:

  2144. 			if (p == end || *p == ':') {

  2145. 				key = c;

  2146. 				klen = p - c;

  2147. 				state = skip_spaces;

  2148. 				next_state = read_value;

  2149. 			}

  2150. 			else if (g_ascii_isspace (*p)) {

  2151. 				key = c;

  2152. 				klen = p - c;

  2153. 				state = skip_spaces;

  2154. 				next_state = read_colon;

  2155. 			}

  2156. 

  2157. 			p ++;

  2158. 			break;

  2159. 

  2160. 		case read_colon:

  2161. 			if (p == end || *p == ':') {

  2162. 				state = skip_spaces;

  2163. 				next_state = read_value;

  2164. 			}

  2165. 

  2166. 			p ++;

  2167. 			break;

  2168. 

  2169. 		case read_value:

  2170. 			if (p == end || *p == ';') {

  2171. 				if (key && klen && p - c > 0) {

  2172. 					if ((klen == 5 && g_ascii_strncasecmp (key, "color", 5) == 0)

  2173. 					|| (klen == 10 && g_ascii_strncasecmp (key, "font-color", 10) == 0)) {

  2174. 

  2175. 						rspamd_html_process_color (c, p - c, &bl->font_color);

  2176. 						msg_debug_html ("got color: %xd", bl->font_color.d.val);

  2177. 					}

  2178. 					else if ((klen == 16 && g_ascii_strncasecmp (key,

  2179. 							"background-color", 16) == 0) ||

  2180. 							(klen == 10 && g_ascii_strncasecmp (key,

  2181. 									"background", 10) == 0)) {

  2182. 

  2183. 						rspamd_html_process_color (c, p - c, &bl->background_color);

  2184. 						msg_debug_html ("got bgcolor: %xd", bl->background_color.d.val);

  2185. 					}

  2186. 					else if (klen == 7 && g_ascii_strncasecmp (key, "display", 7) == 0) {

  2187. 						if (p - c >= 4 && rspamd_substring_search_caseless (c, p - c,

  2188. 								"none", 4) != -1) {

  2189. 							bl->visible = FALSE;

  2190. 							msg_debug_html ("tag is not visible");

  2191. 						}

  2192. 					}

  2193. 					else if (klen == 9 &&

  2194. 							 g_ascii_strncasecmp (key, "font-size", 9) == 0) {

  2195. 						rspamd_html_process_font_size (c, p - c,

  2196. 								&bl->font_size, TRUE);

  2197. 						msg_debug_html ("got font size: %ud", bl->font_size);

  2198. 					}

  2199. 					else if (klen == 7 &&

  2200. 							 g_ascii_strncasecmp (key, "opacity", 7) == 0) {

  2201. 						gchar numbuf[64];

  2202. 

  2203. 						rspamd_strlcpy (numbuf, c,

  2204. 								MIN (sizeof (numbuf), p - c + 1));

  2205. 						opacity = strtod (numbuf, NULL);

  2206. 

  2207. 						if (opacity > 1) {

  2208. 							opacity = 1;

  2209. 						}

  2210. 						else if (opacity < 0) {

  2211. 							opacity = 0;

  2212. 						}

  2213. 

  2214. 						bl->font_color.d.comp.alpha = (guint8)(opacity * 255.0);

  2215. 					}

  2216. 					else if (klen == 10 &&

  2217. 							 g_ascii_strncasecmp (key, "visibility", 10) == 0) {

  2218. 						if (p - c >= 6 && rspamd_substring_search_caseless (c,

  2219. 								p - c,

  2220. 								"hidden", 6) != -1) {

  2221. 							bl->visible = FALSE;

  2222. 							msg_debug_html ("tag is not visible");

  2223. 						}

  2224. 					}

  2225. 				}

  2226. 

  2227. 				key = NULL;

  2228. 				klen = 0;

  2229. 				state = skip_spaces;

  2230. 				next_state = read_key;

  2231. 			}

  2232. 

  2233. 			p ++;

  2234. 			break;

  2235. 

  2236. 		case skip_spaces:

  2237. 			if (p < end && !g_ascii_isspace (*p)) {

  2238. 				c = p;

  2239. 				state = next_state;

  2240. 			}

  2241. 			else {

  2242. 				p ++;

  2243. 			}

  2244. 

  2245. 			break;

  2246. 		}

  2247. 	}

  2248. }

  2249. 

