Merge pull request #486 from syjer/444-batik-use-useragentcallback

svg backend: use openhtmltopdf UserAgentCallback for fetching external resources, fixes #444

openhtmltopdf-core/src/main/java/com/openhtmltopdf/extend/SVGDrawer.java

@@ -12,18 +12,20 @@
 import com.openhtmltopdf.render.RenderingContext;
 
 public interface SVGDrawer extends Closeable {
-    public void importFontFaceRules(List<FontFaceRule> fontFaces,
+    void importFontFaceRules(List<FontFaceRule> fontFaces,
             SharedContext shared);
 
-    public SVGImage buildSVGImage(Element svgElement, Box box, CssContext cssContext, double cssWidth,
+    SVGImage buildSVGImage(Element svgElement, Box box, CssContext cssContext, double cssWidth,
             double cssHeight, double dotsPerPixel);
 
-    public static interface SVGImage {
-        public int getIntrinsicWidth();
+    default void withUserAgent(UserAgentCallback userAgentCallback) {}
 
-        public int getIntrinsicHeight();
+    interface SVGImage {
+        int getIntrinsicWidth();
 
-        public void drawSVG(OutputDevice outputDevice, RenderingContext ctx,
+        int getIntrinsicHeight();
+
+        void drawSVG(OutputDevice outputDevice, RenderingContext ctx,
                 double x, double y);
     }
 }

openhtmltopdf-examples/src/main/resources/visualtest/html/svg-custom-protocol.html

@@ -0,0 +1,19 @@
+<html>
+<head>
+<style>
+@page  {
+    size: 40px 40px;
+    margin: 0;
+    padding:0;
+}
+</style>
+</head>
+<body>
+<svg xmlns="http://www.w3.org/2000/svg"
+     xmlns:xlink="http://www.w3.org/1999/xlink"
+     width="18"
+     height="18">
+    <use xlink:href="custom:/solid.svg#icon-1" width="18" height="18" fill="red" />
+</svg>
+</body>
+</html>

openhtmltopdf-examples/src/main/resources/visualtest/html/svg-external-file-load-blocked.html

@@ -0,0 +1,19 @@
+<html>
+<head>
+<style>
+@page  {
+    size: 40px 40px;
+    margin: 0;
+    padding:0;
+}
+</style>
+</head>
+<body>
+<svg xmlns="http://www.w3.org/2000/svg"
+     xmlns:xlink="http://www.w3.org/1999/xlink"
+     width="18"
+     height="18">
+    <use xlink:href="solid.svg#icon-1" width="18" height="18" fill="red" />
+</svg>
+</body>
+</html>

openhtmltopdf-examples/src/main/resources/visualtest/html/svg-external-file-whitelist-file-protocol.html

@@ -0,0 +1,19 @@
+<html>
+<head>
+<style>
+@page  {
+    size: 40px 40px;
+    margin: 0;
+    padding:0;
+}
+</style>
+</head>
+<body>
+<svg xmlns="http://www.w3.org/2000/svg"
+     xmlns:xlink="http://www.w3.org/1999/xlink"
+     width="18"
+     height="18">
+    <use xlink:href="solid.svg#icon-1" width="18" height="18" fill="red" />
+</svg>
+</body>
+</html>

openhtmltopdf-examples/src/test/java/com/openhtmltopdf/visualregressiontests/VisualRegressionTest.java

@@ -1,8 +1,13 @@
 package com.openhtmltopdf.visualregressiontests;
 
-import java.io.File;
+import java.io.*;
+
 import static org.junit.Assert.assertTrue;
-import java.io.IOException;
+
+import java.nio.charset.StandardCharsets;
+import java.util.Collections;
+
+import com.openhtmltopdf.extend.FSStream;
 import org.junit.Before;
 import org.junit.Ignore;
 import org.junit.Test;
@@ -1118,6 +1123,37 @@ public void testIssue484ImgSrcDataImageSvgBase64() throws IOException {
         assertTrue(vt.runTest("issue-484-data-image-svg-xml-base64", TestSupport.WITH_SVG));
     }
 
