Message has safe link opening

Links in message body (if in HTML mode) now open, but it asks for a
confirmation in a dialog box.

Fixes #27

src/bitmessageqt/messageview.py

@@ -2,16 +2,21 @@ from PyQt4 import QtCore, QtGui
 
 from safehtmlparser import *
 
-class MessageView(QtGui.QTextEdit):
+class MessageView(QtGui.QTextBrowser):
     MODE_PLAIN = 0
     MODE_HTML = 1
     TEXT_PLAIN = "HTML detected, click here to display"
     TEXT_HTML = "Click here to disable HTML"
+    CONFIRM_TITLE = "Follow external link"
+    CONFIRM_TEXT = "The link \"%1\" will open in a browser. It may be a security risk, it could de-anonymise you or download malicious data. Are you sure?"
     
     def __init__(self, parent = 0):
         super(MessageView, self).__init__(parent)
         self.mode = MessageView.MODE_PLAIN 
         self.html = None
+        self.setOpenExternalLinks(False)
+        self.setOpenLinks(False)
+        self.anchorClicked.connect(self.confirmURL)
     
     def mousePressEvent(self, event):
         #text = textCursor.block().text()
@@ -23,17 +28,25 @@ class MessageView(QtGui.QTextEdit):
         else:
             super(MessageView, self).mousePressEvent(event)
             
+    def confirmURL(self, link):
+        reply = QtGui.QMessageBox.question(self,
+            QtGui.QApplication.translate(type(self).__name__, MessageView.CONFIRM_TITLE),
+            QtGui.QApplication.translate(type(self).__name__, MessageView.CONFIRM_TEXT).arg(str(link.toString())), 
+            QtGui.QMessageBox.Yes, QtGui.QMessageBox.No)
+        if reply == QtGui.QMessageBox.Yes:
+            QtGui.QDesktopServices.openUrl(link)
+
     def showPlain(self):
         self.mode = MessageView.MODE_PLAIN
         out = self.html.raw
         if self.html.has_html:
-            out = "<div align=\"center\" style=\"text-decoration: underline;\"><b>" + QtGui.QApplication.translate("MessageView", MessageView.TEXT_PLAIN) + "</b></div><br/>" + out
+            out = "<div align=\"center\" style=\"text-decoration: underline;\"><b>" + QtGui.QApplication.translate(type(self).__name__, MessageView.TEXT_PLAIN) + "</b></div><br/>" + out
         self.setHtml(QtCore.QString(out))
 
     def showHTML(self):
         self.mode = MessageView.MODE_HTML
         out = self.html.sanitised
-        out = "<div align=\"center\" style=\"text-decoration: underline;\"><b>" + QtGui.QApplication.translate("MessageView", MessageView.TEXT_HTML) + "</b></div><br/>" + out
+        out = "<div align=\"center\" style=\"text-decoration: underline;\"><b>" + QtGui.QApplication.translate(type(self).__name__, MessageView.TEXT_HTML) + "</b></div><br/>" + out
         self.setHtml(QtCore.QString(out))
 
     def setContent(self, data):

src/bitmessageqt/safehtmlparser.py

@@ -39,7 +39,9 @@ class SafeHTMLParser(HTMLParser):
             for attr in attrs:
                 if tag == "img" and attr[0] == "src" and not self.allow_picture:
                     attr[1] = ""
-                self.sanitised += " " + quote_plus(attr[0]) + "=\"" + attr[1] + "\""
+                self.sanitised += " " + quote_plus(attr[0])
+                if attr[1] is not None:
+                    self.sanitised += "=\"" + attr[1] + "\""
         if inspect.stack()[1][3] == "handle_startendtag":
             self.sanitised += "/"
         self.sanitised += ">"
@@ -53,7 +55,9 @@ class SafeHTMLParser(HTMLParser):
             for attr in attrs:
                 if tag == "img" and attr[0] == "src" and not self.allow_picture:
                     attr[1] = ""
-                self.raw += " " + attr[0] + "="" + attr[1] + """
+                self.raw += " " + attr[0]
+                if attr[1] is not None:
+                    self.raw + "="" + attr[1] + """
         if inspect.stack()[1][3] == "handle_startendtag":
             self.raw += "/"
         self.raw += ">"