Merge pull request #251 from w3c/email-entries

check that the input text is not an email.

Author: ylafon

build.xml

@@ -38,6 +38,7 @@
         <available file="lib/commons-lang-2.6.jar"/>
         <available file="lib/commons-logging-1.1.3.jar"/>
         <available file="lib/commons-text-1.3.jar"/>
+        <available file="lib/commons-validator-1.6.jar"/>
         <available file="lib/velocity-1.7.jar"/>
         <available file="lib/xercesImpl-2.11.0.jar"/>
         <available file="lib/xml-apis-1.4.01.jar"/>
@@ -61,6 +62,7 @@
     <get dest="tmp/commons-lang-2.6.jar" src="https://repo1.maven.org/maven2/commons-lang/commons-lang/2.6/commons-lang-2.6.jar" usetimestamp="true"/>
     <get dest="tmp/commons-text-1.3.jar" src="https://repo1.maven.org/maven2/org/apache/commons/commons-text/1.3/commons-text-1.3.jar" usetimestamp="true"/>
     <get dest="tmp/commons-logging-1.1.3.jar" src="https://repo1.maven.org/maven2/commons-logging/commons-logging/1.1.3/commons-logging-1.1.3.jar" usetimestamp="true"/>
+    <get dest="tmp/commons-validator-1.6.jar" src="https://repo1.maven.org/maven2/commons-validator/commons-validator/1.6/commons-validator-1.6.jar" usetimestamp="true"/>
     <get dest="tmp/velocity-1.7.jar" src="https://repo1.maven.org/maven2/org/apache/velocity/velocity/1.7/velocity-1.7.jar" usetimestamp="true"/>
     <get dest="tmp/velocity-tools-2.0.jar" src="https://repo1.maven.org/maven2/org/apache/velocity/velocity-tools/2.0/velocity-tools-2.0.jar" usetimestamp="true"/>
     <get dest="tmp/xercesImpl-2.11.0.jar" src="https://repo1.maven.org/maven2/xerces/xercesImpl/2.11.0/xercesImpl-2.11.0.jar" usetimestamp="true"/>
@@ -78,6 +80,7 @@
     <copy file="tmp/commons-lang-2.6.jar" tofile="lib/commons-lang-2.6.jar"/>
     <copy file="tmp/commons-text-1.3.jar" tofile="lib/commons-text-1.3.jar"/>
     <copy file="tmp/commons-logging-1.1.3.jar" tofile="lib/commons-logging-1.1.3.jar"/>
+    <copy file="tmp/commons-validator-1.6.jar" tofile="lib/commons-validator-1.6.jar"/>
     <copy file="tmp/velocity-1.7.jar" tofile="lib/velocity-1.7.jar"/>
     <copy file="tmp/velocity-tools-2.0.jar" tofile="lib/velocity-tools-2.0.jar"/>
     <copy file="tmp/xercesImpl-2.11.0.jar" tofile="lib/xercesImpl-2.11.0.jar"/>

org/w3c/css/servlet/CssValidator.java

@@ -7,6 +7,7 @@
 
 package org.w3c.css.servlet;
 
+import org.apache.commons.validator.routines.EmailValidator;
 import org.w3c.css.css.CssParser;
 import org.w3c.css.css.DocumentParser;
 import org.w3c.css.css.StyleReport;
@@ -17,11 +18,14 @@
 import org.w3c.css.error.ErrorReport;
 import org.w3c.css.error.ErrorReportFactory;
 import org.w3c.css.index.IndexGenerator;
+import org.w3c.css.parser.CssError;
+import org.w3c.css.parser.Errors;
 import org.w3c.css.util.ApplContext;
 import org.w3c.css.util.Codecs;
 import org.w3c.css.util.CssVersion;
 import org.w3c.css.util.FakeFile;
 import org.w3c.css.util.HTTPURL;
+import org.w3c.css.util.InvalidParamException;
 import org.w3c.css.util.NVPair;
 import org.w3c.css.util.Utf8Properties;
 import org.w3c.css.util.Util;
@@ -367,65 +371,76 @@ public void doGet(HttpServletRequest req, HttpServletResponse res)
         // " (" + req.getRemoteAddr() + ") at " + (new Date()) );
 
