]> git.cameronkatri.com Git - mandoc.git/blob - html.c
Security fix to prevent XSS attacks:
[mandoc.git] / html.c
1 /* $Id: html.c,v 1.157 2014/04/23 16:08:33 schwarze Exp $ */
2 /*
3 * Copyright (c) 2008, 2009, 2010, 2011 Kristaps Dzonsons <kristaps@bsd.lv>
4 * Copyright (c) 2011, 2012, 2013, 2014 Ingo Schwarze <schwarze@openbsd.org>
5 *
6 * Permission to use, copy, modify, and distribute this software for any
7 * purpose with or without fee is hereby granted, provided that the above
8 * copyright notice and this permission notice appear in all copies.
9 *
10 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
11 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
12 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
13 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
14 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
15 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
16 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17 */
18 #ifdef HAVE_CONFIG_H
19 #include "config.h"
20 #endif
21
22 #include <sys/types.h>
23
24 #include <assert.h>
25 #include <ctype.h>
26 #include <stdarg.h>
27 #include <stdio.h>
28 #include <stdint.h>
29 #include <stdlib.h>
30 #include <string.h>
31 #include <unistd.h>
32
33 #include "mandoc.h"
34 #include "mandoc_aux.h"
35 #include "libmandoc.h"
36 #include "out.h"
37 #include "html.h"
38 #include "main.h"
39
40 struct htmldata {
41 const char *name;
42 int flags;
43 #define HTML_CLRLINE (1 << 0)
44 #define HTML_NOSTACK (1 << 1)
45 #define HTML_AUTOCLOSE (1 << 2) /* Tag has auto-closure. */
46 };
47
48 static const struct htmldata htmltags[TAG_MAX] = {
49 {"html", HTML_CLRLINE}, /* TAG_HTML */
50 {"head", HTML_CLRLINE}, /* TAG_HEAD */
51 {"body", HTML_CLRLINE}, /* TAG_BODY */
52 {"meta", HTML_CLRLINE | HTML_NOSTACK | HTML_AUTOCLOSE}, /* TAG_META */
53 {"title", HTML_CLRLINE}, /* TAG_TITLE */
54 {"div", HTML_CLRLINE}, /* TAG_DIV */
55 {"h1", 0}, /* TAG_H1 */
56 {"h2", 0}, /* TAG_H2 */
57 {"span", 0}, /* TAG_SPAN */
58 {"link", HTML_CLRLINE | HTML_NOSTACK | HTML_AUTOCLOSE}, /* TAG_LINK */
59 {"br", HTML_CLRLINE | HTML_NOSTACK | HTML_AUTOCLOSE}, /* TAG_BR */
60 {"a", 0}, /* TAG_A */
61 {"table", HTML_CLRLINE}, /* TAG_TABLE */
62 {"tbody", HTML_CLRLINE}, /* TAG_TBODY */
63 {"col", HTML_CLRLINE | HTML_NOSTACK | HTML_AUTOCLOSE}, /* TAG_COL */
64 {"tr", HTML_CLRLINE}, /* TAG_TR */
65 {"td", HTML_CLRLINE}, /* TAG_TD */
66 {"li", HTML_CLRLINE}, /* TAG_LI */
67 {"ul", HTML_CLRLINE}, /* TAG_UL */
68 {"ol", HTML_CLRLINE}, /* TAG_OL */
69 {"dl", HTML_CLRLINE}, /* TAG_DL */
70 {"dt", HTML_CLRLINE}, /* TAG_DT */
71 {"dd", HTML_CLRLINE}, /* TAG_DD */
72 {"blockquote", HTML_CLRLINE}, /* TAG_BLOCKQUOTE */
73 {"p", HTML_CLRLINE | HTML_NOSTACK | HTML_AUTOCLOSE}, /* TAG_P */
74 {"pre", HTML_CLRLINE }, /* TAG_PRE */
