implement dotenv loading for allowed domains
This commit is contained in:
+3
-1
@@ -672,4 +672,6 @@ fabric.properties
|
||||
|
||||
## ENVIRONMENT
|
||||
|
||||
.env
|
||||
.env
|
||||
lvenv
|
||||
wvenv
|
||||
@@ -1,3 +1,10 @@
|
||||
# sanigi-html
|
||||
|
||||
sanigi-html (esperanto for sanitize html) is a python tool which takes in HTML and sanitzies it for use with student webspaces
|
||||
sanigi-html (esperanto for sanitize html) is a python tool which takes in HTML and sanitzies it for use with student webspaces
|
||||
|
||||
.env spec:
|
||||
|
||||
```env
|
||||
ALLOWED_DOMAINS_IMG=images.example.org,cdn.example.com
|
||||
ALLOWED_DOMAINS_LINK=example.com
|
||||
```
|
||||
@@ -23,7 +23,7 @@ NOTE: That things which are in italic text are already implemented!
|
||||
- *img*
|
||||
- *link href*
|
||||
- *[x] add custom attribute filter function*
|
||||
- [] load dotenv (chore for profiles.py) ; do this someday when implementing JSON configs. Or dotenv stuff : PRIO:HIGH
|
||||
- *[x] load dotenv (chore for profiles.py) ; do this someday when implementing JSON configs. Or dotenv stuff : PRIO:HIGH*
|
||||
---
|
||||
|
||||
### Expland strict mode:
|
||||
|
||||
Binary file not shown.
+36
-6
@@ -4,10 +4,14 @@
|
||||
#
|
||||
# presets for sanitization of HTML
|
||||
#
|
||||
import re
|
||||
from dotenv import dotenv_values
|
||||
|
||||
import os
|
||||
from dotenv import load_dotenv
|
||||
from urllib.parse import urlparse
|
||||
|
||||
# loadenv init
|
||||
load_dotenv()
|
||||
|
||||
def is_safe_url(url : str, allowed_domain=None, allow_relative : bool = True) -> bool:
|
||||
"""
|
||||
Determine wether or not a URL is safe or not.
|
||||
@@ -48,6 +52,21 @@ def create_url_filter(allowed_attrs, allowed_domains=None, allow_relative=True):
|
||||
return value
|
||||
return filter_func
|
||||
|
||||
def get_domains(variable):
|
||||
value = os.getenv(variable, "")
|
||||
return [
|
||||
# return a list of domains, and split by comma
|
||||
d.strip() for d in value.split(",") if d.strip()
|
||||
]
|
||||
|
||||
# Setup any .env variables for python to use
|
||||
|
||||
allow_relative = os.getenv("ALLOW_RELATIVE_URLS", "true").lower() == "true"
|
||||
|
||||
allowed_domains_default = get_domains("ALLOWED_DOMAINS")
|
||||
allowed_domains_img = get_domains("ALLOWED_DOMAINS_IMG") or allowed_domains_default
|
||||
allowed_domains_link = get_domains("ALLOWED_DOMAINS_LINK") or allowed_domains_default
|
||||
|
||||
STRICT = {
|
||||
"tags" : [
|
||||
"p", "b", "i", "u", "em", "strong",
|
||||
@@ -56,10 +75,21 @@ STRICT = {
|
||||
"h1", "h2", "h3", "h4", "h5", "h6"
|
||||
],
|
||||
"attributes": {
|
||||
# TODO: add loading dotenv variables
|
||||
"a": create_url_filter(["href"], allowed_domains=[], allow_relative=True),
|
||||
"img" : create_url_filter(["src", "alt"], allowed_domains=[], allow_relative=True),
|
||||
"link" : create_url_filter(["href"], allowed_domains=[], allow_relative=True),
|
||||
"a": create_url_filter(
|
||||
["href"],
|
||||
allowed_domains=allowed_domains_link,
|
||||
allow_relative=allow_relative
|
||||
),
|
||||
"img": create_url_filter(
|
||||
["src", "alt"],
|
||||
allowed_domains=allowed_domains_img,
|
||||
allow_relative=allow_relative
|
||||
),
|
||||
"link": create_url_filter(
|
||||
["href"],
|
||||
allowed_domains=allowed_domains_default,
|
||||
allow_relative=allow_relative
|
||||
),
|
||||
},
|
||||
"protocols": [],
|
||||
"strip": True,
|
||||
|
||||
Reference in New Issue
Block a user