axiomsync 1.0.0

Core data-processing engine for AxiomSync local retrieval runtime.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112

use pulldown_cmark::{CowStr, Event, Options, Parser, Tag, html};

#[must_use]
pub fn render_markdown_html(content: &str) -> String {
    let mut options = Options::empty();
    options.insert(Options::ENABLE_TABLES);
    options.insert(Options::ENABLE_STRIKETHROUGH);
    options.insert(Options::ENABLE_TASKLISTS);
    options.insert(Options::ENABLE_FOOTNOTES);

    let parser = Parser::new_ext(content, options).map(|event| match event {
        Event::Start(Tag::Link {
            link_type,
            dest_url,
            title,
            id,
        }) => Event::Start(Tag::Link {
            link_type,
            dest_url: sanitize_link_destination(dest_url),
            title,
            id,
        }),
        Event::Start(Tag::Image {
            link_type,
            dest_url,
            title,
            id,
        }) => Event::Start(Tag::Image {
            link_type,
            dest_url: sanitize_image_source(dest_url),
            title,
            id,
        }),
        Event::Html(raw) | Event::InlineHtml(raw) => Event::Text(CowStr::from(raw.into_string())),
        other => other,
    });

    let mut output = String::new();
    html::push_html(&mut output, parser);
    output
}

fn sanitize_link_destination(dest_url: CowStr<'_>) -> CowStr<'static> {
    let value = dest_url.into_string();
    if is_safe_destination(&value, true) {
        CowStr::from(value)
    } else {
        CowStr::from("#")
    }
}

fn sanitize_image_source(dest_url: CowStr<'_>) -> CowStr<'static> {
    let value = dest_url.into_string();
    if is_safe_destination(&value, false) {
        CowStr::from(value)
    } else {
        CowStr::from("")
    }
}

fn is_safe_destination(value: &str, allow_mailto: bool) -> bool {
    let trimmed = value.trim();
    if trimmed.is_empty() {
        return true;
    }

    let lower = trimmed.to_ascii_lowercase();
    if lower.starts_with("//") {
        return false;
    }
    if lower.starts_with('#')
        || lower.starts_with('/')
        || lower.starts_with("./")
        || lower.starts_with("../")
    {
        return true;
    }
    if lower.starts_with("http://")
        || lower.starts_with("https://")
        || lower.starts_with("axiom://")
        || (allow_mailto && lower.starts_with("mailto:"))
    {
        return true;
    }

    !lower.contains(':')
}

#[cfg(test)]
mod tests {
    use super::render_markdown_html;

    #[test]
    fn render_markdown_html_strips_raw_html() {
        let rendered = render_markdown_html("Hello<script>alert(1)</script>");
        assert!(!rendered.contains("<script>"));
        assert!(rendered.contains("alert(1)"));
    }

    #[test]
    fn render_markdown_html_sanitizes_javascript_links() {
        let rendered = render_markdown_html("[bad](javascript:alert(1))");
        assert!(rendered.contains("href=\"#\""));
        assert!(!rendered.contains("javascript:"));
    }

    #[test]
    fn render_markdown_html_preserves_safe_links() {
        let rendered = render_markdown_html("[ok](https://example.com)");
        assert!(rendered.contains("href=\"https://example.com\""));
    }
}