75 {"b", 0 }, /* TAG_B */
76 {"i", 0 }, /* TAG_I */
77 {"code", 0 }, /* TAG_CODE */
78 {"small", 0 }, /* TAG_SMALL */
79 };
80
81 static const char *const htmlattrs[ATTR_MAX] = {
82 "http-equiv", /* ATTR_HTTPEQUIV */
83 "content", /* ATTR_CONTENT */
84 "name", /* ATTR_NAME */
85 "rel", /* ATTR_REL */
86 "href", /* ATTR_HREF */
87 "type", /* ATTR_TYPE */
88 "media", /* ATTR_MEDIA */
89 "class", /* ATTR_CLASS */
90 "style", /* ATTR_STYLE */
91 "width", /* ATTR_WIDTH */
92 "id", /* ATTR_ID */
93 "summary", /* ATTR_SUMMARY */
94 "align", /* ATTR_ALIGN */
95 "colspan", /* ATTR_COLSPAN */
96 };
97
98 static const char *const roffscales[SCALE_MAX] = {
99 "cm", /* SCALE_CM */
100 "in", /* SCALE_IN */
101 "pc", /* SCALE_PC */
102 "pt", /* SCALE_PT */
103 "em", /* SCALE_EM */
104 "em", /* SCALE_MM */
105 "ex", /* SCALE_EN */
106 "ex", /* SCALE_BU */
107 "em", /* SCALE_VS */
108 "ex", /* SCALE_FS */
109 };
110
111 static void bufncat(struct html *, const char *, size_t);
112 static void print_ctag(struct html *, enum htmltag);
113 static int print_encode(struct html *, const char *, int);
114 static void print_metaf(struct html *, enum mandoc_esc);
115 static void print_attr(struct html *, const char *, const char *);
116 static void *ml_alloc(char *, enum htmltype);
117
118
119 static void *
120 ml_alloc(char *outopts, enum htmltype type)
121 {
122 struct html *h;
123 const char *toks[5];
124 char *v;
125
126 toks[0] = "style";
127 toks[1] = "man";
128 toks[2] = "includes";
129 toks[3] = "fragment";
130 toks[4] = NULL;
131
132 h = mandoc_calloc(1, sizeof(struct html));
133
134 h->type = type;
135 h->tags.head = NULL;
136 h->symtab = mchars_alloc();
137
138 while (outopts && *outopts)
139 switch (getsubopt(&outopts, UNCONST(toks), &v)) {
140 case 0:
141 h->style = v;
142 break;
143 case 1:
144 h->base_man = v;
145 break;
146 case 2:
147 h->base_includes = v;
148 break;
149 case 3:
150 h->oflags |= HTML_FRAGMENT;
151 break;
152 default:
153 break;
154 }
155
156 return(h);
157 }
158
159 void *
160 html_alloc(char *outopts)
161 {
162
163 return(ml_alloc(outopts, HTML_HTML_4_01_STRICT));
164 }
165
166 void *
167 xhtml_alloc(char *outopts)
168 {
169
170 return(ml_alloc(outopts, HTML_XHTML_1_0_STRICT));
171 }
172
173 void
174 html_free(void *p)
175 {
176 struct tag *tag;
177 struct html *h;
178
179 h = (struct html *)p;
180
181 while ((tag = h->tags.head) != NULL) {
182 h->tags.head = tag->next;
183 free(tag);
184 }
185
186 if (h->symtab)
187 mchars_free(h->symtab);
188
189 free(h);
190 }
191
192 void
193 print_gen_head(struct html *h)
194 {
195 struct htmlpair tag[4];
196
197 tag[0].key = ATTR_HTTPEQUIV;
198 tag[0].val = "Content-Type";
199 tag[1].key = ATTR_CONTENT;
200 tag[1].val = "text/html; charset=utf-8";
201 print_otag(h, TAG_META, 2, tag);
202