  2250. static void

  2251. rspamd_html_process_block_tag (rspamd_mempool_t *pool, struct html_tag *tag,

  2252. 		struct html_content *hc)

  2253. {

  2254. 	struct html_tag_component *comp;

  2255. 	struct html_block *bl;

  2256. 	rspamd_ftok_t fstr;

  2257. 	GList *cur;

  2258. 

  2259. 	cur = tag->params->head;

  2260. 	bl = rspamd_mempool_alloc0 (pool, sizeof (*bl));

  2261. 	bl->tag = tag;

  2262. 	bl->visible = TRUE;

  2263. 	bl->font_size = (guint)-1;

  2264. 	bl->font_color.d.comp.alpha = 255;

  2265. 

  2266. 	while (cur) {

  2267. 		comp = cur->data;

  2268. 

  2269. 		if (comp->len > 0) {

  2270. 			switch (comp->type) {

  2271. 			case RSPAMD_HTML_COMPONENT_COLOR:

  2272. 				fstr.begin = (gchar *) comp->start;

  2273. 				fstr.len = comp->len;

  2274. 				rspamd_html_process_color (comp->start, comp->len,

  2275. 						&bl->font_color);

  2276. 				msg_debug_html ("got color: %xd", bl->font_color.d.val);

  2277. 				break;

  2278. 			case RSPAMD_HTML_COMPONENT_BGCOLOR:

  2279. 				fstr.begin = (gchar *) comp->start;

  2280. 				fstr.len = comp->len;

  2281. 				rspamd_html_process_color (comp->start, comp->len,

  2282. 						&bl->background_color);

  2283. 				msg_debug_html ("got color: %xd", bl->font_color.d.val);

  2284. 

  2285. 				if (tag->id == Tag_BODY) {

  2286. 					/* Set global background color */

  2287. 					memcpy (&hc->bgcolor, &bl->background_color,

  2288. 							sizeof (hc->bgcolor));

  2289. 				}

  2290. 				break;

  2291. 			case RSPAMD_HTML_COMPONENT_STYLE:

  2292. 				bl->style.len = comp->len;

  2293. 				bl->style.start = comp->start;

  2294. 				msg_debug_html ("got style: %*s", (gint) bl->style.len,

  2295. 						bl->style.start);

  2296. 				rspamd_html_process_style (pool, bl, hc, comp->start, comp->len);

  2297. 				break;

  2298. 			case RSPAMD_HTML_COMPONENT_CLASS:

  2299. 				fstr.begin = (gchar *) comp->start;

  2300. 				fstr.len = comp->len;

  2301. 				bl->class = rspamd_mempool_ftokdup (pool, &fstr);

  2302. 				msg_debug_html ("got class: %s", bl->class);

  2303. 				break;

  2304. 			case RSPAMD_HTML_COMPONENT_SIZE:

  2305. 				fstr.begin = (gchar *) comp->start;

  2306. 				fstr.len = comp->len;

  2307. 				rspamd_html_process_color (comp->start, comp->len,

  2308. 						&bl->font_color);

  2309. 				msg_debug_html ("got color: %xd", bl->font_color.d.val);

  2310. 				break;

  2311. 			default:

  2312. 				/* NYI */

  2313. 				break;

  2314. 			}

  2315. 		}

  2316. 

  2317. 		cur = g_list_next (cur);

  2318. 	}

  2319. 

  2320. 	if (hc->blocks == NULL) {

  2321. 		hc->blocks = g_ptr_array_sized_new (64);

  2322. 		rspamd_mempool_add_destructor (pool, rspamd_ptr_array_free_hard,

  2323. 				hc->blocks);

  2324. 	}

  2325. 

  2326. 	g_ptr_array_add (hc->blocks, bl);

  2327. 	tag->extra = bl;

  2328. }

  2329. 

  2330. static void

  2331. rspamd_html_check_displayed_url (rspamd_mempool_t *pool,

  2332. 		GList **exceptions, GHashTable *urls, GHashTable *emails,

  2333. 		GByteArray *dest, GHashTable *target_tbl,

  2334. 		gint href_offset,

  2335. 		struct rspamd_url *url)

  2336. {

  2337. 	struct rspamd_url *displayed_url = NULL;

  2338. 	struct rspamd_url *turl;

  2339. 	gboolean url_found = FALSE;

  2340. 	struct rspamd_process_exception *ex;

  2341. 

