Skip to content

Commit

Permalink
use denylist
Browse files Browse the repository at this point in the history
  • Loading branch information
@freekmurze
freekmurze committed Jan 6, 2025
1 parent c6ea27f commit 731244f
Show file tree
Hide file tree
Showing 5 changed files with 65 additions and 58 deletions.
19 changes: 15 additions & 4 deletions src/Browsershot.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -77,6 +77,8 @@ class Browsershot
'view-source',
];

protected string $deniedUrlsRegex = '^file:(?!//\/tmp/).*';

public static function url(string $url): static
{
return (new static)->setUrl($url);
Expand All @@ -103,6 +105,13 @@ public function __construct(string $url = '', bool $deviceEmulate = false)
$this->imageManipulations = new ImageManipulations;
}

public function setDeniedUrlsRegex(string $deniedUrlsRegex): static
{
$this->deniedUrlsRegex = $deniedUrlsRegex;

return $this;
}

public function setNodeBinary(string $nodeBinary): static
{
$this->nodeBinary = $nodeBinary;
Expand Down Expand Up @@ -306,10 +315,8 @@ public function setProxyServer(string $proxyServer): static

public function setHtml(string $html): static
{
foreach ($this->unsafeProtocols as $protocol) {
if (str_contains(strtolower($html), $protocol)) {
throw HtmlIsNotAllowedToContainFile::make();
}
if (str_contains(strtolower($html), 'view-source:')) {
throw HtmlIsNotAllowedToContainFile::make();
}

$this->html = $html;
Expand Down Expand Up @@ -1014,6 +1021,10 @@ protected function getOptionArgs(): array
$args[] = '--proxy-server='.$this->proxyServer;
}

if ($this->deniedUrlsRegex) {
$args[] = '--chromium-deny-list='.$this->deniedUrlsRegex;
}

return $args;
}

Expand Down
68 changes: 32 additions & 36 deletions tests/BrowsershotTest.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -73,18 +73,10 @@
Browsershot::url(' file://test');
})->throws(FileUrlNotAllowed::class);

it('will not allow html to contain file://', function () {
Browsershot::html('<h1><img src="file://" /></h1>');
})->throws(HtmlIsNotAllowedToContainFile::class);

it('will not allow a slightly malformed file url', function () {
Browsershot::url('file:/test');
})->throws(FileUrlNotAllowed::class);

it('will not allow html to contain file:/', function () {
Browsershot::html('<h1><img src="file:/" /></h1>');
})->throws(HtmlIsNotAllowedToContainFile::class);

it('no redirects - will not follow redirects', function () {
$targetPath = __DIR__.'/temp/redirect_fail.pdf';

