From 0f6b50922ba046c89e448f93778f8bc8758efb45 Mon Sep 17 00:00:00 2001
From: Romain Deltour <rdeltour@gmail.com>
Date: Thu, 17 Nov 2022 01:35:57 +0100
Subject: [PATCH] feat: report 'file' URLs as errors

Report `file:` URLs as a new error RSC-030

Fixes #1270
---
 .../epubcheck/messages/DefaultSeverities.java |  3 ++-
 .../adobe/epubcheck/messages/MessageId.java   |  1 +
 .../com/adobe/epubcheck/ops/OPSHandler.java   |  5 -----
 .../org/w3c/epubcheck/url/URLChecker.java     |  6 ++++++
 .../messages/MessageBundle.properties         |  2 +-
 .../EPUB/content_001.xhtml                    |  2 +-
 .../file-url-in-css-error}/EPUB/nav.xhtml     |  0
 .../file-url-in-css-error/EPUB/package.opf    | 18 ++++++++++++++++
 .../file-url-in-css-error/EPUB/style.css      |  4 ++++
 .../META-INF/container.xml                    |  4 ++--
 .../files/file-url-in-css-error}/mimetype     |  0
 .../file-url-in-package-document-error.opf}   |  1 +
 .../file-url-in-xhtml-content-error.xhtml     | 12 +++++++++++
 .../epub3/03-resources/resources.feature      | 21 +++++++++++++++++++
 .../content-document-xhtml.feature            | 10 +--------
 15 files changed, 70 insertions(+), 19 deletions(-)
 rename src/test/resources/epub3/{06-content-document/files/content-xhtml-link-to-local-file-valid => 03-resources/files/file-url-in-css-error}/EPUB/content_001.xhtml (74%)
 rename src/test/resources/epub3/{06-content-document/files/content-xhtml-link-to-local-file-valid => 03-resources/files/file-url-in-css-error}/EPUB/nav.xhtml (100%)
 create mode 100644 src/test/resources/epub3/03-resources/files/file-url-in-css-error/EPUB/package.opf
 create mode 100644 src/test/resources/epub3/03-resources/files/file-url-in-css-error/EPUB/style.css
 rename src/test/resources/epub3/{06-content-document/files/content-xhtml-link-to-local-file-valid => 03-resources/files/file-url-in-css-error}/META-INF/container.xml (50%)
 rename src/test/resources/epub3/{06-content-document/files/content-xhtml-link-to-local-file-valid => 03-resources/files/file-url-in-css-error}/mimetype (100%)
 rename src/test/resources/epub3/{06-content-document/files/content-xhtml-link-to-local-file-valid/EPUB/package.opf => 03-resources/files/file-url-in-package-document-error.opf} (93%)
 create mode 100644 src/test/resources/epub3/03-resources/files/file-url-in-xhtml-content-error.xhtml

diff --git a/src/main/java/com/adobe/epubcheck/messages/DefaultSeverities.java b/src/main/java/com/adobe/epubcheck/messages/DefaultSeverities.java
index 77621f6d9..5b11ad34e 100644
--- a/src/main/java/com/adobe/epubcheck/messages/DefaultSeverities.java
+++ b/src/main/java/com/adobe/epubcheck/messages/DefaultSeverities.java
@@ -136,7 +136,7 @@ private void initialize()
     severities.put(MessageId.HTM_050, Severity.SUPPRESSED);
     severities.put(MessageId.HTM_051, Severity.WARNING);
     severities.put(MessageId.HTM_052, Severity.ERROR);
-    severities.put(MessageId.HTM_053, Severity.INFO);
+    severities.put(MessageId.HTM_053, Severity.SUPPRESSED);
     severities.put(MessageId.HTM_054, Severity.ERROR);
     severities.put(MessageId.HTM_055, Severity.WARNING);
     severities.put(MessageId.HTM_056, Severity.ERROR);
@@ -343,6 +343,7 @@ private void initialize()
     severities.put(MessageId.RSC_027, Severity.WARNING);
     severities.put(MessageId.RSC_028, Severity.ERROR);
     severities.put(MessageId.RSC_029, Severity.ERROR);
+    severities.put(MessageId.RSC_030, Severity.ERROR);
 