  2342. 	if (href_offset <= 0) {

  2343. 		/* No dispalyed url, just some text within <a> tag */

  2344. 		return;

  2345. 	}

  2346. 

  2347. 	rspamd_html_url_is_phished (pool, url,

  2348. 			dest->data + href_offset,

  2349. 			dest->len - href_offset,

  2350. 			&url_found, &displayed_url);

  2351. 

  2352. 	if (exceptions && url_found) {

  2353. 		ex = rspamd_mempool_alloc (pool,

  2354. 				sizeof (*ex));

  2355. 		ex->pos = href_offset;

  2356. 		ex->len = dest->len - href_offset;

  2357. 		ex->type = RSPAMD_EXCEPTION_URL;

  2358. 		ex->ptr = url;

  2359. 

  2360. 		*exceptions = g_list_prepend (*exceptions,

  2361. 				ex);

  2362. 	}

  2363. 

  2364. 	if (displayed_url) {

  2365. 		if (displayed_url->protocol ==

  2366. 				PROTOCOL_MAILTO) {

  2367. 			target_tbl = emails;

  2368. 		}

  2369. 		else {

  2370. 			target_tbl = urls;

  2371. 		}

  2372. 

  2373. 		if (target_tbl != NULL) {

  2374. 			turl = g_hash_table_lookup (target_tbl,

  2375. 					displayed_url);

  2376. 

  2377. 			if (turl != NULL) {

  2378. 				/* Here, we assume the following:

  2379. 				 * if we have a URL in the text part which

  2380. 				 * is the same as displayed URL in the

  2381. 				 * HTML part, we assume that it is also

  2382. 				 * hint only.

  2383. 				 */

  2384. 				if (turl->flags &

  2385. 						RSPAMD_URL_FLAG_FROM_TEXT) {

  2386. 					turl->flags |= RSPAMD_URL_FLAG_HTML_DISPLAYED;

  2387. 					turl->flags &= ~RSPAMD_URL_FLAG_FROM_TEXT;

  2388. 				}

  2389. 

  2390. 				turl->count ++;

  2391. 			}

  2392. 			else {

  2393. 				g_hash_table_insert (target_tbl,

  2394. 						displayed_url,

  2395. 						displayed_url);

  2396. 			}

  2397. 		}

  2398. 	}

  2399. }

  2400. 

  2401. static gboolean

  2402. rspamd_html_propagate_lengths (GNode *node, gpointer _unused)

  2403. {

  2404. 	GNode *child;

  2405. 	struct html_tag *tag = node->data, *cld_tag;

  2406. 

  2407. 	if (tag) {

  2408. 		child = node->children;

  2409. 

  2410. 		/* Summarize content length from children */

  2411. 		while (child) {

  2412. 			cld_tag = child->data;

  2413. 			tag->content_length += cld_tag->content_length;

  2414. 			child = child->next;

  2415. 		}

  2416. 	}

  2417. 

  2418. 	return FALSE;

  2419. }

  2420. 

  2421. static void

  2422. rspamd_html_propagate_style (struct html_content *hc,

  2423. 							 struct html_tag *tag,

  2424. 							 struct html_block *bl,

  2425. 							 GQueue *blocks)

  2426. {

  2427. 	struct html_block *bl_parent;

  2428. 	gboolean push_block = FALSE;

  2429. 

  2430. 

  2431. 	/* Propagate from the parent if needed */

  2432. 	bl_parent = g_queue_peek_tail (blocks);

  2433. 

  2434. 	if (bl_parent) {

  2435. 		if (!bl->background_color.valid) {

  2436. 			/* Try to propagate background color from parent nodes */

  2437. 			if (bl_parent->background_color.valid) {

  2438. 				memcpy (&bl->background_color, &bl_parent->background_color,

  2439. 						sizeof (bl->background_color));

  2440. 			}

  2441. 		}

  2442. 		else {

  2443. 			push_block = TRUE;

  2444. 		}

  2445. 

  2446. 		if (!bl->font_color.valid) {

  2447. 			/* Try to propagate background color from parent nodes */

  2448. 			if (bl_parent->font_color.valid) {

  2449. 				memcpy (&bl->font_color, &bl_parent->font_color,

  2450. 						sizeof (bl->font_color));

  2451. 			}

  2452. 		}

  2453. 		else {

  2454. 			push_block = TRUE;

  2455. 		}

  2456. 