203 tag[0].key = ATTR_NAME;
204 tag[0].val = "resource-type";
205 tag[1].key = ATTR_CONTENT;
206 tag[1].val = "document";
207 print_otag(h, TAG_META, 2, tag);
208
209 if (h->style) {
210 tag[0].key = ATTR_REL;
211 tag[0].val = "stylesheet";
212 tag[1].key = ATTR_HREF;
213 tag[1].val = h->style;
214 tag[2].key = ATTR_TYPE;
215 tag[2].val = "text/css";
216 tag[3].key = ATTR_MEDIA;
217 tag[3].val = "all";
218 print_otag(h, TAG_LINK, 4, tag);
219 }
220 }
221
222 static void
223 print_metaf(struct html *h, enum mandoc_esc deco)
224 {
225 enum htmlfont font;
226
227 switch (deco) {
228 case ESCAPE_FONTPREV:
229 font = h->metal;
230 break;
231 case ESCAPE_FONTITALIC:
232 font = HTMLFONT_ITALIC;
233 break;
234 case ESCAPE_FONTBOLD:
235 font = HTMLFONT_BOLD;
236 break;
237 case ESCAPE_FONTBI:
238 font = HTMLFONT_BI;
239 break;
240 case ESCAPE_FONT:
241 /* FALLTHROUGH */
242 case ESCAPE_FONTROMAN:
243 font = HTMLFONT_NONE;
244 break;
245 default:
246 abort();
247 /* NOTREACHED */
248 }
249
250 if (h->metaf) {
251 print_tagq(h, h->metaf);
252 h->metaf = NULL;
253 }
254
255 h->metal = h->metac;
256 h->metac = font;
257
258 switch (font) {
259 case HTMLFONT_ITALIC:
260 h->metaf = print_otag(h, TAG_I, 0, NULL);
261 break;
262 case HTMLFONT_BOLD:
263 h->metaf = print_otag(h, TAG_B, 0, NULL);
264 break;
265 case HTMLFONT_BI:
266 h->metaf = print_otag(h, TAG_B, 0, NULL);
267 print_otag(h, TAG_I, 0, NULL);
268 break;
269 default:
270 break;
271 }
272 }
273
274 int
275 html_strlen(const char *cp)
276 {
277 size_t rsz;
278 int skip, sz;
279
280 /*
281 * Account for escaped sequences within string length
282 * calculations. This follows the logic in term_strlen() as we
283 * must calculate the width of produced strings.
284 * Assume that characters are always width of "1". This is
285 * hacky, but it gets the job done for approximation of widths.
286 */
287
288 sz = 0;
289 skip = 0;
290 while (1) {
291 rsz = strcspn(cp, "\\");
292 if (rsz) {
293 cp += rsz;
294 if (skip) {
295 skip = 0;
296 rsz--;
297 }
298 sz += rsz;
299 }
300 if ('\0' == *cp)
301 break;
302 cp++;
303 switch (mandoc_escape(&cp, NULL, NULL)) {
304 case ESCAPE_ERROR:
305 return(sz);
306 case ESCAPE_UNICODE:
307 /* FALLTHROUGH */
308 case ESCAPE_NUMBERED:
309 /* FALLTHROUGH */
310 case ESCAPE_SPECIAL:
311 if (skip)
312 skip = 0;
313 else
314 sz++;
315 break;
316 case ESCAPE_SKIPCHAR:
317 skip = 1;
318 break;
319 default:
320 break;
321 }
322 }
323 return(sz);
324 }
325
326 static int
327 print_encode(struct html *h, const char *p, int norecurse)
328 {
329 size_t sz;
330 int c, len, nospace;
331 const char *seq;
332 enum mandoc_esc esc;
333 static const char rejs[8] = { '\\', '<', '>', '&',
334 ASCII_NBRSP, ASCII_HYPH, ASCII_BREAK, '\0' };
335
336 nospace = 0;
337
338 while ('\0' != *p) {
339 if (HTML_SKIPCHAR & h->flags && '\\' != *p) {
