Remove all <script*>*</script>

messageviewer/src/htmlwriter/autotests/CMakeLists.txt

@@ -3,3 +3,13 @@ ecm_add_test(webengineembedparttest.cpp  ../webengineembedpart.cpp
     NAME_PREFIX "messageviewer-webengine-"
     LINK_LIBRARIES Qt5::Test Qt5::Core
     )
+
+set(webengineparthtmlwritertestdebug_SRCS)
+ecm_qt_declare_logging_category(webengineparthtmlwritertestdebug_SRCS HEADER messageviewer_debug.h IDENTIFIER MESSAGEVIEWER_LOG CATEGORY_NAME org.kde.pim.messageviewer)
+
+
+ecm_add_test(webengineparthtmlwritertest.cpp  ../webengineembedpart.cpp ../webengineparthtmlwriter.cpp ${webengineparthtmlwritertestdebug_SRCS}
+    TEST_NAME webengineparthtmlwritertest
+    NAME_PREFIX "messageviewer-webengine-"
+    LINK_LIBRARIES Qt5::Test Qt5::Core KF5::MimeTreeParser KF5::MessageViewer Qt5::WebKitWidgets KF5::WebEngineViewer
+    )

messageviewer/src/htmlwriter/autotests/webengineparthtmlwritertest.cpp

@@ -0,0 +1,52 @@
+/*
+  Copyright (c) 2016 Montel Laurent <montel@kde.org>
+
+  This program is free software; you can redistribute it and/or modify it
+  under the terms of the GNU General Public License, version 2, as
+  published by the Free Software Foundation.
+
+  This program is distributed in the hope that it will be useful, but
+  WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+  General Public License for more details.
+
+  You should have received a copy of the GNU General Public License along
+  with this program; if not, write to the Free Software Foundation, Inc.,
+  51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
+*/
+
+#include "webengineparthtmlwritertest.h"
+#include "../webengineparthtmlwriter.h"
+
+#include <QTest>
+
+WebEnginePartHtmlWriterTest::WebEnginePartHtmlWriterTest(QObject *parent)
+    : QObject(parent)
+{
+
+}
+
+WebEnginePartHtmlWriterTest::~WebEnginePartHtmlWriterTest()
+{
+
+}
+
+void WebEnginePartHtmlWriterTest::removeScriptInHtml_data()
+{
+    QTest::addColumn<QString>("input");
+    QTest::addColumn<QString>("output");
+    QTest::newRow("noscript") << QStringLiteral("<a>boo</a>") << QStringLiteral("<a>boo</a>");
+    QTest::newRow("onescript") << QStringLiteral("<a>boo<script>alert(1)</script></a>") << QStringLiteral("<a>boo</a>");
+    QTest::newRow("onescriptwithattribute") << QStringLiteral("<a>boo<script type=\"foo\">alert(1)</script></a>") << QStringLiteral("<a>boo</a>");
+    QTest::newRow("severalscriptwithattribute") << QStringLiteral("<p>foo</p><script>a</script><a>boo<script type=\"foo\">alert(1)</script></a>") << QStringLiteral("<p>foo</p><a>boo</a>");
+    QTest::newRow("empty") << QString() << QString();
+}
+
+void WebEnginePartHtmlWriterTest::removeScriptInHtml()
+{
+    QFETCH (QString, input);
+    QFETCH (QString, output);
+    QCOMPARE(MessageViewer::WebEnginePartHtmlWriter::removeJscripts(input), output);
+}
+
+QTEST_MAIN(WebEnginePartHtmlWriterTest)

messageviewer/src/htmlwriter/autotests/webengineparthtmlwritertest.h

@@ -0,0 +1,34 @@
+/*
+  Copyright (c) 2016 Montel Laurent <montel@kde.org>
+
+  This program is free software; you can redistribute it and/or modify it
+  under the terms of the GNU General Public License, version 2, as
+  published by the Free Software Foundation.
+
+  This program is distributed in the hope that it will be useful, but
+  WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+  General Public License for more details.
+
+  You should have received a copy of the GNU General Public License along
+  with this program; if not, write to the Free Software Foundation, Inc.,
+  51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
+*/
+
+#ifndef WEBENGINEPARTHTMLWRITERTEST_H
+#define WEBENGINEPARTHTMLWRITERTEST_H
+
+#include <QObject>
+
+class WebEnginePartHtmlWriterTest : public QObject
+{
+    Q_OBJECT
+public:
+    explicit WebEnginePartHtmlWriterTest(QObject *parent = Q_NULLPTR);
+    ~WebEnginePartHtmlWriterTest();
+private Q_SLOTS:
+    void removeScriptInHtml_data();
+    void removeScriptInHtml();
+};
+
+#endif // WEBENGINEPARTHTMLWRITERTEST_H

messageviewer/src/htmlwriter/webengineparthtmlwriter.cpp

@@ -61,7 +61,7 @@ void WebEnginePartHtmlWriter::end()
         insertExtraHead();
         mExtraHead.clear();
     }
-    removeJscripts();
+    mHtml = removeJscripts(mHtml);
     mHtmlView->setHtml(mHtml, QUrl(QStringLiteral("file:///")));
     mHtmlView->show();
     mHtml.clear();
@@ -72,10 +72,10 @@ void WebEnginePartHtmlWriter::end()
     Q_EMIT finished();
 }
 
-void WebEnginePartHtmlWriter::removeJscripts()
+QString WebEnginePartHtmlWriter::removeJscripts(QString str)
 {
-    const QRegularExpression reg(QStringLiteral("<script>.*</script>"));
-    mHtml.remove(reg);
+    const QRegularExpression reg(QStringLiteral("<script[^>]*>.*?</script>"));
+    return str.remove(reg);
 }
 
 void WebEnginePartHtmlWriter::reset()

messageviewer/src/htmlwriter/webengineparthtmlwriter.h

@@ -47,14 +47,16 @@ class WebEnginePartHtmlWriter : public QObject, public MimeTreeParser::HtmlWrite
     void flush() Q_DECL_OVERRIDE;
     void embedPart(const QByteArray &contentId, const QString &url) Q_DECL_OVERRIDE;
     void extraHead(const QString &str) Q_DECL_OVERRIDE;
+
+    static QString removeJscripts(QString str);
+
 Q_SIGNALS:
     void finished();
 
 private:
     void insertExtraHead();
 
 private:
-    void removeJscripts();
     MailWebEngineView *mHtmlView;
     QString mHtml;
     QString mExtraHead;