  2457. 		/* Propagate font size */

  2458. 		if (bl->font_size == (guint)-1) {

  2459. 			if (bl_parent->font_size != (guint)-1) {

  2460. 				bl->font_size = bl_parent->font_size;

  2461. 			}

  2462. 		}

  2463. 		else {

  2464. 			push_block = TRUE;

  2465. 		}

  2466. 	}

  2467. 

  2468. 	/* Set bgcolor to the html bgcolor and font color to black as a last resort */

  2469. 	if (!bl->font_color.valid) {

  2470. 		/* Don't touch opacity as it can be set separately */

  2471. 		bl->font_color.d.comp.r = 0;

  2472. 		bl->font_color.d.comp.g = 0;

  2473. 		bl->font_color.d.comp.b = 0;

  2474. 		bl->font_color.valid = TRUE;

  2475. 	}

  2476. 	else {

  2477. 		push_block = TRUE;

  2478. 	}

  2479. 

  2480. 	if (!bl->background_color.valid) {

  2481. 		memcpy (&bl->background_color, &hc->bgcolor, sizeof (hc->bgcolor));

  2482. 	}

  2483. 	else {

  2484. 		push_block = TRUE;

  2485. 	}

  2486. 

  2487. 	if (bl->font_size == (guint)-1) {

  2488. 		bl->font_size = 16; /* Default for browsers */

  2489. 	}

  2490. 	else {

  2491. 		push_block = TRUE;

  2492. 	}

  2493. 

  2494. 	if (push_block && !(tag->flags & FL_CLOSED)) {

  2495. 		g_queue_push_tail (blocks, bl);

  2496. 	}

  2497. }

  2498. 

  2499. GByteArray*

  2500. rspamd_html_process_part_full (rspamd_mempool_t *pool, struct html_content *hc,

  2501. 		GByteArray *in, GList **exceptions, GHashTable *urls,  GHashTable *emails)

  2502. {

  2503. 	const guchar *p, *c, *end, *savep = NULL;

  2504. 	guchar t;

  2505. 	gboolean closing = FALSE, need_decode = FALSE, save_space = FALSE,

  2506. 			balanced;

  2507. 	GByteArray *dest;

  2508. 	GHashTable *target_tbl;

  2509. 	guint obrace = 0, ebrace = 0;

  2510. 	GNode *cur_level = NULL;

  2511. 	gint substate = 0, len, href_offset = -1;

  2512. 	struct html_tag *cur_tag = NULL, *content_tag = NULL;

  2513. 	struct rspamd_url *url = NULL, *turl;

  2514. 	GQueue *styles_blocks;

  2515. 

  2516. 	enum {

  2517. 		parse_start = 0,

  2518. 		tag_begin,

  2519. 		sgml_tag,

  2520. 		xml_tag,

  2521. 		compound_tag,

  2522. 		comment_tag,

  2523. 		comment_content,

  2524. 		sgml_content,

  2525. 		tag_content,

  2526. 		tag_end,

  2527. 		xml_tag_end,

  2528. 		content_ignore,

  2529. 		content_write,

  2530. 		content_ignore_sp

  2531. 	} state = parse_start;

  2532. 

  2533. 	g_assert (in != NULL);

  2534. 	g_assert (hc != NULL);

  2535. 	g_assert (pool != NULL);

  2536. 

  2537. 	rspamd_html_library_init ();

  2538. 	hc->tags_seen = rspamd_mempool_alloc0 (pool, NBYTES (G_N_ELEMENTS (tag_defs)));

  2539. 

  2540. 	/* Set white background color by default */

  2541. 	hc->bgcolor.d.comp.alpha = 0;

  2542. 	hc->bgcolor.d.comp.r = 255;

  2543. 	hc->bgcolor.d.comp.g = 255;

  2544. 	hc->bgcolor.d.comp.b = 255;

  2545. 	hc->bgcolor.valid = TRUE;

  2546. 

  2547. 	dest = g_byte_array_sized_new (in->len / 3 * 2);

  2548. 	styles_blocks = g_queue_new ();

  2549. 

  2550. 	p = in->data;

  2551. 	c = p;

  2552. 	end = p + in->len;

  2553. 

  2554. 	while (p < end) {

  2555. 		t = *p;

  2556. 

