Halaman utama Jelajahi Bantuan
Masuk
LBP
/
miniflux_v2
cermin dari https://github.com/miniflux/v2.git
4
0
Fork 0
Berkas Masalah 0 Wiki
Pohon: 2.3.0
Ranting Tag
miniflux_v2
/
internal
/
reader
/
sanitizer
/
url.go

url.go 1.5 KB
Permalink Riwayat Mentahan

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273 
  1. // SPDX-FileCopyrightText: Copyright The Miniflux Authors. All rights reserved.
    2. 

  2. // SPDX-License-Identifier: Apache-2.0
    3. 

  3. 

  4. package sanitizer // import "miniflux.app/v2/internal/reader/sanitizer"
    5. 

  5. 

  6. import "strings"
    7. 

  7. 

  8. // validURISchemes is the allowlist for URLs in sanitized feed body content.
    9. 

  9. // It is intentionally broad; stricter surfaces (redirects, template hrefs)
    10. 

  10. // should use urllib.IsAbsoluteURL / urllib.IsRelativePath instead.
    11. 

  11. //
    12. 

  12. // See https://www.iana.org/assignments/uri-schemes/uri-schemes.xhtml
    13. 

  13. var validURISchemes = []string{
    14. 

  14. 	// Most commong schemes on top.
    15. 

  15. 	"https",
    16. 

  16. 	"http",
    17. 

  17. 

  18. 	// Then the rest.
    19. 

  19. 	"apt",
    20. 

  20. 	"bitcoin",
    21. 

  21. 	"callto",
    22. 

  22. 	"dav",
    23. 

  23. 	"davs",
    24. 

  24. 	"ed2k",
    25. 

  25. 	"facetime",
    26. 

  26. 	"feed",
    27. 

  27. 	"ftp",
    28. 

  28. 	"geo",
    29. 

  29. 	"git",
    30. 

  30. 	"gopher",
    31. 

  31. 	"irc",
    32. 

  32. 	"irc6",
    33. 

  33. 	"ircs",
    34. 

  34. 	"itms-apps",
    35. 

  35. 	"itms",
    36. 

  36. 	"magnet",
    37. 

  37. 	"mailto",
    38. 

  38. 	"news",
    39. 

  39. 	"nntp",
    40. 

  40. 	"rtmp",
    41. 

  41. 	"sftp",
    42. 

  42. 	"sip",
    43. 

  43. 	"sips",
    44. 

  44. 	"shortcuts",
    45. 

  45. 	"skype",
    46. 

  46. 	"spotify",
    47. 

  47. 	"ssh",
    48. 

  48. 	"steam",
    49. 

  49. 	"svn",
    50. 

  50. 	"svn+ssh",
    51. 

  51. 	"tel",
    52. 

  52. 	"webcal",
    53. 

  53. 	"xmpp",
    54. 

  54. 

  55. 	// iOS Apps
    56. 

  56. 	"opener", // https://www.opener.link
    57. 

  57. 	"hack",   // https://apps.apple.com/it/app/hack-for-hacker-news-reader/id1464477788?l=en-GB
    58. 

  58. }
    59. 

  59. 

  60. // HasValidURIScheme reports whether the URL begins with an allowed scheme.
    61. 

  61. // The scheme comparison is case-insensitive per RFC 3986 §3.1.
    62. 

  62. func HasValidURIScheme(absoluteURL string) bool {
    63. 

  63. 	scheme, _, ok := strings.Cut(absoluteURL, ":")
    64. 

  64. 	if !ok || scheme == "" {
    65. 

  65. 		return false
    66. 

  66. 	}
    67. 

  67. 	for _, validScheme := range validURISchemes {
    68. 

  68. 		if strings.EqualFold(scheme, validScheme) {
    69. 

  69. 			return true
    70. 

  70. 		}
    71. 

  71. 	}
    72. 

  72. 	return false
    73. 

  73. }
    74.