Remove script when we have multiline

KDE · Sep 30, 2016 · fb1be09 · fb1be09
1 parent 7797658
commit fb1be09
Show file tree

Hide file tree

Showing 2 changed files with 25 additions and 3 deletions.
diff --git a/messageviewer/src/htmlwriter/autotests/webengineparthtmlwritertest.cpp b/messageviewer/src/htmlwriter/autotests/webengineparthtmlwritertest.cpp
@@ -39,10 +39,15 @@ void WebEnginePartHtmlWriterTest::removeScriptInHtml_data()
     QTest::newRow("onescript") << QStringLiteral("<a>boo<script>alert(1)</script></a>") << QStringLiteral("<a>boo</a>");
     QTest::newRow("onescriptwithattribute") << QStringLiteral("<a>boo<script type=\"foo\">alert(1)</script></a>") << QStringLiteral("<a>boo</a>");
     QTest::newRow("severalscriptwithattribute") << QStringLiteral("<p>foo</p><script>a</script><a>boo<script type=\"foo\">alert(1)</script></a>") << QStringLiteral("<p>foo</p><a>boo</a>");
-    //Need to fix it/.QTest::newRow("multiline") << QStringLiteral("<script>\nalert(1)</script>") << QString();
     QTest::newRow("scriptwithspace") << QStringLiteral("<a>boo<script type=\"foo\" >alert(1)</script ></a>") << QStringLiteral("<a>boo</a>");
     QTest::newRow("scriptwithremoveaccess") << QStringLiteral("<a>boo<script src=\"http://foo\"/></a>") << QStringLiteral("<a>boo</a>");
     QTest::newRow("empty") << QString() << QString();
+
+    //MultiLine
+    QTest::newRow("multiline") << QStringLiteral("<a>boo<script>\nalert(1)</script></a>") << QStringLiteral("<a>boo</a>");
+    QTest::newRow("multiline-scriptwithspace") << QStringLiteral("<a>boo<script type=\"foo\" >\nalert(1)\n</script ></a>") << QStringLiteral("<a>boo</a>");
+    QTest::newRow("multiline-severalscriptwithattribute") << QStringLiteral("<p>foo</p><script>\na\n</script><a>boo<script type=\"foo\">\nalert(1)</script></a>") << QStringLiteral("<p>foo</p><a>boo</a>");
+    QTest::newRow("multiline-scriptwithspace") << QStringLiteral("<a>boo<script type=\"foo\" >\nalert(1)\nbla\nsl</script ></a>") << QStringLiteral("<a>boo</a>");
 }
 
 void WebEnginePartHtmlWriterTest::removeScriptInHtml()

diff --git a/messageviewer/src/htmlwriter/webengineparthtmlwriter.cpp b/messageviewer/src/htmlwriter/webengineparthtmlwriter.cpp
@@ -76,10 +76,27 @@ QString WebEnginePartHtmlWriter::removeJscripts(QString str)
 {
     //Remove regular <script>...</script>
     const QRegularExpression regScript(QStringLiteral("<script[^>]*>.*?</script\\s*>"));
-    str = str.remove(regScript);
+    str.remove(regScript);
     //Remove string as <script src=http://.../>
     const QRegularExpression regScript2(QStringLiteral("<script[^>]*/>"));
-    str = str.remove(regScript2);
+    str.remove(regScript2);
+    const QRegularExpression regScriptStart(QStringLiteral("<script[^>]*>"));
+    const QRegularExpression regScriptEnd(QStringLiteral("</script\\s*>"));
+    int indexStartScriptFound = -1;
+    int indexEndScriptFound = -1;
+    int scriptIndexPos = 0;
+    QRegularExpressionMatch matchScriptStart;
+    QRegularExpressionMatch matchScriptEnd;
+    while ((indexStartScriptFound = str.indexOf(regScriptStart, scriptIndexPos, &matchScriptStart)) != -1) {
+        indexEndScriptFound = str.indexOf(regScriptEnd, indexStartScriptFound + matchScriptStart.capturedLength(), &matchScriptEnd);
+        if (indexEndScriptFound != -1) {
+            str.remove(indexStartScriptFound, (indexEndScriptFound + matchScriptEnd.capturedLength() - indexStartScriptFound));
+        } else {
+            qCWarning(MESSAGEVIEWER_LOG) << "no end script tag";
+            break;
+        }
+        scriptIndexPos = indexStartScriptFound;
+    }
     return str;
 }