+
+    @Test
+    public void testSVGLoadBlocked() throws IOException {
+        assertTrue(vt.runTest("svg-external-file-load-blocked", TestSupport.WITH_SVG));
+    }
+
+    @Test
+    public void testSVGLoadWhiteListFileProtocol() throws IOException {
+        assertTrue(vt.runTest("svg-external-file-whitelist-file-protocol",
+                (builder) -> builder.useSVGDrawer(new BatikSVGDrawer(SvgScriptMode.SECURE, Collections.singleton("file")))));
+    }
+
+    @Test
+    public void testSVGLoadCustomProtocol() throws IOException {
+        assertTrue(vt.runTest("svg-custom-protocol", (builder -> {
+            builder.useProtocolsStreamImplementation(url -> new FSStream() {
+
+                @Override
+                public InputStream getStream() {
+                    return new ByteArrayInputStream("<svg xmlns=\"http://www.w3.org/2000/svg\" height=\"10\" width=\"10\"><circle id=\"icon-1\" cx=\"5\" cy=\"5\" r=\"4\" stroke=\"black\" stroke-width=\"1\" fill=\"green\" /></svg>".getBytes(StandardCharsets.UTF_8));
+                }
+
+                @Override
+                public Reader getReader() {
+                    return new InputStreamReader(getStream(), StandardCharsets.UTF_8);
+                }
+            }, "custom");
+            builder.useSVGDrawer(new BatikSVGDrawer(SvgScriptMode.SECURE, Collections.singleton("custom")));
+        })));
+    }
+
     // TODO:
     // + Elements that appear just on generated overflow pages.
     // + content property (page counters, etc)

openhtmltopdf-pdfbox/src/main/java/com/openhtmltopdf/pdfboxout/PdfBoxRenderer.java

@@ -163,6 +163,10 @@ public class PdfBoxRenderer implements Closeable, PageSupplier {
 
         PdfBoxUserAgent userAgent = new PdfBoxUserAgent(_outputDevice);
 
+        if (_svgImpl != null) {
+            _svgImpl.withUserAgent(userAgent);
+        }
+
         userAgent.setProtocolsStreamFactory(state._streamFactoryMap);
 
         if (state._resolver != null) {

openhtmltopdf-svg-support/src/main/java/com/openhtmltopdf/svgsupport/BatikSVGDrawer.java

@@ -1,8 +1,11 @@
 package com.openhtmltopdf.svgsupport;
 
 import java.io.IOException;
+import java.util.Collections;
 import java.util.List;
+import java.util.Set;
 
+import com.openhtmltopdf.extend.UserAgentCallback;
 import org.w3c.dom.Element;
 
 import com.openhtmltopdf.css.sheet.FontFaceRule;
@@ -14,16 +17,18 @@
 import com.openhtmltopdf.svgsupport.PDFTranscoder.OpenHtmlFontResolver;
 
 public class BatikSVGDrawer implements SVGDrawer {
+    private final Set<String> allowedProtocols;
     public OpenHtmlFontResolver fontResolver;
     private final boolean allowScripts;
     private final boolean allowExternalResources;
+    private UserAgentCallback userAgentCallback;
 
-    public static enum SvgScriptMode {
+    public enum SvgScriptMode {
         SECURE,
         INSECURE_ALLOW_SCRIPTS;
     }
 