         if (uri != null) {
-            // HTML document
-            try {
-                uri = HTTPURL.getURL(uri).toString(); // needed to be sure
-                // that it is a valid
-                // url
-                uri = uri.replaceAll(" ", "%20");
-                if (Util.checkURI(uri)) {
-                    DocumentParser URLparser = new DocumentParser(ac, uri);
-                    handleRequest(ac, res, uri, URLparser.getStyleSheet(), output,
-                            warningLevel, errorReport);
-                } else {
-                    res.setHeader("Rejected", "Requested URI Forbidden by Rule");
-                    handleError(res, ac, output, "Forbidden", new IOException(
-                            "URI Forbidden by rule"), false);
-                }
-            } catch (ProtocolException pex) {
-                if (Util.onDebug) {
-                    pex.printStackTrace();
+            // check for scammers
+            EmailValidator ev = EmailValidator.getInstance();
+            if (ev.isValid(uri)) {
+                handleScam(ac, uri, res, output, warningLevel, errorReport);
+            } else {
+                // HTML document
+                try {
+                    uri = HTTPURL.getURL(uri).toString(); // needed to be sure
+                    // that it is a valid
+                    // url
+                    uri = uri.replaceAll(" ", "%20");
+                    if (Util.checkURI(uri)) {
+                        DocumentParser URLparser = new DocumentParser(ac, uri);
+                        handleRequest(ac, res, uri, URLparser.getStyleSheet(), output,
+                                warningLevel, errorReport);
+                    } else {
+                        res.setHeader("Rejected", "Requested URI Forbidden by Rule");
+                        handleError(res, ac, output, "Forbidden", new IOException(
+                                "URI Forbidden by rule"), false);
+                    }
+                } catch (ProtocolException pex) {
+                    if (Util.onDebug) {
+                        pex.printStackTrace();
+                    }
+                    res.setHeader("WWW-Authenticate", pex.getMessage());
+                    res.sendError(HttpServletResponse.SC_UNAUTHORIZED);
+                } catch (Exception e) {
+                    handleError(res, ac, output, uri, e, true);
                 }
-                res.setHeader("WWW-Authenticate", pex.getMessage());
-                res.sendError(HttpServletResponse.SC_UNAUTHORIZED);
-            } catch (Exception e) {
-                handleError(res, ac, output, uri, e, true);
             }
         } else if (text != null) {
             String fileName = "TextArea";
             Util.verbose("- " + fileName + " Data -");
             Util.verbose(text);
             Util.verbose("- End of " + fileName + " Data");
-            InputStream is = new ByteArrayInputStream(text.getBytes());
-            fileName = "file://localhost/" + fileName;
+            EmailValidator ev = EmailValidator.getInstance();
+            if (ev.isValid(text)) {
+                handleScam(ac, text, res, output, warningLevel, errorReport);
+            } else {
+                InputStream is = new ByteArrayInputStream(text.getBytes());
+                fileName = "file://localhost/" + fileName;
 
-            try {
+                try {
 
-                if ("css".equals(type) || ("none".equals(type) && isCSS(text))) {
-                    // if CSS:
-                    parser = new StyleSheetParser();
-                    parser.parseStyleElement(ac, is, null, usermedium,
-                            new URL(fileName), 0);
+                    if ("css".equals(type) || ("none".equals(type) && isCSS(text))) {
+                        // if CSS:
+                        parser = new StyleSheetParser();
+                        parser.parseStyleElement(ac, is, null, usermedium,
+                                new URL(fileName), 0);
 