340 h->flags &= ~HTML_SKIPCHAR;
341 p++;
342 continue;
343 }
344
345 sz = strcspn(p, rejs);
346
347 fwrite(p, 1, sz, stdout);
348 p += (int)sz;
349
350 if ('\0' == *p)
351 break;
352
353 switch (*p++) {
354 case '<':
355 printf("&lt;");
356 continue;
357 case '>':
358 printf("&gt;");
359 continue;
360 case '&':
361 printf("&amp;");
362 continue;
363 case ASCII_NBRSP:
364 putchar('-');
365 continue;
366 case ASCII_HYPH:
367 putchar('-');
368 /* FALLTHROUGH */
369 case ASCII_BREAK:
370 continue;
371 default:
372 break;
373 }
374
375 esc = mandoc_escape(&p, &seq, &len);
376 if (ESCAPE_ERROR == esc)
377 break;
378
379 switch (esc) {
380 case ESCAPE_FONT:
381 /* FALLTHROUGH */
382 case ESCAPE_FONTPREV:
383 /* FALLTHROUGH */
384 case ESCAPE_FONTBOLD:
385 /* FALLTHROUGH */
386 case ESCAPE_FONTITALIC:
387 /* FALLTHROUGH */
388 case ESCAPE_FONTBI:
389 /* FALLTHROUGH */
390 case ESCAPE_FONTROMAN:
391 if (0 == norecurse)
392 print_metaf(h, esc);
393 continue;
394 case ESCAPE_SKIPCHAR:
395 h->flags |= HTML_SKIPCHAR;
396 continue;
397 default:
398 break;
399 }
400
401 if (h->flags & HTML_SKIPCHAR) {
402 h->flags &= ~HTML_SKIPCHAR;
403 continue;
404 }
405
406 switch (esc) {
407 case ESCAPE_UNICODE:
408 /* Skip passed "u" header. */
409 c = mchars_num2uc(seq + 1, len - 1);
410 if ('\0' != c)
411 printf("&#x%x;", c);
412 break;
413 case ESCAPE_NUMBERED:
414 c = mchars_num2char(seq, len);
415 if ('\0' != c)
416 putchar(c);
417 break;
418 case ESCAPE_SPECIAL:
419 c = mchars_spec2cp(h->symtab, seq, len);
420 if (c > 0)
421 printf("&#%d;", c);
422 else if (-1 == c && 1 == len)
423 putchar((int)*seq);
424 break;
425 case ESCAPE_NOSPACE:
426 if ('\0' == *p)
427 nospace = 1;
428 break;
429 default:
430 break;
431 }
432 }
433
434 return(nospace);
435 }
436
437 static void
438 print_attr(struct html *h, const char *key, const char *val)
439 {
440 printf(" %s=\"", key);
441 (void)print_encode(h, val, 1);
442 putchar('\"');
443 }
444
445 struct tag *
446 print_otag(struct html *h, enum htmltag tag,
447 int sz, const struct htmlpair *p)
448 {
449 int i;
450 struct tag *t;
451
452 /* Push this tags onto the stack of open scopes. */
453
454 if ( ! (HTML_NOSTACK & htmltags[tag].flags)) {
455 t = mandoc_malloc(sizeof(struct tag));
456 t->tag = tag;
457 t->next = h->tags.head;
458 h->tags.head = t;
459 } else
460 t = NULL;
461
462 if ( ! (HTML_NOSPACE & h->flags))
463 if ( ! (HTML_CLRLINE & htmltags[tag].flags)) {
464 /* Manage keeps! */
465 if ( ! (HTML_KEEP & h->flags)) {
466 if (HTML_PREKEEP & h->flags)
467 h->flags |= HTML_KEEP;
468 putchar(' ');
469 } else
470 printf("&#160;");
471 }
472
473 if ( ! (h->flags & HTML_NONOSPACE))
474 h->flags &= ~HTML_NOSPACE;
475 else
476 h->flags |= HTML_NOSPACE;
477
478 /* Print out the tag name and attributes. */
479