     // Scripting
     severities.put(MessageId.SCP_001, Severity.SUPPRESSED); // checking scripts is out of scope
diff --git a/src/main/java/com/adobe/epubcheck/messages/MessageId.java b/src/main/java/com/adobe/epubcheck/messages/MessageId.java
index 63e66921b..480cf6536 100644
--- a/src/main/java/com/adobe/epubcheck/messages/MessageId.java
+++ b/src/main/java/com/adobe/epubcheck/messages/MessageId.java
@@ -337,6 +337,7 @@ public enum MessageId implements Comparable<MessageId>
   RSC_027("RSC-027"),
   RSC_028("RSC-028"),
   RSC_029("RSC-029"),
+  RSC_030("RSC-030"),
 
   // Messages relating to scripting
   SCP_001("SCP-001"),
diff --git a/src/main/java/com/adobe/epubcheck/ops/OPSHandler.java b/src/main/java/com/adobe/epubcheck/ops/OPSHandler.java
index f2590e9f9..464417879 100755
--- a/src/main/java/com/adobe/epubcheck/ops/OPSHandler.java
+++ b/src/main/java/com/adobe/epubcheck/ops/OPSHandler.java
@@ -142,11 +142,6 @@ else if (".".equals(href))
     // If the URL was not properly parsed, return early
     if (url == null) return;
 
-    if ("file".equals(url.scheme()))
-    {
-      // FIXME next disallow file URLs
-      report.message(MessageId.HTM_053, location(), url);
-    }
     if (context.isRemote(url))
     {
       report.info(path, FeatureEnum.REFERENCE, href);
diff --git a/src/main/java/org/w3c/epubcheck/url/URLChecker.java b/src/main/java/org/w3c/epubcheck/url/URLChecker.java
index fb98e984a..3a4b18907 100644
--- a/src/main/java/org/w3c/epubcheck/url/URLChecker.java
+++ b/src/main/java/org/w3c/epubcheck/url/URLChecker.java
@@ -72,6 +72,12 @@ private URL resolveURL(String string, boolean isBase, EPUBLocation location)
     if (string == null) return null;
     try
     {
+      // Report file URLs
+      if (string.startsWith("file:"))
+      {
+        report.message(MessageId.RSC_030, location, string);
+      }
+
       // Collapse formatting whitespace in data URLs
       if (string.startsWith("data:"))
       {
diff --git a/src/main/resources/com/adobe/epubcheck/messages/MessageBundle.properties b/src/main/resources/com/adobe/epubcheck/messages/MessageBundle.properties
index 7a4250ef1..5024c9189 100644
--- a/src/main/resources/com/adobe/epubcheck/messages/MessageBundle.properties
+++ b/src/main/resources/com/adobe/epubcheck/messages/MessageBundle.properties
@@ -121,7 +121,6 @@ HTM_049_SUG=Add xmlns="http://www.w3.org/1999/xhtml" to the html element.
 HTM_050=Found epub:type="pagebreak" attribute in content document.
 HTM_051=Found Microdata semantic enrichments but no RDFa. EDUPUB recommends using RDFa Lite.
 HTM_052=The property "region-based" is only allowed on nav elements in Data Navigation Documents.
-HTM_053=Found an external file link (file://) in file: "%1$s".
 HTM_054=Custom attribute namespace ("%1$s") must not include the string "%2$s" in its domain.
 HTM_055=The "%1$s" element should not be used (discouraged construct)
 HTM_056=Viewport metadata has no "%1$s" dimension (both "width" and "height" properties are required)
@@ -353,6 +352,7 @@ RSC_026=URL "%1$s" leaks outside the container (it is not a valid-relative-ocf-U
 RSC_027=XML document is encoded in UTF-16. It should be encoded in UTF-8 instead.
 RSC_028=XML documents must be encoded in UTF-8, but %1%s was detected.
 RSC_029=Data URL is not allowed in this context.
+RSC_030=File URLs are not allowed in EPUB, but found "%1$s".
 