  2557. 		switch (state) {

  2558. 		case parse_start:

  2559. 			if (t == '<') {

  2560. 				state = tag_begin;

  2561. 			}

  2562. 			else {

  2563. 				/* We have no starting tag, so assume that it's content */

  2564. 				hc->flags |= RSPAMD_HTML_FLAG_BAD_START;

  2565. 				state = content_write;

  2566. 			}

  2567. 

  2568. 			break;

  2569. 		case tag_begin:

  2570. 			switch (t) {

  2571. 			case '<':

  2572. 				p ++;

  2573. 				closing = FALSE;

  2574. 				break;

  2575. 			case '!':

  2576. 				state = sgml_tag;

  2577. 				p ++;

  2578. 				break;

  2579. 			case '?':

  2580. 				state = xml_tag;

  2581. 				hc->flags |= RSPAMD_HTML_FLAG_XML;

  2582. 				p ++;

  2583. 				break;

  2584. 			case '/':

  2585. 				closing = TRUE;

  2586. 				p ++;

  2587. 				break;

  2588. 			case '>':

  2589. 				/* Empty tag */

  2590. 				hc->flags |= RSPAMD_HTML_FLAG_BAD_ELEMENTS;

  2591. 				state = tag_end;

  2592. 				continue;

  2593. 			default:

  2594. 				state = tag_content;

  2595. 				substate = 0;

  2596. 				savep = NULL;

  2597. 				cur_tag = rspamd_mempool_alloc0 (pool, sizeof (*cur_tag));

  2598. 				cur_tag->params = g_queue_new ();

  2599. 				rspamd_mempool_add_destructor (pool,

  2600. 						(rspamd_mempool_destruct_t)g_queue_free, cur_tag->params);

  2601. 				break;

  2602. 			}

  2603. 

  2604. 			break;

  2605. 

  2606. 		case sgml_tag:

  2607. 			switch (t) {

  2608. 			case '[':

  2609. 				state = compound_tag;

  2610. 				obrace = 1;

  2611. 				ebrace = 0;

  2612. 				p ++;

  2613. 				break;

  2614. 			case '-':

  2615. 				state = comment_tag;

  2616. 				p ++;

  2617. 				break;

  2618. 			default:

  2619. 				state = sgml_content;

  2620. 				break;

  2621. 			}

  2622. 

  2623. 			break;

  2624. 

  2625. 		case xml_tag:

  2626. 			if (t == '?') {

  2627. 				state = xml_tag_end;

  2628. 			}

  2629. 			else if (t == '>') {

  2630. 				/* Misformed xml tag */

  2631. 				hc->flags |= RSPAMD_HTML_FLAG_BAD_ELEMENTS;

  2632. 				state = tag_end;

  2633. 				continue;

  2634. 			}

  2635. 			/* We efficiently ignore xml tags */

  2636. 			p ++;

  2637. 			break;

  2638. 

  2639. 		case xml_tag_end:

  2640. 			if (t == '>') {

  2641. 				state = tag_end;

  2642. 				continue;

  2643. 			}

  2644. 			else {

  2645. 				hc->flags |= RSPAMD_HTML_FLAG_BAD_ELEMENTS;

  2646. 				p ++;

  2647. 			}

  2648. 			break;

  2649. 

  2650. 		case compound_tag:

  2651. 			if (t == '[') {

  2652. 				obrace ++;

  2653. 			}

  2654. 			else if (t == ']') {

  2655. 				ebrace ++;

  2656. 			}

  2657. 			else if (t == '>' && obrace == ebrace) {

  2658. 				state = tag_end;

  2659. 				continue;

  2660. 			}

  2661. 			p ++;

  2662. 			break;

  2663. 

  2664. 		case comment_tag:

  2665. 			if (t != '-')  {

  2666. 				hc->flags |= RSPAMD_HTML_FLAG_BAD_ELEMENTS;

  2667. 			}

  2668. 			p ++;

  2669. 			ebrace = 0;

  2670. 			state = comment_content;

  2671. 			break;

  2672. 

  2673. 		case comment_content:

  2674. 			if (t == '-') {

  2675. 				ebrace ++;

  2676. 			}

  2677. 			else if (t == '>' && ebrace >= 2) {

  2678. 				state = tag_end;

  2679. 				continue;

  2680. 			}

  2681. 			else {

  2682. 				ebrace = 0;

  2683. 			}

  2684. 

  2685. 			p ++;

  2686. 			break;

  2687. 

