Merge pull request #190 from snshn/refactor-csp

Refactor CSP code

src/html.rs

@@ -1076,6 +1076,7 @@ fn get_child_node_by_name(handle: &Handle, node_name: &str) -> Handle {
 pub fn stringify_document(
     handle: &Handle,
     opt_no_css: bool,
+    opt_no_fonts: bool,
     opt_no_frames: bool,
     opt_no_js: bool,
     opt_no_images: bool,
@@ -1087,28 +1088,21 @@ pub fn stringify_document(
 
     let mut result = String::from_utf8(buf).unwrap();
 
-    if opt_isolate || opt_no_css || opt_no_frames || opt_no_js || opt_no_images {
+    // Take care of CSP
+    if opt_isolate || opt_no_css || opt_no_fonts || opt_no_frames || opt_no_js || opt_no_images {
         let mut buf: Vec<u8> = Vec::new();
         let mut dom = html_to_dom(&result);
         let doc = dom.get_document();
         let html = get_child_node_by_name(&doc, "html");
         let head = get_child_node_by_name(&html, "head");
-        let mut content_attr = str!();
-        if opt_isolate {
-            content_attr += " default-src 'unsafe-inline' data:;";
-        }
-        if opt_no_css {
-            content_attr += " style-src 'none';";
-        }
-        if opt_no_frames {
-            content_attr += " frame-src 'none';child-src 'none';";
-        }
-        if opt_no_js {
-            content_attr += " script-src 'none';";
-        }
-        if opt_no_images {
-            content_attr += " img-src data:;";
-        }
+        let csp_content: String = csp(
+            opt_isolate,
+            opt_no_css,
+            opt_no_fonts,
+            opt_no_frames,
+            opt_no_js,
+            opt_no_images,
+        );
 
         let meta = dom.create_element(
             QualName::new(None, ns!(), local_name!("meta")),
@@ -1119,28 +1113,68 @@ pub fn stringify_document(
                 },
                 Attribute {
                     name: QualName::new(None, ns!(), local_name!("content")),
-                    value: format_tendril!("{}", content_attr.trim()),
+                    value: format_tendril!("{}", csp_content),
                 },
             ],
             Default::default(),
         );
-        head.children.borrow_mut().reverse();
-        head.children.borrow_mut().push(meta.clone());
-        head.children.borrow_mut().reverse();
         // Note: the CSP meta-tag has to be prepended, never appended,
         //       since there already may be one defined in the document,
         //       and browsers don't allow re-defining them (for obvious reasons)
+        head.children.borrow_mut().reverse();
+        head.children.borrow_mut().push(meta.clone());
+        head.children.borrow_mut().reverse();
 
+        // Note: we can't make it isolate the page right away since it may have no HEAD element,
+        //       ergo we have to serialize, parse the DOM again, insert the CSP meta tag, and then
+        //       finally serialize the result
         serialize(&mut buf, &doc, SerializeOpts::default())
             .expect("unable to serialize DOM into buffer");
         result = String::from_utf8(buf).unwrap();
-        // Note: we can't make it isolate the page right away since it may have no HEAD element,
-        //       ergo we have to serialize, parse DOM again, and then finally serialize the result
     }
 
     result
 }
 
+pub fn csp(
+    opt_isolate: bool,
+    opt_no_css: bool,
+    opt_no_fonts: bool,
+    opt_no_frames: bool,
+    opt_no_js: bool,
+    opt_no_images: bool,
+) -> String {
+    let mut string_list = vec![];
+
+    if opt_isolate {
+        string_list.push("default-src 'unsafe-inline' data:;");
+    }
+
+    if opt_no_css {
+        string_list.push("style-src 'none';");
+    }
+
+    if opt_no_fonts {
+        string_list.push("font-src 'none';");
+    }
+
+    if opt_no_frames {
+        string_list.push("frame-src 'none';");
+        string_list.push("child-src 'none';");
+    }
+
+    if opt_no_js {
+        string_list.push("script-src 'none';");
+    }
+
+    if opt_no_images {
+        // Note: data: is needed for transparent pixels
+        string_list.push("img-src data:;");
+    }
+
+    string_list.join(" ")
+}
+
 pub fn metadata_tag(url: &str) -> String {
     let timestamp = Utc::now().to_rfc3339_opts(SecondsFormat::Secs, true);
 