-    public static enum SvgExternalResourceMode {
+    public enum SvgExternalResourceMode {
         SECURE,
         INSECURE_ALLOW_EXTERNAL_RESOURCE_REQUESTS;
     }
@@ -40,6 +45,20 @@ public static enum SvgExternalResourceMode {
     public BatikSVGDrawer(SvgScriptMode scriptMode, SvgExternalResourceMode externalResourceMode) {
         this.allowScripts = scriptMode == SvgScriptMode.INSECURE_ALLOW_SCRIPTS;
         this.allowExternalResources = externalResourceMode == SvgExternalResourceMode.INSECURE_ALLOW_EXTERNAL_RESOURCE_REQUESTS;
+        this.allowedProtocols = null;
+    }
+
+    /**
+     * Creates a <code>SVGDrawer</code> that can allow arbitary scripts to run and allow the loading of
+     * external resources with the specified protocols.
+     *
+     * @param scriptMode
+     * @param allowedProtocols
+     */
+    public BatikSVGDrawer(SvgScriptMode scriptMode, Set<String> allowedProtocols) {
+        this.allowScripts = scriptMode == SvgScriptMode.INSECURE_ALLOW_SCRIPTS;
+        this.allowExternalResources = false;
+        this.allowedProtocols = Collections.unmodifiableSet(allowedProtocols);
     }
 
     /**
@@ -59,6 +78,11 @@ public void importFontFaceRules(List<FontFaceRule> fontFaces,
         this.fontResolver.importFontFaces(fontFaces, shared);
     }
 
+    @Override
+    public void withUserAgent(UserAgentCallback userAgentCallback) {
+        this.userAgentCallback = userAgentCallback;
+    }
+
     @Override
     public SVGImage buildSVGImage(Element svgElement, Box box, CssContext c,
     		double cssWidth, double cssHeight, double dotsPerPixel) {
@@ -69,7 +93,8 @@ public SVGImage buildSVGImage(Element svgElement, Box box, CssContext c,
         BatikSVGImage img = new BatikSVGImage(svgElement, box, cssWidth, cssHeight,
                 cssMaxWidth, cssMaxHeight, dotsPerPixel);
         img.setFontResolver(fontResolver);
-        img.setSecurityOptions(allowScripts, allowExternalResources);
+        img.setUserAgentCallback(userAgentCallback);
+        img.setSecurityOptions(allowScripts, allowExternalResources, allowedProtocols);
         return img;
     }
 

openhtmltopdf-svg-support/src/main/java/com/openhtmltopdf/svgsupport/BatikSVGImage.java

@@ -1,8 +1,10 @@
 package com.openhtmltopdf.svgsupport;
 
 import java.awt.Point;
+import java.util.Set;
 import java.util.logging.Level;
 
+import com.openhtmltopdf.extend.UserAgentCallback;
 import org.apache.batik.anim.dom.SVGDOMImplementation;
 import org.apache.batik.transcoder.SVGAbstractTranscoder;
 import org.apache.batik.transcoder.TranscoderException;
@@ -28,6 +30,7 @@ public class BatikSVGImage implements SVGImage {
     private final double dotsPerPixel;
     private OpenHtmlFontResolver fontResolver;
     private final PDFTranscoder pdfTranscoder;
+    private UserAgentCallback userAgentCallback;
 
     public BatikSVGImage(Element svgElement, Box box, double cssWidth, double cssHeight,
             double cssMaxWidth, double cssMaxHeight, double dotsPerPixel) {
@@ -98,10 +101,14 @@ public void setFontResolver(OpenHtmlFontResolver fontResolver) {
         this.fontResolver = fontResolver;
     }
 
-    public void setSecurityOptions(boolean allowScripts, boolean allowExternalResources) {
-        this.pdfTranscoder.setSecurityOptions(allowScripts, allowExternalResources);
+    public void setSecurityOptions(boolean allowScripts, boolean allowExternalResources, Set<String> allowedProtocols) {
+        this.pdfTranscoder.setSecurityOptions(allowScripts, allowExternalResources, allowedProtocols);
         this.pdfTranscoder.addTranscodingHint(SVGAbstractTranscoder.KEY_EXECUTE_ONLOAD, allowScripts);
     }
+
+    public void setUserAgentCallback(UserAgentCallback userAgentCallback) {
+        this.userAgentCallback = userAgentCallback;
+    }
 
     public Integer parseLength(String attrValue) {
         // TODO read length with units and convert to dots.
@@ -159,7 +166,7 @@ public void drawSVG(OutputDevice outputDevice, RenderingContext ctx,
         }
 
         pdfTranscoder.setRenderingParameters(outputDevice, ctx, x, y,
-                fontResolver);
+                fontResolver, userAgentCallback);
 
         try {
             DOMImplementation impl = SVGDOMImplementation

openhtmltopdf-svg-support/src/main/java/com/openhtmltopdf/svgsupport/OpenHtmlDocumentLoader.java