  2688. 		case content_ignore:

  2689. 			if (t != '<') {

  2690. 				p ++;

  2691. 			}

  2692. 			else {

  2693. 				if (content_tag) {

  2694. 					if (content_tag->content == NULL) {

  2695. 						content_tag->content = c;

  2696. 					}

  2697. 

  2698. 					content_tag->content_length += p - c;

  2699. 				}

  2700. 				state = tag_begin;

  2701. 			}

  2702. 			break;

  2703. 

  2704. 		case content_write:

  2705. 

  2706. 			if (t != '<') {

  2707. 				if (t == '&') {

  2708. 					need_decode = TRUE;

  2709. 				}

  2710. 				else if (g_ascii_isspace (t)) {

  2711. 					save_space = TRUE;

  2712. 

  2713. 					if (p > c) {

  2714. 						if (need_decode) {

  2715. 							goffset old_offset = dest->len;

  2716. 

  2717. 							g_byte_array_append (dest, c, (p - c));

  2718. 

  2719. 							len = rspamd_html_decode_entitles_inplace (

  2720. 									dest->data + old_offset,

  2721. 									p - c);

  2722. 							dest->len = dest->len + len - (p - c);

  2723. 						}

  2724. 						else {

  2725. 							len = p - c;

  2726. 							g_byte_array_append (dest, c, len);

  2727. 						}

  2728. 

  2729. 						if (content_tag) {

  2730. 							if (content_tag->content == NULL) {

  2731. 								content_tag->content = c;

  2732. 							}

  2733. 

  2734. 							content_tag->content_length += p - c + 1;

  2735. 						}

  2736. 					}

  2737. 

  2738. 					c = p;

  2739. 					state = content_ignore_sp;

  2740. 				}

  2741. 				else {

  2742. 					if (save_space) {

  2743. 						/* Append one space if needed */

  2744. 						if (dest->len > 0 &&

  2745. 								!g_ascii_isspace (dest->data[dest->len - 1])) {

  2746. 							g_byte_array_append (dest, " ", 1);

  2747. 						}

  2748. 						save_space = FALSE;

  2749. 					}

  2750. 				}

  2751. 			}

  2752. 			else {

  2753. 				if (c != p) {

  2754. 

  2755. 					if (need_decode) {

  2756. 						goffset old_offset = dest->len;

  2757. 

  2758. 						g_byte_array_append (dest, c, (p - c));

  2759. 						len = rspamd_html_decode_entitles_inplace (

  2760. 								dest->data + old_offset,

  2761. 								p - c);

  2762. 						dest->len = dest->len + len - (p - c);

  2763. 					}

  2764. 					else {

  2765. 						len = p - c;

  2766. 						g_byte_array_append (dest, c, len);

  2767. 					}

  2768. 

  2769. 

  2770. 					if (content_tag) {

  2771. 						if (content_tag->content == NULL) {

  2772. 							content_tag->content = c;

  2773. 						}

  2774. 

  2775. 						content_tag->content_length += p - c;

  2776. 					}

  2777. 				}

  2778. 

  2779. 				content_tag = NULL;

  2780. 

  2781. 				state = tag_begin;

  2782. 				continue;

  2783. 			}

  2784. 

  2785. 			p ++;

  2786. 			break;

  2787. 

  2788. 		case content_ignore_sp:

  2789. 			if (!g_ascii_isspace (t)) {

  2790. 				c = p;

  2791. 				state = content_write;

  2792. 				continue;

  2793. 			}

  2794. 

  2795. 			if (content_tag) {

  2796. 				content_tag->content_length ++;

  2797. 			}

  2798. 

  2799. 			p ++;

  2800. 			break;

  2801. 

  2802. 		case sgml_content:

  2803. 			/* TODO: parse DOCTYPE here */

  2804. 			if (t == '>') {

  2805. 				state = tag_end;

  2806. 				/* We don't know a lot about sgml tags, ignore them */

  2807. 				cur_tag = NULL;

  2808. 				continue;

  2809. 			}

  2810. 			p ++;

  2811. 			break;

  2812. 

  2813. 		case tag_content:

  2814. 			rspamd_html_parse_tag_content (pool, hc, cur_tag,

  2815. 					p, &substate, &savep);

  2816. 			if (t == '>') {

  2817. 				if (closing) {

  2818. 					cur_tag->flags |= FL_CLOSING;

  2819. 

