diff options
author | Patrick Griffis <tingping@tingping.se> | 2021-12-22 11:50:36 -0600 |
---|---|---|
committer | Patrick Griffis <tingping@tingping.se> | 2021-12-22 11:50:36 -0600 |
commit | ba5d79b496d0f7d2c01626a90c2de934eb918a10 (patch) | |
tree | cf3464414e5d0268afa4825d74558bd57bd0682b /src | |
parent | 7c27dcd5243b59d3da425ea0b5c25097c32b090c (diff) |
Be smarter about conditionally escaping URIs that are opened
Fixes #2659
Diffstat (limited to 'src')
-rw-r--r-- | src/fe-gtk/fe-gtk.c | 44 |
1 files changed, 42 insertions, 2 deletions
diff --git a/src/fe-gtk/fe-gtk.c b/src/fe-gtk/fe-gtk.c index 3d3c8052..285ba42b 100644 --- a/src/fe-gtk/fe-gtk.c +++ b/src/fe-gtk/fe-gtk.c @@ -1054,6 +1054,46 @@ osx_show_uri (const char *url) #endif +static inline char * +escape_uri (const char *uri) +{ + return g_uri_escape_string(uri, G_URI_RESERVED_CHARS_GENERIC_DELIMITERS G_URI_RESERVED_CHARS_SUBCOMPONENT_DELIMITERS, FALSE); +} + +static inline gboolean +uri_contains_forbidden_characters (const char *uri) +{ + while (*uri) + { + /* This is not an exhaustive list, the full URI has segments that allow characters like "[]:" for example. */ + if (strchr ("`<> ${}\"+", *uri) != NULL || (*uri & 0x80) /* non-ascii */) + return TRUE; + uri++; + } + + return FALSE; +} + +static char * +maybe_escape_uri (const char *uri) +{ + /* There isn't an exact way to know if a string has already been escaped or not + * so we can try some heuristics. */ + + /* If we find characters that should clearly be escaped. */ + if (uri_contains_forbidden_characters (uri)) + return escape_uri (uri); + + /* If it fails to be unescaped then it was not escaped. */ + char *unescaped = g_uri_unescape_string (uri, NULL); + if (!unescaped) + return escape_uri (uri); + g_free (unescaped); + + /* At this point it is probably safe to pass through as-is. */ + return g_strdup (uri); +} + static void fe_open_url_inner (const char *url) { @@ -1071,8 +1111,8 @@ fe_open_url_inner (const char *url) #elif defined(__APPLE__) osx_show_uri (url); #else - char *escaped_url = g_uri_escape_string (url, G_URI_RESERVED_CHARS_GENERIC_DELIMITERS G_URI_RESERVED_CHARS_SUBCOMPONENT_DELIMITERS, - FALSE); + char *escaped_url = maybe_escape_uri (url); + g_debug ("Opening URL \"%s\" (%s)", escaped_url, url); gtk_show_uri (NULL, escaped_url, GDK_CURRENT_TIME, NULL); g_free (escaped_url); #endif |