2 * Output an HTML message, modifying it slightly to make sure it plays nice
3 * with the rest of our web framework.
5 * Copyright (c) 2005-2017 by the citadel.org team
7 * This program is open source software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License, version 3.
10 * This program is distributed in the hope that it will be useful,
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 * GNU General Public License for more details.
20 * Strip surrounding single or double quotes from a string.
22 void stripquotes(char *s)
31 if ( ( (s[0] == '\"') && (s[len-1] == '\"') ) || ( (s[0] == '\'') && (s[len-1] == '\'') ) ) {
39 * Check to see if a META tag has overridden the declared MIME character set.
41 * charset Character set name (left unchanged if we don't do anything)
42 * meta_http_equiv Content of the "http-equiv" portion of the META tag
43 * meta_content Content of the "content" portion of the META tag
45 void extract_charset_from_meta(char *charset, char *meta_http_equiv, char *meta_content)
51 if (!meta_http_equiv) return;
52 if (!meta_content) return;
54 if (strcasecmp(meta_http_equiv, "Content-type")) return;
56 ptr = strchr(meta_content, ';');
59 safestrncpy(buf, ++ptr, sizeof buf);
61 if (!strncasecmp(buf, "charset=", 8)) {
62 strcpy(charset, &buf[8]);
65 * The brain-damaged webmail program in Microsoft Exchange declares
66 * a charset of "unicode" when they really mean "UTF-8". GNU iconv
67 * treats "unicode" as an alias for "UTF-16" so we have to manually
68 * fix this here, otherwise messages generated in Exchange webmail
69 * show up as a big pile of weird characters.
71 if (!strcasecmp(charset, "unicode")) {
72 strcpy(charset, "UTF-8");
75 /* Remove wandering punctuation */
76 if ((ptr=strchr(charset, '\"'))) *ptr = 0;
83 * Sanitize and enhance an HTML message for display.
84 * Also convert weird character sets to UTF-8 if necessary.
85 * Also fixup img src="cid:..." type inline images to fetch the image
88 StrBuf *html2html(const char *supplied_charset, int treat_as_wiki, char *roomname, long msgnum, StrBuf *Source) {
94 StrBuf *converted_msg;
95 int buffer_length = 1;
97 int content_length = 0;
102 int script_start_pos = (-1);
106 StrBuf *BodyArea = NULL;
108 iconv_t ic = (iconv_t)(-1) ;
109 char *ibuf; /* Buffer of characters to be converted */
110 char *obuf; /* Buffer for converted characters */
111 size_t ibuflen; /* Length of input buffer */
112 size_t obuflen; /* Length of output buffer */
113 char *osav; /* Saved pointer to output buffer */
119 StrBuf *Target = NewStrBuf();
120 if (Target == NULL) {
124 safestrncpy(charset, supplied_charset, sizeof charset);
125 sprintf(new_window, "<a target=\"%s\" href=", TARGET);
127 content_length = StrLength(Source);
128 msg = (char*) ChrPtr(Source);
129 buffer_length = content_length;
131 /* Do a first pass to isolate the message body */
134 msgend = &msg[content_length];
136 while (ptr < msgend) {
138 /* Advance to next tag */
139 ptr = strchr(ptr, '<');
140 if ((ptr == NULL) || (ptr >= msgend)) break;
142 if ((ptr == NULL) || (ptr >= msgend)) break;
145 * Look for META tags. Some messages (particularly in
146 * Asian locales) illegally declare a message's character
147 * set in the HTML instead of in the MIME headers. This
148 * is wrong but we have to work around it anyway.
150 if (!strncasecmp(ptr, "META", 4)) {
156 char *meta_http_equiv;
160 meta_start = &ptr[4];
161 meta_end = strchr(ptr, '>');
162 if ((meta_end != NULL) && (meta_end <= msgend)) {
163 meta_length = meta_end - meta_start + 1;
164 meta = malloc(meta_length + 1);
165 safestrncpy(meta, meta_start, meta_length);
166 meta[meta_length] = 0;
168 if (!strncasecmp(meta, "HTTP-EQUIV=", 11)) {
169 meta_http_equiv = strdup(&meta[11]);
170 spaceptr = strchr(meta_http_equiv, ' ');
171 if (spaceptr != NULL) {
173 meta_content = strdup(++spaceptr);
174 if (!strncasecmp(meta_content, "content=", 8)) {
175 strcpy(meta_content, &meta_content[8]);
176 stripquotes(meta_http_equiv);
177 stripquotes(meta_content);
178 extract_charset_from_meta(charset, meta_http_equiv, meta_content);
182 free(meta_http_equiv);
189 * Any of these tags cause everything up to and including
190 * the tag to be removed.
