changelog_bot (changelog_bot) wrote in changelog,
changelog_bot
changelog_bot
changelog

[livejournal] r13710: Support for blocking potentially dangero...

Committer: sup
Support for blocking potentially dangerous links in users' posts/comments

U   trunk/cgi-bin/cleanhtml.pl
A   trunk/htdocs/misc/blockedlink.bml
A   trunk/htdocs/misc/blockedlink.bml.text
Modified: trunk/cgi-bin/cleanhtml.pl
===================================================================
--- trunk/cgi-bin/cleanhtml.pl	2008-03-27 13:55:41 UTC (rev 13709)
+++ trunk/cgi-bin/cleanhtml.pl	2008-03-31 12:41:22 UTC (rev 13710)
@@ -54,6 +54,8 @@
 #        'extractimages' => 1, # placeholder images
 #        'transform_embed_nocheck' => 1, # do not do checks on object/embed tag transforming
 #        'transform_embed_wmode' => <value>, # define a wmode value for videos (usually 'transparent' is the value you want)
+#        'blocked_links' => [ qr/evil\.com/, qw/spammer\.com/ ], # list of sites which URL's will be blocked
+#        'blocked_link_substitute' => 'http://domain.com/error.html' # blocked links will be replaced by this URL
 #     });
 
 sub helper_preload
@@ -129,9 +131,12 @@
     my $remove_colors = $opts->{'remove_colors'} || 0;
     my $remove_sizes = $opts->{'remove_sizes'} || 0;
     my $remove_fonts = $opts->{'remove_fonts'} || 0;
-
+    my $blocked_links = (exists $opts->{'blocked_links'}) ? $opts->{'blocked_links'} : \@LJ::BLOCKED_LINKS;
+    my $blocked_link_substitute = 
+        (exists $opts->{'blocked_link_substitute'}) ? $opts->{'blocked_link_substitute'} :
+        ($LJ::BLOCKED_LINK_SUBSTITUTE) ? $LJ::BLOCKED_LINK_SUBSTITUTE : '#';
+        
     my @canonical_urls; # extracted links
-
     my %action = ();
     my %remove = ();
     if (ref $opts->{'eat'} eq "ARRAY") {
@@ -158,7 +163,6 @@
     }
 
     my @attrstrip = qw();
-
     # cleancss means clean annoying css
     # clean_js_css means clean javascript from css
     if ($opts->{'cleancss'}) {
@@ -640,6 +644,17 @@
                     }
                 }
                 if (exists $hash->{href}) {
+                    ## links to some resources will be completely blocked
+                    ## and replaced by value of 'blocked_link_substitute' param
+                    if ($blocked_links) {
+                        foreach my $re (@$blocked_links) {
+                            if ($hash->{href} =~ $re) {
+                                $hash->{href} = $blocked_link_substitute;
+                                last;
+                            }
+                        }
+                    }
+                    
                     unless ($hash->{href} =~ s/^lj:(?:\/\/)?(.*)$/ExpandLJURL($1)/ei) {
                         $hash->{href} = canonical_url($hash->{href}, 1);
                     }

Added: trunk/htdocs/misc/blockedlink.bml
===================================================================
--- trunk/htdocs/misc/blockedlink.bml	2008-03-27 13:55:41 UTC (rev 13709)
+++ trunk/htdocs/misc/blockedlink.bml	2008-03-31 12:41:22 UTC (rev 13710)
@@ -0,0 +1,5 @@
+<?page
+title=><?_ml .title _ml?>
+body=><?_ml .link_was_blocked _ml?>
+page?>
+

Added: trunk/htdocs/misc/blockedlink.bml.text
===================================================================
--- trunk/htdocs/misc/blockedlink.bml.text	2008-03-27 13:55:41 UTC (rev 13709)
+++ trunk/htdocs/misc/blockedlink.bml.text	2008-03-31 12:41:22 UTC (rev 13710)
@@ -0,0 +1,3 @@
+.link_was_blocked=The original link was blocked for security reasons
+
+.title=Blocked link

Subscribe

  • Post a new comment

    Error

    Anonymous comments are disabled in this journal

    default userpic

    Your reply will be screened

    Your IP address will be recorded 

  • 3 comments