src/main.rs

@@ -152,6 +152,7 @@ fn main() {
     let mut result: String = stringify_document(
         &dom.document,
         app_args.no_css,
+        app_args.no_fonts,
         app_args.no_frames,
         app_args.no_js,
         app_args.no_images,

src/tests/cli.rs

@@ -128,13 +128,41 @@ mod passing {
         Ok(())
     }
 
+    #[test]
+    fn remove_fonts_from_data_url() -> Result<(), Box<dyn std::error::Error>> {
+        let mut cmd = Command::cargo_bin(env!("CARGO_PKG_NAME"))?;
+        let out = cmd
+            .arg("-M")
+            .arg("-F")
+            .arg("data:text/html,<style>@font-face { font-family: myFont; src: url(font.woff); }</style>Hi")
+            .output()
+            .unwrap();
+
+        // STDOUT should contain HTML with no web fonts
+        assert_eq!(
+            std::str::from_utf8(&out.stdout).unwrap(),
+            "<html><head>\
+            <meta http-equiv=\"Content-Security-Policy\" content=\"font-src 'none';\"></meta>\
+            <style> </style>\
+            </head><body>Hi</body></html>\n"
+        );
+
+        // STDERR should be empty
+        assert_eq!(std::str::from_utf8(&out.stderr).unwrap(), "");
+
+        // The exit code should be 0
+        out.assert().code(0);
+
+        Ok(())
+    }
+
     #[test]
     fn remove_frames_from_data_url() -> Result<(), Box<dyn std::error::Error>> {
         let mut cmd = Command::cargo_bin(env!("CARGO_PKG_NAME"))?;
         let out = cmd
             .arg("-M")
             .arg("-f")
-            .arg("data:text/html,<iframe src=\"https://google.com\"></iframe>Hi")
+            .arg("data:text/html,<iframe src=\"https://duckduckgo.com\"></iframe>Hi")
             .output()
             .unwrap();
 
@@ -142,7 +170,7 @@ mod passing {
         assert_eq!(
             std::str::from_utf8(&out.stdout).unwrap(),
             "<html><head>\
-            <meta http-equiv=\"Content-Security-Policy\" content=\"frame-src 'none';child-src 'none';\"></meta>\
+            <meta http-equiv=\"Content-Security-Policy\" content=\"frame-src 'none'; child-src 'none';\"></meta>\
             </head><body><iframe src=\"\"></iframe>Hi</body></html>\n"
         );
 