 #Scripting
 SCP_001=Use of Javascript eval() function in EPUB scripts is a security risk.
diff --git a/src/test/resources/epub3/06-content-document/files/content-xhtml-link-to-local-file-valid/EPUB/content_001.xhtml b/src/test/resources/epub3/03-resources/files/file-url-in-css-error/EPUB/content_001.xhtml
similarity index 74%
rename from src/test/resources/epub3/06-content-document/files/content-xhtml-link-to-local-file-valid/EPUB/content_001.xhtml
rename to src/test/resources/epub3/03-resources/files/file-url-in-css-error/EPUB/content_001.xhtml
index 1afb25bd0..bf2bf7f4d 100644
--- a/src/test/resources/epub3/06-content-document/files/content-xhtml-link-to-local-file-valid/EPUB/content_001.xhtml
+++ b/src/test/resources/epub3/03-resources/files/file-url-in-css-error/EPUB/content_001.xhtml
@@ -3,10 +3,10 @@
 	<head>
 		<meta charset="utf-8"/>
 		<title>Minimal EPUB</title>
+		<link type="text/css" rel="stylesheet" href="style.css" />
 	</head>
 	<body>
 		<h1>Loomings</h1>
 		<p>Call me Ishmael.</p>
-		<a class="external" href="file:///C:/path/file.pdf">link to local file</a>
 	</body>
 </html>
diff --git a/src/test/resources/epub3/06-content-document/files/content-xhtml-link-to-local-file-valid/EPUB/nav.xhtml b/src/test/resources/epub3/03-resources/files/file-url-in-css-error/EPUB/nav.xhtml
similarity index 100%
rename from src/test/resources/epub3/06-content-document/files/content-xhtml-link-to-local-file-valid/EPUB/nav.xhtml
rename to src/test/resources/epub3/03-resources/files/file-url-in-css-error/EPUB/nav.xhtml
diff --git a/src/test/resources/epub3/03-resources/files/file-url-in-css-error/EPUB/package.opf b/src/test/resources/epub3/03-resources/files/file-url-in-css-error/EPUB/package.opf
new file mode 100644
index 000000000..74d507771
--- /dev/null
+++ b/src/test/resources/epub3/03-resources/files/file-url-in-css-error/EPUB/package.opf
@@ -0,0 +1,18 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<package xmlns="http://www.idpf.org/2007/opf" version="3.0" xml:lang="en" unique-identifier="q">
+  <metadata xmlns:dc="http://purl.org/dc/elements/1.1/">
+    <dc:title id="title">Minimal EPUB 3.0</dc:title>
+    <dc:language>en</dc:language>
+    <dc:identifier id="q">NOID</dc:identifier>
+    <meta property="dcterms:modified">2017-06-14T00:00:01Z</meta>
+  </metadata>
+  <manifest>
+    <item id="content_001" href="content_001.xhtml" media-type="application/xhtml+xml"/>
+    <item id="nav" href="nav.xhtml" media-type="application/xhtml+xml" properties="nav"/>
+    <item id="css" href="style.css" media-type="text/css" properties="remote-resources"/>
+    <item id="font" href="file:///font.woff" media-type="font/woff"/>
+  </manifest>
+  <spine>
+    <itemref idref="content_001"/>
+  </spine>
+</package>
diff --git a/src/test/resources/epub3/03-resources/files/file-url-in-css-error/EPUB/style.css b/src/test/resources/epub3/03-resources/files/file-url-in-css-error/EPUB/style.css
new file mode 100644
index 000000000..e691f38b3
--- /dev/null
+++ b/src/test/resources/epub3/03-resources/files/file-url-in-css-error/EPUB/style.css
@@ -0,0 +1,4 @@
+@font-face {
+  font-family: "myfont";
+  src: url('file:/font.woff');
+}
\ No newline at end of file
diff --git a/src/test/resources/epub3/06-content-document/files/content-xhtml-link-to-local-file-valid/META-INF/container.xml b/src/test/resources/epub3/03-resources/files/file-url-in-css-error/META-INF/container.xml
similarity index 50%
rename from src/test/resources/epub3/06-content-document/files/content-xhtml-link-to-local-file-valid/META-INF/container.xml
rename to src/test/resources/epub3/03-resources/files/file-url-in-css-error/META-INF/container.xml
index 318782179..2ca12eff7 100644
--- a/src/test/resources/epub3/06-content-document/files/content-xhtml-link-to-local-file-valid/META-INF/container.xml
+++ b/src/test/resources/epub3/03-resources/files/file-url-in-css-error/META-INF/container.xml
@@ -1,5 +1,5 @@
-<?xml version="1.0" encoding="UTF-8" ?>
-<container version="1.0" xmlns="urn:oasis:names:tc:opendocument:xmlns:container">
+<?xml version="1.0" encoding="UTF-8"?>
+<container xmlns="urn:oasis:names:tc:opendocument:xmlns:container" version="1.0">
 	<rootfiles>
 		<rootfile full-path="EPUB/package.opf" media-type="application/oebps-package+xml"/>
 	</rootfiles>
diff --git a/src/test/resources/epub3/06-content-document/files/content-xhtml-link-to-local-file-valid/mimetype b/src/test/resources/epub3/03-resources/files/file-url-in-css-error/mimetype
similarity index 100%
rename from src/test/resources/epub3/06-content-document/files/content-xhtml-link-to-local-file-valid/mimetype
rename to src/test/resources/epub3/03-resources/files/file-url-in-css-error/mimetype
diff --git a/src/test/resources/epub3/06-content-document/files/content-xhtml-link-to-local-file-valid/EPUB/package.opf b/src/test/resources/epub3/03-resources/files/file-url-in-package-document-error.opf
similarity index 93%
rename from src/test/resources/epub3/06-content-document/files/content-xhtml-link-to-local-file-valid/EPUB/package.opf
rename to src/test/resources/epub3/03-resources/files/file-url-in-package-document-error.opf
index 0d1eec6e9..b6b3732f7 100644
--- a/src/test/resources/epub3/06-content-document/files/content-xhtml-link-to-local-file-valid/EPUB/package.opf
+++ b/src/test/resources/epub3/03-resources/files/file-url-in-package-document-error.opf
@@ -5,6 +5,7 @@
   <dc:language>en</dc:language>
   <dc:identifier id="q">NOID</dc:identifier>
   <meta property="dcterms:modified">2017-06-14T00:00:01Z</meta>
+  <link href="file:example" rel="acquire"/>
 </metadata>
 <manifest>
   <item id="content_001"  href="content_001.xhtml" media-type="application/xhtml+xml"/>
diff --git a/src/test/resources/epub3/03-resources/files/file-url-in-xhtml-content-error.xhtml b/src/test/resources/epub3/03-resources/files/file-url-in-xhtml-content-error.xhtml
new file mode 100644
index 000000000..bc75bc27d
--- /dev/null
+++ b/src/test/resources/epub3/03-resources/files/file-url-in-xhtml-content-error.xhtml
@@ -0,0 +1,12 @@
+<!DOCTYPE html>
+<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
+	<head>
+		<meta charset="utf-8"/>
+		<title>Minimal EPUB</title>
+	</head>
+	<body>
+		<h1>Loomings</h1>
+		<p>Call me Ishmael.</p>
+		<a href="file:example">file</a>
+	</body>
+</html>
diff --git a/src/test/resources/epub3/03-resources/resources.feature b/src/test/resources/epub3/03-resources/resources.feature
index 105f4efb2..16a8080b0 100644
--- a/src/test/resources/epub3/03-resources/resources.feature
+++ b/src/test/resources/epub3/03-resources/resources.feature
@@ -442,6 +442,27 @@
     Then error MED-003 is reported
     And no other errors or warnings are reported
 
