version 1.289, 2014/01/15 18:49:56
|
version 1.292, 2014/08/03 13:52:59
|
Line 468 Currently undocumented
|
Line 468 Currently undocumented
|
######################################### |
######################################### |
######################################### |
######################################### |
sub set_allow { |
sub set_allow { |
my ($allow,$logfile,$target,$tag,$oldurl)=@_; |
my ($allow,$logfile,$target,$tag,$oldurl,$type)=@_; |
my $newurl=&urlfixup($oldurl,$target); |
my $newurl=&urlfixup($oldurl,$target); |
my $return_url=$oldurl; |
my $return_url=$oldurl; |
print $logfile 'GUYURL: '.$tag.':'.$oldurl.' - '.$newurl."\n"; |
print $logfile 'GUYURL: '.$tag.':'.$oldurl.' - '.$newurl."\n"; |
Line 480 sub set_allow {
|
Line 480 sub set_allow {
|
($newurl !~ /^mailto:/i) && |
($newurl !~ /^mailto:/i) && |
($newurl !~ /^(?:http|https|ftp):/i) && |
($newurl !~ /^(?:http|https|ftp):/i) && |
($newurl !~ /^\#/)) { |
($newurl !~ /^\#/)) { |
|
if (($type eq 'src') || ($type eq 'href')) { |
|
if ($newurl =~ /^([^?]+)\?[^?]*$/) { |
|
$newurl = $1; |
|
} |
|
} |
$$allow{&absoluteurl($newurl,$target)}=1; |
$$allow{&absoluteurl($newurl,$target)}=1; |
} |
} |
return $return_url; |
return $return_url; |
Line 721 sub fix_ids_and_indices {
|
Line 726 sub fix_ids_and_indices {
|
foreach my $type ('src','href','background','bgimg') { |
foreach my $type ('src','href','background','bgimg') { |
foreach my $key (keys(%parms)) { |
foreach my $key (keys(%parms)) { |
if ($key =~ /^$type$/i) { |
if ($key =~ /^$type$/i) { |
|
next if (($lctag eq 'img') && ($type eq 'src') && |
|
($parms{$key} =~ m{^data\:image/gif;base64,})); |
$parms{$key}=&set_allow(\%allow,$logfile, |
$parms{$key}=&set_allow(\%allow,$logfile, |
$target,$tag, |
$target,$tag, |
$parms{$key}); |
$parms{$key},$type); |
} |
} |
} |
} |
} |
} |
Line 836 sub fix_ids_and_indices {
|
Line 843 sub fix_ids_and_indices {
|
} |
} |
} |
} |
} |
} |
$outstring .= $script |
if ($script =~ /\(document,\s*(['"])script\1,\s*\[([^\]]+)\]\);/s) { |
|
my $scriptslist = $2; |
|
my @srcs = split(/\s*,\s*/,$scriptslist); |
|
foreach my $src (@srcs) { |
|
if ($src =~ /(["'])(?:(?!\1).)+\.js\1/) { |
|
my $quote = $1; |
|
my ($url) = ($src =~ m/\Q$quote\E([^$quote]+)\Q$quote\E/); |
|
$url = &urlfixup($url); |
|
unless ($url=~m{^(?:http|https|ftp)://}) { |
|
$allow{&absoluteurl($url,$target)}=1; |
|
} |
|
} |
|
} |
|
} |
|
$outstring .= $script; |
} |
} |
} |
} |
} elsif ($token->[0] eq 'E') { |
} elsif ($token->[0] eq 'E') { |