From 03fbadd3c4f0f171e3ad3e0810b6a41ec63aabf0 Mon Sep 17 00:00:00 2001
From: George McCandless <5fk7echy8@riseup.net>
Date: Mon, 30 Sep 2019 07:24:41 +0000
Subject: [PATCH] When clicking a link in a message viewed in HTML mode, if the
 link represents a data blob, launch a "Save File" dialog and write the file
 directly, rather than opening the link in an external browser.

---
 src/bitmessageqt/messageview.py | 40 ++++++++++++++++++++++-----------
 1 file changed, 27 insertions(+), 13 deletions(-)

diff --git a/src/bitmessageqt/messageview.py b/src/bitmessageqt/messageview.py
index 45f3a79a..8c7edcbe 100644
--- a/src/bitmessageqt/messageview.py
+++ b/src/bitmessageqt/messageview.py
@@ -5,6 +5,7 @@ src/bitmessageqt/messageview.py
 """
 
 from PyQt4 import QtCore, QtGui
+import re, base64
 
 from safehtmlparser import SafeHTMLParser
 
@@ -64,6 +65,9 @@ class MessageView(QtGui.QTextBrowser):
 
     def confirmURL(self, link):
         """Show a dialog requesting URL opening confirmation"""
+        link_str = link.toString()
+        datablob_re = r'^data:.*/.*;base64,.*'
+        datablob_match = re.match(datablob_re, link_str)
         if link.scheme() == "mailto":
             window = QtGui.QApplication.activeWindow()
             window.ui.lineEditTo.setText(link.path())
@@ -80,19 +84,29 @@ class MessageView(QtGui.QTextBrowser):
             )
             window.ui.textEditMessage.setFocus()
             return
-        reply = QtGui.QMessageBox.warning(
-            self,
-            QtGui.QApplication.translate(
-                "MessageView",
-                "Follow external link"),
-            QtGui.QApplication.translate(
-                "MessageView",
-                "The link \"%1\" will open in a browser. It may be a security risk, it could de-anonymise you"
-                " or download malicious data. Are you sure?").arg(unicode(link.toString())),
-            QtGui.QMessageBox.Yes,
-            QtGui.QMessageBox.No)
-        if reply == QtGui.QMessageBox.Yes:
-            QtGui.QDesktopServices.openUrl(link)
+        if datablob_match:
+            name = QtGui.QFileDialog.getSaveFileName(self, 'Save File')
+            if name:
+                f = open(name, 'wb')
+                data_begin_pos = re.finditer(";base64,", link_str).next()
+                data_b64 = link_str[data_begin_pos.span()[1]:]
+                data = base64.b64decode(data_b64)
+                f.write(data)
+                f.close()
+        else:
+            reply = QtGui.QMessageBox.warning(
+                self,
+                QtGui.QApplication.translate(
+                    "MessageView",
+                    "Follow external link"),
+                QtGui.QApplication.translate(
+                    "MessageView",
+                    "The link \"%1\" will open in a browser. It may be a security risk, it could de-anonymise you"
+                    " or download malicious data. Are you sure?").arg(unicode(link.toString())),
+                QtGui.QMessageBox.Yes,
+                QtGui.QMessageBox.No)
+            if reply == QtGui.QMessageBox.Yes:
+                QtGui.QDesktopServices.openUrl(link)
 
     def loadResource(self, restype, name):
         """