+  ## 3.8 File URLs
+
+  @spec @xref:sec-file-urls
+  Scenario: Report a file URL used in the package document
+    When checking document 'file-url-in-package-document-error.opf'
+    Then error RSC-030 is reported
+    And no other errors or warnings are reported
+
+  @spec @xref:sec-file-urls
+  Scenario: Report a file URL used in a content document
+    When checking document 'file-url-in-xhtml-content-error.xhtml'
+    Then error RSC-030 is reported
+    And no other errors or warnings are reported
+
+  @spec @xref:sec-file-urls
+  Scenario: Report a file URL used in a CSS document
+    When checking EPUB 'file-url-in-css-error'
+    Then error RSC-030 is reported 2 times (one in the package doc, one in the CSS)
+    And no other errors or warnings are reported
+
+
   ## 3.9 XML conformance
 
   @spec @xref:sec-xml-constraints
diff --git a/src/test/resources/epub3/06-content-document/content-document-xhtml.feature b/src/test/resources/epub3/06-content-document/content-document-xhtml.feature
index e3e4cf17e..0fa079f9e 100644
--- a/src/test/resources/epub3/06-content-document/content-document-xhtml.feature
+++ b/src/test/resources/epub3/06-content-document/content-document-xhtml.feature
@@ -249,18 +249,10 @@ Feature: EPUB 3 — Content Documents — XHTML
 
   ####  hyperlinks
 
-  @spec @xref:sec-file-urls
-  Scenario: Report as an INFO a hyperlink to a resource in the local file system
-    See issue #289
-    When checking EPUB 'content-xhtml-link-to-local-file-valid'
-    Then info HTM-053 is reported
-    And no errors or warnings are reported
-
   Scenario: Do not report escaped hyperlinks to resources in the local file system
     See issue #1182
     When checking EPUB 'content-xhtml-link-to-local-file-escaped-valid'
-    Then info HTM-053 is reported 0 times
-    And no errors or warnings are reported
+    Then no errors or warnings are reported
     
   @spec @xref:sec-container-iri
   Scenario: Report a hyperlink to a resource missing from the publication