core, ui: safe mode to sanitize URIs when sending (#6196)

* core: safe mode to sanitize URIs when sending * ui: use safe sanitize when sending
2026-04-25 18:32:17 +00:00 · 2025-08-18 12:58:10 +01:00
parent 28a0959d96
commit dc3dcd4fc8
13 changed files with 80 additions and 48 deletions
--- a/apps/multiplatform/common/src/commonMain/cpp/android/simplex-api.c
+++ b/apps/multiplatform/common/src/commonMain/cpp/android/simplex-api.c
@@ -64,7 +64,7 @@ extern char *chat_recv_msg(chat_ctrl ctrl); // deprecated
 extern char *chat_recv_msg_wait(chat_ctrl ctrl, const int wait);
 extern char *chat_parse_markdown(const char *str);
 extern char *chat_parse_server(const char *str);
-extern char *chat_parse_uri(const char *str);
+extern char *chat_parse_uri(const char *str, const int safe);
 extern char *chat_password_hash(const char *pwd, const char *salt);
 extern char *chat_valid_name(const char *name);
 extern int chat_json_length(const char *str);
@@ -148,9 +148,9 @@ Java_chat_simplex_common_platform_CoreKt_chatParseServer(JNIEnv *env, __unused j
 }

 JNIEXPORT jstring JNICALL
-Java_chat_simplex_common_platform_CoreKt_chatParseUri(JNIEnv *env, __unused jclass clazz, jstring str) {
+Java_chat_simplex_common_platform_CoreKt_chatParseUri(JNIEnv *env, __unused jclass clazz, jstring str, jint safe) {
    const char *_str = (*env)->GetStringUTFChars(env, str, JNI_FALSE);
-    jstring res = (*env)->NewStringUTF(env, chat_parse_uri(_str));
+    jstring res = (*env)->NewStringUTF(env, chat_parse_uri(_str, safe));
    (*env)->ReleaseStringUTFChars(env, str, _str);
    return res;
 }
--- a/apps/multiplatform/common/src/commonMain/cpp/desktop/simplex-api.c
+++ b/apps/multiplatform/common/src/commonMain/cpp/desktop/simplex-api.c
@@ -37,7 +37,7 @@ extern char *chat_recv_msg(chat_ctrl ctrl); // deprecated
 extern char *chat_recv_msg_wait(chat_ctrl ctrl, const int wait);
 extern char *chat_parse_markdown(const char *str);
 extern char *chat_parse_server(const char *str);
-extern char *chat_parse_uri(const char *str);
+extern char *chat_parse_uri(const char *str, const int safe);
 extern char *chat_password_hash(const char *pwd, const char *salt);
 extern char *chat_valid_name(const char *name);
 extern int chat_json_length(const char *str);
@@ -158,9 +158,9 @@ Java_chat_simplex_common_platform_CoreKt_chatParseServer(JNIEnv *env, jclass cla
 }

 JNIEXPORT jstring JNICALL
-Java_chat_simplex_common_platform_CoreKt_chatParseUri(JNIEnv *env, jclass clazz, jstring str) {
+Java_chat_simplex_common_platform_CoreKt_chatParseUri(JNIEnv *env, jclass clazz, jstring str, jint safe) {
    const char *_str = encode_to_utf8_chars(env, str);
-    jstring res = decode_to_utf8_string(env, chat_parse_uri(_str));
+    jstring res = decode_to_utf8_string(env, chat_parse_uri(_str, safe));
    (*env)->ReleaseStringUTFChars(env, str, _str);
    return res;
 }
--- a/apps/multiplatform/common/src/commonMain/kotlin/chat/simplex/common/model/SimpleXAPI.kt
+++ b/apps/multiplatform/common/src/commonMain/kotlin/chat/simplex/common/model/SimpleXAPI.kt
@@ -4634,8 +4634,8 @@ data class ParsedServerAddress (
  var parseError: String
 )

-fun parseSanitizeUri(s: String): ParsedUri? {
-  val parsed = chatParseUri(s)
+fun parseSanitizeUri(s: String, safe: Boolean): ParsedUri? {
+  val parsed = chatParseUri(s, if (safe) 1 else 0)
  return runCatching { json.decodeFromString(ParsedUri.serializer(), parsed) }
    .onFailure { Log.d(TAG, "parseSanitizeUri decode error: $it") }
    .getOrNull()
--- a/apps/multiplatform/common/src/commonMain/kotlin/chat/simplex/common/platform/Core.kt
+++ b/apps/multiplatform/common/src/commonMain/kotlin/chat/simplex/common/platform/Core.kt
@@ -28,7 +28,7 @@ external fun chatRecvMsg(ctrl: ChatCtrl): String
 external fun chatRecvMsgWait(ctrl: ChatCtrl, timeout: Int): String
 external fun chatParseMarkdown(str: String): String
 external fun chatParseServer(str: String): String
-external fun chatParseUri(str: String): String
+external fun chatParseUri(str: String, safe: Int): String
 external fun chatPasswordHash(pwd: String, salt: String): String
 external fun chatValidName(name: String): String
 external fun chatJsonLength(str: String): Int
--- a/apps/multiplatform/common/src/commonMain/kotlin/chat/simplex/common/views/chat/ComposeView.kt
+++ b/apps/multiplatform/common/src/commonMain/kotlin/chat/simplex/common/views/chat/ComposeView.kt
@@ -876,7 +876,7 @@ fun ComposeView(
      var updated = ft
      when(ft.format) {
        is Format.Uri -> {
-          val sanitized = parseSanitizeUri(ft.text)?.uriInfo?.sanitized
+          val sanitized = parseSanitizeUri(ft.text, safe = true)?.uriInfo?.sanitized
          if (sanitized != null) {
            updated = FormattedText(text = sanitized, format = Format.Uri())
            pos += updated.text.count()
@@ -884,7 +884,7 @@ fun ComposeView(
          }
        }
        is Format.HyperLink -> {
-          val sanitized = parseSanitizeUri(ft.format.linkUri)?.uriInfo?.sanitized
+          val sanitized = parseSanitizeUri(ft.format.linkUri, safe = true)?.uriInfo?.sanitized
          if (sanitized != null) {
            val updatedText = if (ft.format.showText == null) sanitized else "[${ft.format.showText}]($sanitized)"
            updated = FormattedText(text = updatedText, format = Format.HyperLink(showText = ft.format.showText, linkUri = sanitized))
--- a/apps/multiplatform/common/src/commonMain/kotlin/chat/simplex/common/views/chat/item/TextItemView.kt
+++ b/apps/multiplatform/common/src/commonMain/kotlin/chat/simplex/common/views/chat/item/TextItemView.kt
@@ -427,7 +427,7 @@ fun showInvalidLinkAlert(uri: String, error: String? = null) {
 }

 fun sanitizeUri(s: String): Pair<Pair<Boolean, String?>?, String?> {
-  val parsed = parseSanitizeUri(s)
+  val parsed = parseSanitizeUri(s, safe = false)
  return if (parsed?.uriInfo != null) {
    (true to parsed.uriInfo.sanitized) to null
  } else {