diff --git a/SoObjects/SOGo/NSString+Utilities.m b/SoObjects/SOGo/NSString+Utilities.m index 03fb06caa..fb888fb0f 100644 --- a/SoObjects/SOGo/NSString+Utilities.m +++ b/SoObjects/SOGo/NSString+Utilities.m @@ -898,7 +898,7 @@ static int cssEscapingCount; */ - (NSString *) stringWithoutHTMLInjection: (BOOL)stripHTMLCode { - NSString *result, *text; + NSString *result, *text, *newResult; NSScanner *theScanner; NSError *error; NSUInteger numberOfMatches; @@ -908,78 +908,95 @@ static int cssEscapingCount; error = nil; result = [NSString stringWithString: self]; regex = nil; - - if (stripHTMLCode) { - // Author : https://www.codercrunch.com/question/1251681838/how-remove-html-tags-string-ios - theScanner = [NSScanner scannerWithString: result]; - while ([theScanner isAtEnd] == NO) { - // find start of tag - [theScanner scanUpToString: @"<" intoString: NULL]; - // find end of tag - [theScanner scanUpToString: @">" intoString: &text]; - - // Check that text is not ", text] - withString: @" "]; + + NS_DURING + { + if (stripHTMLCode) { + // Author : https://www.codercrunch.com/question/1251681838/how-remove-html-tags-string-ios + theScanner = [NSScanner scannerWithString: result]; + while ([theScanner isAtEnd] == NO) { + // find start of tag + [theScanner scanUpToString: @"<" intoString: NULL]; + // find end of tag + [theScanner scanUpToString: @">" intoString: &text]; + + // Check that text is not ", text] + withString: @" "]; + result = [NSString stringWithString: newResult]; + } } - } - } - } else { - // Clean XSS - // Examples of injection : https://cheatsheetseries.owasp.org/cheatsheets/XSS_Filter_Evasion_Cheat_Sheet.html#xss-locator-polygot + } + } else { + // Clean XSS + // Examples of injection : https://cheatsheetseries.owasp.org/cheatsheets/XSS_Filter_Evasion_Cheat_Sheet.html#xss-locator-polygot - // Remove javascript: - regex = [NSRegularExpression regularExpressionWithPattern:@"j[\\s\\u200B \\\\0]*a[\\s\\u200B \\\\0]*v[\\s\\u200B \\\\0]*a[\\s\\u200B \\\\0]*s[\\s\\u200B \\\\0]*c[\\s\\u200B \\\\0]*r[\\s\\u200B \\\\0]*i[\\s\\u200B \\\\0]*p[\\s\\u200B \\\\0]*t[\\s\\u200B \\\\0]*:" - options: NSRegularExpressionCaseInsensitive error:&error]; - result = [regex stringByReplacingMatchesInString:result options:0 range:NSMakeRange(0, [result length]) withTemplate:@""]; + // Remove javascript: + regex = [NSRegularExpression regularExpressionWithPattern:@"j[\\s\\u200B \\\\0]*a[\\s\\u200B \\\\0]*v[\\s\\u200B \\\\0]*a[\\s\\u200B \\\\0]*s[\\s\\u200B \\\\0]*c[\\s\\u200B \\\\0]*r[\\s\\u200B \\\\0]*i[\\s\\u200B \\\\0]*p[\\s\\u200B \\\\0]*t[\\s\\u200B \\\\0]*:" + options: NSRegularExpressionCaseInsensitive error:&error]; + newResult = [regex stringByReplacingMatchesInString:result options:0 range:NSMakeRange(0, [result length]) withTemplate:@""]; + result = [NSString stringWithString: newResult]; - // Remove vbscript: - regex = [NSRegularExpression regularExpressionWithPattern:@"v[\\s\\u200B \\\\0]*b[\\s\\u200B \\\\0]*s[\\s\\u200B \\\\0]*c[\\s\\u200B \\\\0]*r[\\s\\u200B \\\\0]*i[\\s\\u200B \\\\0]*p[\\s\\u200B \\\\0]*t[\\s\\u200B \\\\0]*:" - options: NSRegularExpressionCaseInsensitive error:&error]; - result = [regex stringByReplacingMatchesInString:result options:0 range:NSMakeRange(0, [result length]) withTemplate:@""]; + // Remove vbscript: + regex = [NSRegularExpression regularExpressionWithPattern:@"v[\\s\\u200B \\\\0]*b[\\s\\u200B \\\\0]*s[\\s\\u200B \\\\0]*c[\\s\\u200B \\\\0]*r[\\s\\u200B \\\\0]*i[\\s\\u200B \\\\0]*p[\\s\\u200B \\\\0]*t[\\s\\u200B \\\\0]*:" + options: NSRegularExpressionCaseInsensitive error:&error]; + newResult = [regex stringByReplacingMatchesInString:result options:0 range:NSMakeRange(0, [result length]) withTemplate:@""]; + result = [NSString stringWithString: newResult]; - // Remove livescript: - regex = [NSRegularExpression regularExpressionWithPattern:@"l[\\s\\u200B \\\\0]*i[\\s\\u200B \\\\0]*v[\\s\\u200B \\\\0]*e[\\s\\u200B \\\\0]*s[\\s\\u200B \\\\0]*c[\\s\\u200B \\\\0]*r[\\s\\u200B \\\\0]*i[\\s\\u200B \\\\0]*p[\\s\\u200B \\\\0]*t[\\s\\u200B \\\\0]*:" - options: NSRegularExpressionCaseInsensitive error:&error]; - result = [regex stringByReplacingMatchesInString:result options:0 range:NSMakeRange(0, [result length]) withTemplate:@""]; + // Remove livescript: + regex = [NSRegularExpression regularExpressionWithPattern:@"l[\\s\\u200B \\\\0]*i[\\s\\u200B \\\\0]*v[\\s\\u200B \\\\0]*e[\\s\\u200B \\\\0]*s[\\s\\u200B \\\\0]*c[\\s\\u200B \\\\0]*r[\\s\\u200B \\\\0]*i[\\s\\u200B \\\\0]*p[\\s\\u200B \\\\0]*t[\\s\\u200B \\\\0]*:" + options: NSRegularExpressionCaseInsensitive error:&error]; + newResult = [regex stringByReplacingMatchesInString:result options:0 range:NSMakeRange(0, [result length]) withTemplate:@""]; + result = [NSString stringWithString: newResult]; - // Remove