192 if ( (!strncasecmp(ptr, "HTML", 4))
193 ||(!strncasecmp(ptr, "HEAD", 4))
194 ||(!strncasecmp(ptr, "/HEAD", 5))
195 ||(!strncasecmp(ptr, "BODY", 4)) ) {
198 if (!strncasecmp(ptr, "BODY", 4)) {
201 ptr = strchr(ptr, '>');
202 if ((ptr == NULL) || (ptr >= msgend)) break;
203 if ((pBody != NULL) && (ptr - pBody > 4)) {
205 char *cid_start, *cid_end;
209 while ((isspace(*pBody)) && (pBody < ptr))
211 BodyArea = NewStrBufPlain(NULL, ptr - pBody);
214 src = strstr(pBody, "cid:");
218 while ((*cid_end != '"') &&
219 !isspace(*cid_end) &&
223 /* copy tag and attributes up to src="cid: */
224 StrBufAppendBufPlain(BodyArea, pBody, src - pBody, 0);
226 /* add in /webcit/mimepart/<msgno>/CID/
227 trailing / stops dumb URL filters getting excited */
228 StrBufAppendPrintf(BodyArea,
229 "/webcit/mimepart/%ld/",msgnum);
230 StrBufAppendBufPlain(BodyArea, cid_start, cid_end - cid_start, 0);
232 if (ptr - cid_end > 0)
233 StrBufAppendBufPlain(BodyArea,
238 StrBufAppendBufPlain(BodyArea, pBody, ptr - pBody, 0);
243 if ((ptr == NULL) || (ptr >= msgend)) break;
248 * Any of these tags cause everything including and following
249 * the tag to be removed.
251 if ( (!strncasecmp(ptr, "/HTML", 5)) ||(!strncasecmp(ptr, "/BODY", 5)) ) {
259 if (msgstart > msg) {
260 strcpy(msg, msgstart);
263 /* Now go through the message, parsing tags as necessary. */
264 converted_msg = NewStrBufPlain(NULL, content_length + 8192);
266 /* Convert foreign character sets to UTF-8 if necessary. */
267 if ( (strcasecmp(charset, "us-ascii"))
268 && (strcasecmp(charset, "UTF-8"))
269 && (strcasecmp(charset, ""))
271 syslog(LOG_DEBUG, "Converting %s to UTF-8", charset);
272 ctdl_iconv_open("UTF-8", charset, &ic);
273 if (ic == (iconv_t)(-1) ) {
274 syslog(LOG_WARNING, "%s:%d iconv_open() failed: %s", __FILE__, __LINE__, strerror(errno));
277 if (Source == NULL) {
278 if (ic != (iconv_t)(-1) ) {
280 ibuflen = content_length;
281 obuflen = content_length + (content_length / 2) ;
282 obuf = (char *) malloc(obuflen);
284 iconv(ic, &ibuf, &ibuflen, &obuf, &obuflen);
285 content_length = content_length + (content_length / 2) - obuflen;
286 osav[content_length] = 0;
293 if (ic != (iconv_t)(-1) ) {
294 StrBuf *Buf = NewStrBufPlain(NULL, StrLength(Source) + 8096);;
295 StrBufConvert(Source, Buf, &ic);
298 msg = (char*)ChrPtr(Source); /* TODO: get rid of this. */
303 * At this point, the message has been stripped down to
304 * only the content inside the <BODY></BODY> tags, and has
305 * been converted to UTF-8 if it was originally in a foreign
306 * character set. The text is also guaranteed to be null
310 if (converted_msg == NULL) {
311 StrBufAppendPrintf(Target, "Error %d: %s<br>%s:%d", errno, strerror(errno), __FILE__, __LINE__);
315 if (BodyArea != NULL) { // Any attributes that were declared in the <body> tag
316 StrBufAppendBufPlain(converted_msg, HKEY("<div "), 0); // are instead declared in this <div> tag
317 StrBufAppendBuf(converted_msg, BodyArea, 0);
318 StrBufAppendBufPlain(converted_msg, HKEY(">"), 0);
321 msgend = strchr(msg, 0);
322 while (ptr < msgend) {
324 /* Try to sanitize the html of any rogue scripts */
325 if (!strncasecmp(ptr, "<script", 7)) {
326 if (scriptlevel == 0) {
327 script_start_pos = StrLength(converted_msg);
331 if (!strncasecmp(ptr, "</script", 8)) {
336 * Change mailto: links to WebCit mail, by replacing the
337 * link with one that points back to our mail room. Due to
338 * the way we parse URL's, it'll even handle mailto: links
339 * that have "?subject=" in them.