src/tests/html/csp.rs

@@ -0,0 +1,151 @@
+//  ██████╗  █████╗ ███████╗███████╗██╗███╗   ██╗ ██████╗
+//  ██╔══██╗██╔══██╗██╔════╝██╔════╝██║████╗  ██║██╔════╝
+//  ██████╔╝███████║███████╗███████╗██║██╔██╗ ██║██║  ███╗
+//  ██╔═══╝ ██╔══██║╚════██║╚════██║██║██║╚██╗██║██║   ██║
+//  ██║     ██║  ██║███████║███████║██║██║ ╚████║╚██████╔╝
+//  ╚═╝     ╚═╝  ╚═╝╚══════╝╚══════╝╚═╝╚═╝  ╚═══╝ ╚═════╝
+
+#[cfg(test)]
+mod passing {
+    use crate::html;
+
+    #[test]
+    fn isolated() {
+        let opt_isolate: bool = true;
+        let opt_no_css: bool = false;
+        let opt_no_fonts: bool = false;
+        let opt_no_frames: bool = false;
+        let opt_no_js: bool = false;
+        let opt_no_images: bool = false;
+        let csp_content = html::csp(
+            opt_isolate,
+            opt_no_css,
+            opt_no_fonts,
+            opt_no_frames,
+            opt_no_js,
+            opt_no_images,
+        );
+
+        assert_eq!(csp_content, "default-src 'unsafe-inline' data:;");
+    }
+
+    #[test]
+    fn no_css() {
+        let opt_isolate: bool = false;
+        let opt_no_css: bool = true;
+        let opt_no_fonts: bool = false;
+        let opt_no_frames: bool = false;
+        let opt_no_js: bool = false;
+        let opt_no_images: bool = false;
+        let csp_content = html::csp(
+            opt_isolate,
+            opt_no_css,
+            opt_no_fonts,
+            opt_no_frames,
+            opt_no_js,
+            opt_no_images,
+        );
+
+        assert_eq!(csp_content, "style-src 'none';");
+    }
+
+    #[test]
+    fn no_fonts() {
+        let opt_isolate: bool = false;
+        let opt_no_css: bool = false;
+        let opt_no_fonts: bool = true;
+        let opt_no_frames: bool = false;
+        let opt_no_js: bool = false;
+        let opt_no_images: bool = false;
+        let csp_content = html::csp(
+            opt_isolate,
+            opt_no_css,
+            opt_no_fonts,
+            opt_no_frames,
+            opt_no_js,
+            opt_no_images,
+        );
+
+        assert_eq!(csp_content, "font-src 'none';");
+    }
+
+    #[test]
+    fn no_frames() {
+        let opt_isolate: bool = false;
+        let opt_no_css: bool = false;
+        let opt_no_fonts: bool = false;
+        let opt_no_frames: bool = true;
+        let opt_no_js: bool = false;
+        let opt_no_images: bool = false;
+        let csp_content = html::csp(
+            opt_isolate,
+            opt_no_css,
+            opt_no_fonts,
+            opt_no_frames,
+            opt_no_js,
+            opt_no_images,
+        );
+
+        assert_eq!(csp_content, "frame-src 'none'; child-src 'none';");
+    }
+
+    #[test]
+    fn no_js() {
+        let opt_isolate: bool = false;
+        let opt_no_css: bool = false;
+        let opt_no_fonts: bool = false;
+        let opt_no_frames: bool = false;
+        let opt_no_js: bool = true;
+        let opt_no_images: bool = false;
+        let csp_content = html::csp(
+            opt_isolate,
+            opt_no_css,
+            opt_no_fonts,
+            opt_no_frames,
+            opt_no_js,
+            opt_no_images,
+        );
+
+        assert_eq!(csp_content, "script-src 'none';");
+    }
+
+    #[test]
+    fn no_image() {
+        let opt_isolate: bool = false;
+        let opt_no_css: bool = false;
+        let opt_no_fonts: bool = false;
+        let opt_no_frames: bool = false;
+        let opt_no_js: bool = false;
+        let opt_no_images: bool = true;
+        let csp_content = html::csp(
+            opt_isolate,
+            opt_no_css,
+            opt_no_fonts,
+            opt_no_frames,
+            opt_no_js,
+            opt_no_images,
+        );
+
+        assert_eq!(csp_content, "img-src data:;");
+    }
+
+    #[test]
+    fn all() {
+        let opt_isolate: bool = true;
+        let opt_no_css: bool = true;
+        let opt_no_fonts: bool = true;
+        let opt_no_frames: bool = true;
+        let opt_no_js: bool = true;
+        let opt_no_images: bool = true;
+        let csp_content = html::csp(
+            opt_isolate,
+            opt_no_css,
+            opt_no_fonts,
+            opt_no_frames,
+            opt_no_js,
+            opt_no_images,
+        );
+
+        assert_eq!(csp_content, "default-src 'unsafe-inline' data:; style-src 'none'; font-src 'none'; frame-src 'none'; child-src 'none'; script-src 'none'; img-src data:;");
+    }
+}

src/tests/html/mod.rs

@@ -1,3 +1,4 @@
+mod csp;
 mod embed_srcset;
 mod get_node_name;
 mod has_proper_integrity;

src/tests/html/stringify_document.rs

@@ -15,6 +15,7 @@ mod passing {
         let dom = html::html_to_dom(&html);
 
         let opt_no_css: bool = false;
+        let opt_no_fonts: bool = false;
         let opt_no_frames: bool = false;
         let opt_no_js: bool = false;
         let opt_no_images: bool = false;
@@ -24,6 +25,7 @@ mod passing {
             html::stringify_document(
                 &dom.document,
                 opt_no_css,
+                opt_no_fonts,
                 opt_no_frames,
                 opt_no_js,
                 opt_no_images,
@@ -42,6 +44,7 @@ mod passing {
         let dom = html::html_to_dom(&html);
 