-                    handleRequest(ac, res, fileName, parser
-                            .getStyleSheet(), output, warningLevel, errorReport);
-                } else {
-                    // else, trying HTML
+                        handleRequest(ac, res, fileName, parser.getStyleSheet(),
+                                output, warningLevel, errorReport);
+                    } else {
+                        // else, trying HTML
 //                    HTMLParserStyleSheetHandler handler = new HTMLParserStyleSheetHandler(null, ac);
-                    TagSoupStyleSheetHandler handler = new TagSoupStyleSheetHandler(null, ac);
-                    handler.parse(is, fileName);
-
-                    handleRequest(ac, res, fileName, handler.getStyleSheet(), output,
-                            warningLevel, errorReport);
-                }
-            } catch (ProtocolException pex) {
-                if (Util.onDebug) {
-                    pex.printStackTrace();
+                        TagSoupStyleSheetHandler handler = new TagSoupStyleSheetHandler(null, ac);
+                        handler.parse(is, fileName);
+
+                        handleRequest(ac, res, fileName, handler.getStyleSheet(), output,
+                                warningLevel, errorReport);
+                    }
+                } catch (ProtocolException pex) {
+                    if (Util.onDebug) {
+                        pex.printStackTrace();
+                    }
+                    res.setHeader("WWW-Authenticate", pex.getMessage());
+                    res.sendError(HttpServletResponse.SC_UNAUTHORIZED);
+                } catch (Exception e) {
+                    handleError(res, ac, output, fileName, e, false);
                 }
-                res.setHeader("WWW-Authenticate", pex.getMessage());
-                res.sendError(HttpServletResponse.SC_UNAUTHORIZED);
-            } catch (Exception e) {
-                handleError(res, ac, output, fileName, e, false);
             }
         }
         Util.verbose("CssValidator: Request terminated.\n");
@@ -667,6 +682,12 @@ public void doPost(HttpServletRequest req, HttpServletResponse res)
             fileName = file.getName();
             Util.verbose("File : " + fileName);
         } else {
+            // check POSTED text for possible scam
+            EmailValidator ev = EmailValidator.getInstance();
+            if (ev.isValid(text)) {
+                handleScam(ac, text, res, output, warningLevel, errorReport);
+                return;
+            }
             ac.setFakeText(text);
             fileName = "TextArea";
             Util.verbose("- " + fileName + " Data -");
@@ -724,6 +745,27 @@ public void doPost(HttpServletRequest req, HttpServletResponse res)
         Util.verbose("CssValidator: Request terminated.\n");
     }
 
+    private void handleScam(ApplContext ac, String uri, HttpServletResponse res, String output,
+                            int warningLevel, boolean errorReport)
+            throws IOException {
+        // so it is an email and not a URL, do something clever.
+        String fileName = "email";
+        InputStream is = new ByteArrayInputStream("".getBytes());
+        fileName = "file://" + fileName;
+        try {
+            TagSoupStyleSheetHandler handler = new TagSoupStyleSheetHandler(null, ac);
+            handler.parse(is, fileName);
+            // add a warning
+            Errors e = new Errors();
+            e.addError(new CssError(new InvalidParamException("email", uri, ac)));
+            handler.getStyleSheet().addErrors(e);
+            handleRequest(ac, res, fileName, handler.getStyleSheet(), output,
+                    warningLevel, errorReport);
+        } catch (Exception e) {
+            handleError(res, ac, output, fileName, e, false);
+        }
+    }
+
     private void handleRequest(ApplContext ac, HttpServletResponse res,
                                String title, StyleSheet styleSheet,
                                String output, int warningLevel,

org/w3c/css/util/Messages.properties.en

@@ -444,3 +444,5 @@ error.invalidtype: Invalid type: \u201C%s\u201D
 error.typevaluemismatch: The value \u201C%s\u201D is incompatible with its type definition <\u201C%s\u201D>
 
 error.emptymedia: In CSS2, the media type in @media is mandatory
+
+error.email: email addresses cannot be validated by this tool, you might be scammed

org/w3c/css/util/Messages.properties.fr

@@ -465,3 +465,5 @@ error.invalidtype: Type invalide: \u201C%s\u201D
 error.typevaluemismatch: La valeur \u201C%s\u201D est incompatible avec sa définition de type <\u201C%s\u201D>
 
 error.emptymedia: En CSS2, l'indication du type de media dans la règle @media est ogligatoire
+
+error.email: Les adresses email ne peuvent être validées par cet outil, il est possible que vous soyez victime d'une escroquerie