480 printf("<%s", htmltags[tag].name);
481 for (i = 0; i < sz; i++)
482 print_attr(h, htmlattrs[p[i].key], p[i].val);
483
484 /* Add non-overridable attributes. */
485
486 if (TAG_HTML == tag && HTML_XHTML_1_0_STRICT == h->type) {
487 print_attr(h, "xmlns", "http://www.w3.org/1999/xhtml");
488 print_attr(h, "xml:lang", "en");
489 print_attr(h, "lang", "en");
490 }
491
492 /* Accommodate for XML "well-formed" singleton escaping. */
493
494 if (HTML_AUTOCLOSE & htmltags[tag].flags)
495 switch (h->type) {
496 case HTML_XHTML_1_0_STRICT:
497 putchar('/');
498 break;
499 default:
500 break;
501 }
502
503 putchar('>');
504
505 h->flags |= HTML_NOSPACE;
506
507 if ((HTML_AUTOCLOSE | HTML_CLRLINE) & htmltags[tag].flags)
508 putchar('\n');
509
510 return(t);
511 }
512
513 static void
514 print_ctag(struct html *h, enum htmltag tag)
515 {
516
517 printf("</%s>", htmltags[tag].name);
518 if (HTML_CLRLINE & htmltags[tag].flags) {
519 h->flags |= HTML_NOSPACE;
520 putchar('\n');
521 }
522 }
523
524 void
525 print_gen_decls(struct html *h)
526 {
527 const char *doctype;
528 const char *dtd;
529 const char *name;
530
531 switch (h->type) {
532 case HTML_HTML_4_01_STRICT:
533 name = "HTML";
534 doctype = "-//W3C//DTD HTML 4.01//EN";
535 dtd = "http://www.w3.org/TR/html4/strict.dtd";
536 break;
537 default:
538 puts("<?xml version=\"1.0\" encoding=\"UTF-8\"?>");
539 name = "html";
540 doctype = "-//W3C//DTD XHTML 1.0 Strict//EN";
541 dtd = "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd";
542 break;
543 }
544
545 printf("<!DOCTYPE %s PUBLIC \"%s\" \"%s\">\n",
546 name, doctype, dtd);
547 }
548
549 void
550 print_text(struct html *h, const char *word)
551 {
552
553 if ( ! (HTML_NOSPACE & h->flags)) {
554 /* Manage keeps! */
555 if ( ! (HTML_KEEP & h->flags)) {
556 if (HTML_PREKEEP & h->flags)
557 h->flags |= HTML_KEEP;
558 putchar(' ');
559 } else
560 printf("&#160;");
561 }
562
563 assert(NULL == h->metaf);
564 switch (h->metac) {
565 case HTMLFONT_ITALIC:
566 h->metaf = print_otag(h, TAG_I, 0, NULL);
567 break;
568 case HTMLFONT_BOLD:
569 h->metaf = print_otag(h, TAG_B, 0, NULL);
570 break;
571 case HTMLFONT_BI:
572 h->metaf = print_otag(h, TAG_B, 0, NULL);
573 print_otag(h, TAG_I, 0, NULL);
574 break;
575 default:
576 break;
577 }
578
579 assert(word);
580 if ( ! print_encode(h, word, 0)) {
581 if ( ! (h->flags & HTML_NONOSPACE))
582 h->flags &= ~HTML_NOSPACE;
583 } else
584 h->flags |= HTML_NOSPACE;
585
586 if (h->metaf) {
587 print_tagq(h, h->metaf);
588 h->metaf = NULL;
589 }
590
591 h->flags &= ~HTML_IGNDELIM;
592 }
593
594 void
595 print_tagq(struct html *h, const struct tag *until)
596 {
597 struct tag *tag;
598
599 while ((tag = h->tags.head) != NULL) {
600 /*
601 * Remember to close out and nullify the current
602 * meta-font and table, if applicable.