341 if (!strncasecmp(ptr, "<a href=\"mailto:", 16)) {
342 content_length += 64;
343 StrBufAppendPrintf(converted_msg, "<a href=\"display_enter?force_room=_MAIL_?recp="); // FIXME make compatible with webcit-ng
348 /* Make external links open in a separate window */
349 else if (!strncasecmp(ptr, "<a href=\"", 9)) {
352 if ( ((strchr(ptr, ':') < strchr(ptr, '/'))) && ((strchr(ptr, '/') < strchr(ptr, '>')))) {
353 /* open external links to new window */
354 StrBufAppendPrintf(converted_msg, new_window);
359 && (strncasecmp(ptr, "<a href=\"wiki?", 14))
360 && (strncasecmp(ptr, "<a href=\"dotgoto?", 17))
361 && (strncasecmp(ptr, "<a href=\"knrooms?", 17))
363 content_length += 64;
364 StrBufAppendPrintf(converted_msg, "<a href=\"wiki?go=");
365 //StrBufUrlescAppend(converted_msg, "FIXME ROOM NAME", NULL); // FIXME make compatible with webcit-ng
366 StrBufAppendPrintf(converted_msg, "?page=");
370 StrBufAppendPrintf(converted_msg, "<a href=\"");
374 /* Fixup <img src="cid:... ...> to fetch the mime part */
375 else if (!strncasecmp(ptr, "<img ", 5)) {
376 char *cid_start, *cid_end;
377 char* tag_end=strchr(ptr,'>');
379 /* FIXME - handle this situation (maybe someone opened an <img cid...
380 * and then ended the message)
383 syslog(LOG_DEBUG, "tag_end is null and ptr is:");
384 syslog(LOG_DEBUG, "%s", ptr);
385 syslog(LOG_DEBUG, "Theoretical bytes remaining: %d", (int)(msgend - ptr));
388 src=strstr(ptr, "src=\"cid:");
394 && (cid_start=strchr(src,':'))
395 && (cid_end=strchr(cid_start,'"'))
396 && (cid_end < tag_end)
398 /* copy tag and attributes up to src="cid: */
399 StrBufAppendBufPlain(converted_msg, ptr, src - ptr, 0);
402 /* add in /webcit/mimepart/<msgno>/CID/
403 trailing / stops dumb URL filters getting excited */
404 StrBufAppendPrintf(converted_msg, " src=\"/ctdl/r/");
405 StrBufXMLEscAppend(converted_msg, NULL, roomname, strlen(roomname), 0);
406 syslog(LOG_DEBUG, "room name is '%s'", roomname);
407 StrBufAppendPrintf(converted_msg, "/%ld/",msgnum);
408 StrBufAppendBufPlain(converted_msg, cid_start, cid_end - cid_start, 0);
409 StrBufAppendBufPlain(converted_msg, "\"", -1, 0);
412 StrBufAppendBufPlain(converted_msg, ptr, tag_end - ptr, 0);
417 * Turn anything that looks like a URL into a real link, as long
418 * as it's not inside a tag already
420 else if ( (brak == 0) && (alevel == 0) &&
421 ( (!strncasecmp(ptr, "http://", 7)) ||
422 (!strncasecmp(ptr, "https://", 8)))) {
423 /* Find the end of the link */
427 strlenptr = strlen(ptr);
428 for (i=0; i<=strlenptr; ++i) {
444 if ((ptr[i+2] ==';') ||
451 if (linklen > 0) break;
460 linkedchar = ptr[len];
462 /* spot for some subject strings tinymce tends to give us. */
463 ltreviewptr = strchr(ptr, '<');
464 if (ltreviewptr != NULL) {
466 linklen = ltreviewptr - ptr;
469 nbspreviewptr = strstr(ptr, " ");
470 if (nbspreviewptr != NULL) {
471 /* nbspreviewptr = '\0'; */
472 linklen = nbspreviewptr - ptr;
474 if (ltreviewptr != 0)
477 ptr[len] = linkedchar;
479 content_length += (32 + linklen);
480 StrBufAppendPrintf(converted_msg, "%s\"", new_window);
481 StrBufAppendBufPlain(converted_msg, ptr, linklen, 0);
482 StrBufAppendPrintf(converted_msg, "\">");
483 StrBufAppendBufPlain(converted_msg, ptr, linklen, 0);
485 StrBufAppendPrintf(converted_msg, "</a>");
489 StrBufAppendBufPlain(converted_msg, ptr, 1, 0);
493 if ((ptr >= msg) && (ptr <= msgend)) {
495 * We need to know when we're inside a tag,
496 * so we don't turn things that look like URL's into
497 * links, when they're already links - or image sources.