Expand Down Expand Up @@ -197,7 +189,7 @@
'height' => 600,
],
'args' => [
'--no-sandbox',
'--no-sandbox', '--chromium-deny-list=^file:(?!//\/tmp/).*',
],
'type' => 'png',
],
Expand All @@ -219,7 +211,7 @@
'width' => 800,
'height' => 600,
],
'args' => [],
'args' => ['--chromium-deny-list=^file:(?!//\/tmp/).*'],
'type' => 'png',
],
], $command);
Expand All @@ -240,7 +232,7 @@
'width' => 800,
'height' => 600,
],
'args' => [],
'args' => ['--chromium-deny-list=^file:(?!//\/tmp/).*'],
'type' => 'png',
],
], $command);
Expand All @@ -261,7 +253,7 @@
'width' => 800,
'height' => 600,
],
'args' => [],
'args' => ['--chromium-deny-list=^file:(?!//\/tmp/).*'],
'type' => 'png',
],
], $command);
Expand All @@ -282,7 +274,7 @@
'width' => 800,
'height' => 600,
],
'args' => [],
'args' => ['--chromium-deny-list=^file:(?!//\/tmp/).*'],
'type' => 'png',
],
], $command);
Expand All @@ -309,7 +301,7 @@
'width' => 800,
'height' => 600,
],
'args' => [],
'args' => ['--chromium-deny-list=^file:(?!//\/tmp/).*'],
'type' => 'png',
],
], $command);
Expand All @@ -336,7 +328,7 @@
'width' => 800,
'height' => 600,
],
'args' => [],
'args' => ['--chromium-deny-list=^file:(?!//\/tmp/).*'],
'type' => 'png',
],
], $command);
Expand All @@ -357,7 +349,7 @@
'width' => 800,
'height' => 600,
],
'args' => [],
'args' => ['--chromium-deny-list=^file:(?!//\/tmp/).*'],
'type' => 'png',
],
], $command);
Expand All @@ -377,7 +369,8 @@
'width' => 800,
'height' => 600,
],
'args' => ['--proxy-server=1.2.3.4:8080'],
'args' => ['--proxy-server=1.2.3.4:8080', '--chromium-deny-list=^file:(?!//\/tmp/).*',
],
'type' => 'png',
],
], $command);
Expand All @@ -403,7 +396,7 @@
'bar' => 150,
'baz' => 200,
],
'args' => [],
'args' => ['--chromium-deny-list=^file:(?!//\/tmp/).*'],
'type' => 'png',
],
], $command);
Expand Down Expand Up @@ -435,7 +428,7 @@
'width' => 800,
'height' => 600,
],
'args' => [],
'args' => ['--chromium-deny-list=^file:(?!//\/tmp/).*'],
'type' => 'png',
],
], $command);
Expand All @@ -454,7 +447,7 @@
'width' => 800,
'height' => 600,
],
'args' => [],
'args' => ['--chromium-deny-list=^file:(?!//\/tmp/).*'],
'type' => 'png',
],
], $command);
Expand All @@ -475,7 +468,7 @@
'width' => 800,
'height' => 600,
],
'args' => [],
'args' => ['--chromium-deny-list=^file:(?!//\/tmp/).*'],
'type' => 'png',
],
], $command);
Expand All @@ -496,7 +489,7 @@
'width' => 800,
'height' => 600,
],
'args' => [],
'args' => ['--chromium-deny-list=^file:(?!//\/tmp/).*'],
'type' => 'png',
],
], $command);
Expand All @@ -517,7 +510,7 @@
'width' => 800,
'height' => 600,
],
'args' => [],
'args' => ['--chromium-deny-list=^file:(?!//\/tmp/).*'],
'type' => 'png',
],
], $command);
Expand Down Expand Up @@ -555,7 +548,7 @@
'width' => 800,
'height' => 600,
],
'args' => [],
'args' => ['--chromium-deny-list=^file:(?!//\/tmp/).*'],
'type' => 'png',
],
], $command);
Expand All @@ -576,7 +569,7 @@
'width' => 800,
'height' => 600,
],
'args' => [],
'args' => ['--chromium-deny-list=^file:(?!//\/tmp/).*'],
'type' => 'png',
],
], $command);
Expand Down Expand Up @@ -619,7 +612,7 @@
'width' => 800,
'height' => 600,
],
'args' => [],
'args' => ['--chromium-deny-list=^file:(?!//\/tmp/).*'],
'type' => 'png',
],
], $command);
Expand Down Expand Up @@ -647,7 +640,7 @@
'width' => 800,
'height' => 600,
],
'args' => [],
'args' => ['--chromium-deny-list=^file:(?!//\/tmp/).*'],
'type' => 'png',
],
], $command);
Expand All @@ -670,7 +663,7 @@
'width' => 800,
'height' => 600,
],
'args' => [],
'args' => ['--chromium-deny-list=^file:(?!//\/tmp/).*'],
'type' => 'png',
],
], $command);
Expand All @@ -691,7 +684,7 @@
'width' => 800,
'height' => 600,
],
'args' => [],
'args' => ['--chromium-deny-list=^file:(?!//\/tmp/).*'],
'type' => 'png',
],
], $command);
Expand All @@ -713,7 +706,7 @@
'width' => 800,
'height' => 600,
],
'args' => [],
'args' => ['--chromium-deny-list=^file:(?!//\/tmp/).*'],
'type' => 'png',
],
], $command);
Expand Down Expand Up @@ -753,7 +746,7 @@
'width' => 800,
'height' => 600,
],
'args' => [],
'args' => ['--chromium-deny-list=^file:(?!//\/tmp/).*'],
'type' => 'png',
],
], $command);
Expand Down Expand Up @@ -793,7 +786,7 @@
'width' => 800,
'height' => 600,
],
'args' => [],
'args' => ['--chromium-deny-list=^file:(?!//\/tmp/).*'],
'type' => 'png',
],
], $command);
Expand Down Expand Up @@ -832,7 +825,7 @@
'width' => 800,
'height' => 600,
],
'args' => [],
'args' => ['--chromium-deny-list=^file:(?!//\/tmp/).*'],
'type' => 'png',
],
], $command);
Expand All @@ -854,6 +847,7 @@
],
'args' => [
'--please-autoprefix-me',
'--chromium-deny-list=^file:(?!//\/tmp/).*',
],
'type' => 'png',
],
Expand Down Expand Up @@ -882,6 +876,7 @@
'--my-custom-arg',
'--another-argument=some-value',
'--yet-another-arg=foo',
'--chromium-deny-list=^file:(?!//\/tmp/).*',
],
'type' => 'png',
],
Expand All @@ -905,6 +900,7 @@
],
'args' => [
"--user-data-dir={$dataDir}",
'--chromium-deny-list=^file:(?!//\/tmp/).*',
],
'type' => 'png',
],
Expand All @@ -926,7 +922,7 @@
'width' => 800,
'height' => 600,
],
'args' => [],
'args' => ['--chromium-deny-list=^file:(?!//\/tmp/).*'],
'type' => 'png',
'env' => [
'TZ' => 'Pacific/Auckland',
Expand Down Expand Up @@ -967,7 +963,7 @@
'width' => 800,
'height' => 600,
],
'args' => [],
'args' => ['--chromium-deny-list=^file:(?!//\/tmp/).*'],
'type' => 'png',
'displayHeaderFooter' => false,
'contentUrl' => 'https://example.com',
Expand Down Expand Up @@ -1016,7 +1012,7 @@
'newHeadless' => true,
'type' => 'png',
'path' => 'screenshot.png',
'args' => [],
'args' => ['--chromium-deny-list=^file:(?!//\/tmp/).*'],
'viewport' => [
'width' => 800,
'height' => 600,
Expand Down
Loading

0 comments on commit 731244f

Please sign in to comment.