         let opt_no_css: bool = false;
+        let opt_no_fonts: bool = false;
         let opt_no_frames: bool = false;
         let opt_no_js: bool = false;
         let opt_no_images: bool = false;
@@ -51,6 +54,7 @@ mod passing {
             html::stringify_document(
                 &dom.document,
                 opt_no_css,
+                opt_no_fonts,
                 opt_no_frames,
                 opt_no_js,
                 opt_no_images,
@@ -81,6 +85,7 @@ mod passing {
         let dom = html::html_to_dom(&html);
 
         let opt_no_css: bool = true;
+        let opt_no_fonts: bool = false;
         let opt_no_frames: bool = false;
         let opt_no_js: bool = false;
         let opt_no_images: bool = false;
@@ -90,6 +95,7 @@ mod passing {
             html::stringify_document(
                 &dom.document,
                 opt_no_css,
+                opt_no_fonts,
                 opt_no_frames,
                 opt_no_js,
                 opt_no_images,
@@ -116,6 +122,7 @@ mod passing {
         let dom = html::html_to_dom(&html);
 
         let opt_no_css: bool = false;
+        let opt_no_fonts: bool = false;
         let opt_no_frames: bool = true;
         let opt_no_js: bool = false;
         let opt_no_images: bool = false;
@@ -125,6 +132,7 @@ mod passing {
             html::stringify_document(
                 &dom.document,
                 opt_no_css,
+                opt_no_fonts,
                 opt_no_frames,
                 opt_no_js,
                 opt_no_images,
@@ -133,7 +141,7 @@ mod passing {
             "<!DOCTYPE html>\
                 <html>\
                 <head>\
-                <meta http-equiv=\"Content-Security-Policy\" content=\"frame-src 'none';child-src 'none';\"></meta>\
+                <meta http-equiv=\"Content-Security-Policy\" content=\"frame-src 'none'; child-src 'none';\"></meta>\
                 <title>Frameless document</title>\
                 <link rel=\"something\">\
                 </head>\
@@ -149,14 +157,15 @@ mod passing {
                     <meta http-equiv=\"Content-Security-Policy\" content=\"default-src https:\">\
                     <link rel=\"stylesheet\" href=\"some.css\">\
                     <div>\
-                    <script src=\"some.js\"></script>\
-                    <img style=\"width: 100%;\" src=\"some.png\" />\
-                    <iframe src=\"some.html\"></iframe>\
+                        <script src=\"some.js\"></script>\
+                        <img style=\"width: 100%;\" src=\"some.png\" />\
+                        <iframe src=\"some.html\"></iframe>\
                     </div>";
         let dom = html::html_to_dom(&html);
 
         let opt_isolate: bool = true;
         let opt_no_css: bool = true;
+        let opt_no_fonts: bool = true;
         let opt_no_frames: bool = true;
         let opt_no_js: bool = true;
         let opt_no_images: bool = true;
@@ -165,6 +174,7 @@ mod passing {
             html::stringify_document(
                 &dom.document,
                 opt_no_css,
+                opt_no_fonts,
                 opt_no_frames,
                 opt_no_js,
                 opt_no_images,
@@ -173,7 +183,7 @@ mod passing {
             "<!DOCTYPE html>\
                 <html>\
                     <head>\
-                        <meta http-equiv=\"Content-Security-Policy\" content=\"default-src 'unsafe-inline' data:; style-src 'none'; frame-src 'none';child-src 'none'; script-src 'none'; img-src data:;\"></meta>\
+                        <meta http-equiv=\"Content-Security-Policy\" content=\"default-src 'unsafe-inline' data:; style-src 'none'; font-src 'none'; frame-src 'none'; child-src 'none'; script-src 'none'; img-src data:;\"></meta>\
                         <title>no-frame no-css no-js no-image isolated document</title>\
                         <meta http-equiv=\"Content-Security-Policy\" content=\"default-src https:\">\
                         <link rel=\"stylesheet\" href=\"some.css\">\