499 if ((ptr > msg) && (*(ptr-1) == '<')) {
502 if ((ptr > msg) && (*(ptr-1) == '>')) {
504 if ((scriptlevel == 0) && (script_start_pos >= 0)) {
505 StrBufCutRight(converted_msg, StrLength(converted_msg) - script_start_pos);
506 script_start_pos = (-1);
509 if (!strncasecmp(ptr, "</a>", 3)) --alevel;
513 if (BodyArea != NULL) {
514 StrBufAppendBufPlain(converted_msg, HKEY("</div>"), 0); // Close the div where we declared attributes copied
515 FreeStrBuf(&BodyArea); // from the original <body> tag
518 /* uncomment these two lines to override conversion */
519 /* memcpy(converted_msg, msg, content_length); */
520 /* output_length = content_length; */
522 /* Output our big pile of markup */
523 StrBufAppendBuf(Target, converted_msg, 0);
525 BAIL: /* A little trailing vertical whitespace... */
526 StrBufAppendPrintf(Target, "<br>\n");
528 /* Now give back the memory */
529 FreeStrBuf(&converted_msg);
530 if ((msg != NULL) && (Source == NULL)) free(msg);
536 * Look for URL's embedded in a buffer and make them linkable. We use a
537 * target window in order to keep the Citadel session in its own window.
539 void UrlizeText(StrBuf* Target, StrBuf *Source, StrBuf *WrkBuf)
541 int len, UrlLen, Offset, TrailerLen;
542 const char *start, *end, *pos;
546 len = StrLength(Source);
547 end = ChrPtr(Source) + len;
548 for (pos = ChrPtr(Source); (pos < end) && (start == NULL); ++pos) {
549 if (!strncasecmp(pos, "http://", 7))
551 else if (!strncasecmp(pos, "ftp://", 6))
556 StrBufAppendBuf(Target, Source, 0);
561 for (pos = ChrPtr(Source) + len; pos > start; --pos) {
562 if ( (!isprint(*pos))
581 UrlLen = end - start;
582 StrBufAppendBufPlain(WrkBuf, start, UrlLen, 0);
584 Offset = start - ChrPtr(Source);
586 StrBufAppendBufPlain(Target, ChrPtr(Source), Offset, 0);
587 StrBufAppendPrintf(Target, "%ca href=%c%s%c TARGET=%c%s%c%c%s%c/A%c",
588 LB, QU, ChrPtr(WrkBuf), QU, QU, TARGET,
589 QU, RB, ChrPtr(WrkBuf), LB, RB);
591 TrailerLen = StrLength(Source) - (end - ChrPtr(Source));
593 StrBufAppendBufPlain(Target, end, TrailerLen, 0);
597 void url(char *buf, size_t bufsize)
599 int len, UrlLen, Offset, TrailerLen, outpos;
600 char *start, *end, *pos;
607 syslog(LOG_WARNING, "URL: content longer than buffer!");
611 for (pos = buf; (pos < end) && (start == NULL); ++pos) {
612 if (!strncasecmp(pos, "http://", 7))
614 if (!strncasecmp(pos, "ftp://", 6))
621 for (pos = buf+len; pos > start; --pos) {
622 if ( (!isprint(*pos))
641 UrlLen = end - start;
642 if (UrlLen > sizeof(urlbuf)){
643 syslog(LOG_WARNING, "URL: content longer than buffer!");
646 memcpy(urlbuf, start, UrlLen);
647 urlbuf[UrlLen] = '\0';
649 Offset = start - buf;
650 if ((Offset != 0) && (Offset < sizeof(outbuf)))
651 memcpy(outbuf, buf, Offset);
652 outpos = snprintf(&outbuf[Offset], sizeof(outbuf) - Offset,
653 "%ca href=%c%s%c TARGET=%c%s%c%c%s%c/A%c",
654 LB, QU, urlbuf, QU, QU, TARGET, QU, RB, urlbuf, LB, RB);
655 if (outpos >= sizeof(outbuf) - Offset) {
656 syslog(LOG_WARNING, "URL: content longer than buffer!");
660 TrailerLen = len - (end - start);
662 memcpy(outbuf + Offset + outpos, end, TrailerLen);
663 if (Offset + outpos + TrailerLen > bufsize) {
664 syslog(LOG_WARNING, "URL: content longer than buffer!");
667 memcpy (buf, outbuf, Offset + outpos + TrailerLen);
668 *(buf + Offset + outpos + TrailerLen) = '\0';