Skip to content

Commit

Permalink
ZBUG-4538 Extracted content type through MIME for defang usage.Remove…
Browse files Browse the repository at this point in the history
…d the check for IE.

ZBUG-4538 Refactored code.
  • Loading branch information
ashwinsahu19 authored and dasiyogesh committed Jan 17, 2025
1 parent 6dd2a20 commit 07a1d49
Showing 1 changed file with 23 additions and 25 deletions.
48 changes: 23 additions & 25 deletions store/src/java/com/zimbra/cs/service/formatter/NativeFormatter.java
Original file line number Diff line number Diff line change
Expand Up @@ -459,24 +459,29 @@ private static void sendbackOriginalDoc(InputStream is, String contentType, Stri
}
resp.addHeader("Content-Description", desc);
}
// defang when the html and svg attachment was requested with disposition inline
if (disp.equals(Part.INLINE) && isScriptableContent(contentType)) {
BrowserDefang defanger = DefangFactory.getDefanger(contentType);
String content = defanger.defang(Mime.getTextReader(is, contentType, defaultCharset), true);
resp.setContentType(contentType);
String charset = Mime.getCharset(contentType);
resp.setCharacterEncoding(Strings.isNullOrEmpty(charset) ? Charsets.UTF_8.name() : charset);
if (!content.isEmpty()) {
resp.setContentLength(content.getBytes().length);
}
resp.getWriter().write(content);
if (Strings.isNullOrEmpty(contentType)) {
log.debug("ContentType is empty.");
} else {
// flash attachment may contain a malicious script hence..
if (contentType.startsWith(MimeConstants.CT_APPLICATION_SHOCKWAVE_FLASH)) {
disp = Part.ATTACHMENT;
// defang when the html and svg attachment was requested with disposition inline
if (disp.equals(Part.INLINE) && isScriptableContent(contentType)) {
contentType = Mime.getContentType(contentType).toLowerCase();
BrowserDefang defanger = DefangFactory.getDefanger(contentType);
String content = defanger.defang(Mime.getTextReader(is, contentType, defaultCharset), true);
resp.setContentType(contentType);
String charset = Mime.getCharset(contentType);
resp.setCharacterEncoding(Strings.isNullOrEmpty(charset) ? Charsets.UTF_8.name() : charset);
if (!content.isEmpty()) {
resp.setContentLength(content.getBytes().length);
}
resp.getWriter().write(content);
} else {
// flash attachment may contain a malicious script hence..
if (contentType.startsWith(MimeConstants.CT_APPLICATION_SHOCKWAVE_FLASH)) {
disp = Part.ATTACHMENT;
}
resp.setContentType(contentType);
sendbackBinaryData(req, resp, is, contentType, disp, filename, size);
}
resp.setContentType(contentType);
sendbackBinaryData(req, resp, is, contentType, disp, filename, size);
}
}

Expand Down Expand Up @@ -616,12 +621,9 @@ public static void sendbackBinaryData(HttpServletRequest req, HttpServletRespons
}
PushbackInputStream pis = new PushbackInputStream(in, READ_AHEAD_BUFFER_SIZE);
boolean isSafe = false;
HttpUtil.Browser browser = HttpUtil.guessBrowser(req);
if (browser != HttpUtil.Browser.IE) {
isSafe = true;
} else if (disposition.equals(Part.ATTACHMENT)) {
if (Part.ATTACHMENT.equals(disposition)) {
isSafe = true;
if (isScriptableContent(contentType)) {
if (!Strings.isNullOrEmpty(contentType) && isScriptableContent(contentType)) {
resp.addHeader("X-Download-Options", "noopen"); // ask it to save the file
}
}
Expand Down Expand Up @@ -664,10 +666,6 @@ public static void sendbackBinaryData(HttpServletRequest req, HttpServletRespons
* @return true if there's a possiblilty that <script> is valid, false if not
*/
private static boolean isScriptableContent(String contentType) {
// Make sure we don't have to worry about a null content type;
if (Strings.isNullOrEmpty(contentType)) {
return false;
}
contentType = Mime.getContentType(contentType).toLowerCase();
// only set no-open for 'script type content'
return SCRIPTABLE_CONTENT_TYPES.contains(contentType);
Expand Down

0 comments on commit 07a1d49

Please sign in to comment.