603 */
604 if (tag == h->metaf)
605 h->metaf = NULL;
606 if (tag == h->tblt)
607 h->tblt = NULL;
608 print_ctag(h, tag->tag);
609 h->tags.head = tag->next;
610 free(tag);
611 if (until && tag == until)
612 return;
613 }
614 }
615
616 void
617 print_stagq(struct html *h, const struct tag *suntil)
618 {
619 struct tag *tag;
620
621 while ((tag = h->tags.head) != NULL) {
622 if (suntil && tag == suntil)
623 return;
624 /*
625 * Remember to close out and nullify the current
626 * meta-font and table, if applicable.
627 */
628 if (tag == h->metaf)
629 h->metaf = NULL;
630 if (tag == h->tblt)
631 h->tblt = NULL;
632 print_ctag(h, tag->tag);
633 h->tags.head = tag->next;
634 free(tag);
635 }
636 }
637
638 void
639 bufinit(struct html *h)
640 {
641
642 h->buf[0] = '\0';
643 h->buflen = 0;
644 }
645
646 void
647 bufcat_style(struct html *h, const char *key, const char *val)
648 {
649
650 bufcat(h, key);
651 bufcat(h, ":");
652 bufcat(h, val);
653 bufcat(h, ";");
654 }
655
656 void
657 bufcat(struct html *h, const char *p)
658 {
659
660 /*
661 * XXX This is broken and not easy to fix.
662 * When using the -Oincludes option, buffmt_includes()
663 * may pass in strings overrunning BUFSIZ, causing a crash.
664 */
665
666 h->buflen = strlcat(h->buf, p, BUFSIZ);
667 assert(h->buflen < BUFSIZ);
668 }
669
670 void
671 bufcat_fmt(struct html *h, const char *fmt, ...)
672 {
673 va_list ap;
674
675 va_start(ap, fmt);
676 (void)vsnprintf(h->buf + (int)h->buflen,
677 BUFSIZ - h->buflen - 1, fmt, ap);
678 va_end(ap);
679 h->buflen = strlen(h->buf);
680 }
681
682 static void
683 bufncat(struct html *h, const char *p, size_t sz)
684 {
685
686 assert(h->buflen + sz + 1 < BUFSIZ);
687 strncat(h->buf, p, sz);
688 h->buflen += sz;
689 }
690
691 void
692 buffmt_includes(struct html *h, const char *name)
693 {
694 const char *p, *pp;
695
696 pp = h->base_includes;
697
698 bufinit(h);
699 while (NULL != (p = strchr(pp, '%'))) {
700 bufncat(h, pp, (size_t)(p - pp));
701 switch (*(p + 1)) {
702 case'I':
703 bufcat(h, name);
704 break;
705 default:
706 bufncat(h, p, 2);
707 break;
708 }
709 pp = p + 2;
710 }
711 if (pp)
712 bufcat(h, pp);
713 }
714
715 void
716 buffmt_man(struct html *h, const char *name, const char *sec)
717 {
718 const char *p, *pp;
719
720 pp = h->base_man;
721
722 bufinit(h);
723 while (NULL != (p = strchr(pp, '%'))) {
724 bufncat(h, pp, (size_t)(p - pp));
725 switch (*(p + 1)) {
726 case 'S':
727 bufcat(h, sec ? sec : "1");
728 break;
729 case 'N':
730 bufcat_fmt(h, "%s", name);
731 break;
732 default:
733 bufncat(h, p, 2);
734 break;
735 }
736 pp = p + 2;
737 }
738 if (pp)
739 bufcat(h, pp);
740 }
741
742 void
743 bufcat_su(struct html *h, const char *p, const struct roffsu *su)
744 {
745 double v;
746
747 v = su->scale;
748 if (SCALE_MM == su->unit && 0.0 == (v /= 100.0))
749 v = 1.0;
750
751 bufcat_fmt(h, "%s: %.2f%s;", p, v, roffscales[su->unit]);
752 }
753
754 void
755 bufcat_id(struct html *h, const char *src)
756 {
757
758 /* Cf. <http://www.w3.org/TR/html4/types.html#h-6.2>. */
759
760 while ('\0' != *src)
761 bufcat_fmt(h, "%.2x", *src++);
762 }