@@ -0,0 +1,40 @@
+package com.openhtmltopdf.svgsupport;
+
+import com.openhtmltopdf.extend.UserAgentCallback;
+import com.openhtmltopdf.util.XRLog;
+import org.apache.batik.bridge.DocumentLoader;
+import org.apache.batik.bridge.UserAgent;
+import org.w3c.dom.Document;
+
+import java.io.ByteArrayInputStream;
+import java.io.IOException;
+import java.net.URI;
+import java.net.URISyntaxException;
+
+public class OpenHtmlDocumentLoader extends DocumentLoader {
+
+    private final UserAgentCallback userAgentCallback;
+
+    public OpenHtmlDocumentLoader(UserAgent userAgent, UserAgentCallback userAgentCallback) {
+        super(userAgent);
+        this.userAgentCallback = userAgentCallback;
+    }
+
+
+    @Override
+    public Document loadDocument(String uri) throws IOException {
+        try {
+            // special handling of relative uri in case of file protocol, we receive something like "file:file.svg"
+            // The path will be null, but the scheme specific part will be not null
+            URI parsedURI = new URI(uri);
+            if ("file".equals(parsedURI.getScheme()) && parsedURI.getPath() == null && parsedURI.getSchemeSpecificPart() != null) {
+                uri = userAgentCallback.resolveURI(parsedURI.getSchemeSpecificPart());
+            } else if (!parsedURI.isAbsolute()) {
+                uri = userAgentCallback.resolveURI(uri);
+            }
+        } catch (URISyntaxException uriSyntaxException) {
+            XRLog.exception("URI syntax exception while loading external svg resource: " + uri, uriSyntaxException);
+        }
+        return super.loadDocument(uri, new ByteArrayInputStream(userAgentCallback.getBinaryResource(uri)));
+    }
+}

openhtmltopdf-svg-support/src/main/java/com/openhtmltopdf/svgsupport/OpenHtmlUserAgent.java

@@ -7,16 +7,20 @@
 import com.openhtmltopdf.svgsupport.PDFTranscoder.OpenHtmlFontResolver;
 import com.openhtmltopdf.util.XRLog;
 
+import java.util.Set;
+
 public class OpenHtmlUserAgent extends UserAgentAdapter {
 
 	private final OpenHtmlFontResolver resolver;
     private final boolean allowScripts;
     private final boolean allowExternalResources;
+    private final Set<String> allowedProtocols;
 
-	public OpenHtmlUserAgent(OpenHtmlFontResolver resolver, boolean allowScripts, boolean allowExternalResources) {
+    public OpenHtmlUserAgent(OpenHtmlFontResolver resolver, boolean allowScripts, boolean allowExternalResources, Set<String> allowedProtocols) {
 		this.resolver = resolver;
         this.allowScripts = allowScripts;
         this.allowExternalResources = allowExternalResources;
+        this.allowedProtocols = allowedProtocols;
 	}
 
 	@Override
@@ -34,7 +38,7 @@ public void checkLoadScript(String scriptType, ParsedURL scriptURL, ParsedURL do
 
     @Override
     public void checkLoadExternalResource(ParsedURL resourceURL, ParsedURL docURL) throws SecurityException {
-        if (!this.allowExternalResources) {
+        if (!this.allowExternalResources && (allowedProtocols == null || !allowedProtocols.contains(resourceURL.getProtocol()))) {
             XRLog.exception("Tried to fetch external resource from SVG. Refusing. Details: " + resourceURL + ", " + docURL);
             throw new SecurityException("Tried to fetch external resource (" + resourceURL + ") from SVG. Refused!");
         }