  2820. 					if (cur_tag->flags & FL_CLOSED) {

  2821. 						/* Bad mix of closed and closing */

  2822. 						hc->flags |= RSPAMD_HTML_FLAG_BAD_ELEMENTS;

  2823. 					}

  2824. 

  2825. 					closing = FALSE;

  2826. 				}

  2827. 

  2828. 				state = tag_end;

  2829. 				continue;

  2830. 			}

  2831. 			p ++;

  2832. 			break;

  2833. 

  2834. 		case tag_end:

  2835. 			substate = 0;

  2836. 			savep = NULL;

  2837. 

  2838. 			if (cur_tag != NULL) {

  2839. 				balanced = TRUE;

  2840. 

  2841. 				if (rspamd_html_process_tag (pool, hc, cur_tag, &cur_level,

  2842. 						&balanced)) {

  2843. 					state = content_write;

  2844. 					need_decode = FALSE;

  2845. 				}

  2846. 				else {

  2847. 					state = content_ignore;

  2848. 				}

  2849. 

  2850. 				if (cur_tag->id != -1 && cur_tag->id < N_TAGS) {

  2851. 					if (cur_tag->flags & CM_UNIQUE) {

  2852. 						if (isset (hc->tags_seen, cur_tag->id)) {

  2853. 							/* Duplicate tag has been found */

  2854. 							hc->flags |= RSPAMD_HTML_FLAG_DUPLICATE_ELEMENTS;

  2855. 						}

  2856. 					}

  2857. 					setbit (hc->tags_seen, cur_tag->id);

  2858. 				}

  2859. 

  2860. 				if (!(cur_tag->flags & (FL_CLOSED|FL_CLOSING))) {

  2861. 					content_tag = cur_tag;

  2862. 				}

  2863. 

  2864. 				/* Handle newlines */

  2865. 				if (cur_tag->id == Tag_BR || cur_tag->id == Tag_HR) {

  2866. 					if (dest->len > 0 && dest->data[dest->len - 1] != '\n') {

  2867. 						g_byte_array_append (dest, "\r\n", 2);

  2868. 					}

  2869. 					save_space = FALSE;

  2870. 				}

  2871. 

  2872. 				if ((cur_tag->id == Tag_P ||

  2873. 						cur_tag->id == Tag_TR ||

  2874. 						cur_tag->id == Tag_DIV)) {

  2875. 					if (dest->len > 0 && dest->data[dest->len - 1] != '\n') {

  2876. 						g_byte_array_append (dest, "\r\n", 2);

  2877. 					}

  2878. 					save_space = FALSE;

  2879. 				}

  2880. 

  2881. 				if (cur_tag->id == Tag_A || cur_tag->id == Tag_IFRAME) {

  2882. 					if (!(cur_tag->flags & (FL_CLOSING))) {

  2883. 						url = rspamd_html_process_url_tag (pool, cur_tag, hc);

  2884. 

  2885. 						if (url != NULL) {

  2886. 

  2887. 							if (url->protocol == PROTOCOL_MAILTO) {

  2888. 								target_tbl = emails;

  2889. 							}

  2890. 							else {

  2891. 								target_tbl = urls;

  2892. 							}

  2893. 

  2894. 							if (target_tbl != NULL) {

  2895. 								turl = g_hash_table_lookup (target_tbl, url);

  2896. 

  2897. 								if (turl == NULL) {

  2898. 									g_hash_table_insert (target_tbl, url, url);

  2899. 								}

  2900. 								else {

  2901. 									turl->count ++;

  2902. 									url = NULL;

  2903. 								}

  2904. 

  2905. 								if (turl == NULL && url != NULL) {

  2906. 									rspamd_process_html_url (pool,

  2907. 											url,

  2908. 											urls, emails);

  2909. 								}

  2910. 							}

  2911. 

  2912. 							href_offset = dest->len;

  2913. 						}

  2914. 					}

  2915. 

  2916. 					if (cur_tag->id == Tag_A) {

  2917. 						if (!balanced && cur_level && cur_level->prev) {

  2918. 							struct html_tag *prev_tag;

  2919. 							struct rspamd_url *prev_url;

  2920. 

  2921. 							prev_tag = cur_level->prev->data;

  2922. 

  2923. 							if (prev_tag->id == Tag_A &&

  2924. 									!(prev_tag->flags & (FL_CLOSING)) &&

  2925. 									prev_tag->extra) {

  2926. 								prev_url = prev_tag->extra;

  2927. 

  2928. 								rspamd_html_check_displayed_url (pool,

  2929. 										exceptions, urls, emails,

  2930. 										dest, target_tbl, href_offset,

  2931. 										prev_url);

  2932. 							}

  2933. 						}

  2934. 

  2935. 						if (cur_tag->flags & (FL_CLOSING)) {

  2936. 

  2937. 							/* Insert exception */

  2938. 							if (url != NULL && (gint) dest->len > href_offset) {

  2939. 								rspamd_html_check_displayed_url (pool,

  2940. 										exceptions, urls, emails,

  2941. 										dest, target_tbl, href_offset,

  2942. 										url);

  2943. 

  2944. 							}

  2945. 

  2946. 							href_offset = -1;

  2947. 							url = NULL;

  2948. 						}

  2949. 					}

  2950. 				}

  2951. 				else if (cur_tag->id == Tag_LINK) {

  2952. 					url = rspamd_html_process_url_tag (pool, cur_tag, hc);

  2953. 				}

  2954. 				else if (cur_tag->id == Tag_BASE && !(cur_tag->flags & (FL_CLOSING))) {

  2955. 					struct html_tag *prev_tag = NULL;

  2956. 

  2957. 					if (cur_level && cur_level->parent) {

  2958. 						prev_tag = cur_level->parent->data;

  2959. 					}

  2960. 

  2961. 					/*

  2962. 					 * Base is allowed only within head tag but we slightly

  2963. 					 * relax that

  2964. 					 */

  2965. 					if (!prev_tag || prev_tag->id == Tag_HEAD ||

  2966. 						prev_tag->id == Tag_HTML) {

  2967. 						url = rspamd_html_process_url_tag (pool, cur_tag, hc);

  2968. 

  2969. 						if (url != NULL && hc->base_url == NULL) {

  2970. 							/* We have a base tag available */

  2971. 							hc->base_url = url;

  2972. 						}

  2973. 					}

  2974. 				}

  2975. 

  2976. 				if (cur_tag->id == Tag_IMG && !(cur_tag->flags & FL_CLOSING)) {

  2977. 					rspamd_html_process_img_tag (pool, cur_tag, hc);

  2978. 				}

  2979. 				else if (cur_tag->flags & FL_BLOCK) {

  2980. 					struct html_block *bl;

  2981. 

  2982. 					if (cur_tag->flags & FL_CLOSING) {

  2983. 						/* Just remove block element from the queue if any */

  2984. 						if (styles_blocks->length > 0) {

  2985. 							g_queue_pop_tail (styles_blocks);

  2986. 						}

  2987. 					}

  2988. 					else {

  2989. 						rspamd_html_process_block_tag (pool, cur_tag, hc);

  2990. 						bl = cur_tag->extra;

  2991. 

  2992. 						if (bl) {

  2993. 							rspamd_html_propagate_style (hc, cur_tag,

  2994. 									cur_tag->extra, styles_blocks);

  2995. 

  2996. 							/* Check visibility */

  2997. 							if (bl->font_size < 3 ||

  2998. 								bl->font_color.d.comp.alpha < 10) {

  2999. 

  3000. 								bl->visible = FALSE;

  3001. 								msg_debug_html ("tag is not visible");

  3002. 							}

  3003. 

  3004. 							if (!bl->visible) {

  3005. 								state = content_ignore;

  3006. 							}

  3007. 						}

  3008. 					}

  3009. 				}

  3010. 			}

  3011. 			else {

  3012. 				state = content_write;

  3013. 			}

  3014. 

  3015. 

  3016. 			p++;

  3017. 			c = p;

  3018. 			cur_tag = NULL;

  3019. 			break;

  3020. 		}

  3021. 	}

  3022. 

  3023. 	if (hc->html_tags) {

  3024. 		g_node_traverse (hc->html_tags, G_POST_ORDER, G_TRAVERSE_ALL, -1,

  3025. 				rspamd_html_propagate_lengths, NULL);

  3026. 	}

  3027. 

  3028. 	g_queue_free (styles_blocks);

  3029. 

  3030. 	return dest;

  3031. }

  3032. 

  3033. GByteArray*

  3034. rspamd_html_process_part (rspamd_mempool_t *pool,

  3035. 		struct html_content *hc,

  3036. 		GByteArray *in)

  3037. {

  3038. 	return rspamd_html_process_part_full (pool, hc, in, NULL, NULL, NULL);

  3039. }