diff --git a/.gitignore b/.gitignore index e301605..37b09be 100644 --- a/.gitignore +++ b/.gitignore @@ -672,4 +672,6 @@ fabric.properties ## ENVIRONMENT -.env \ No newline at end of file +.env +lvenv +wvenv \ No newline at end of file diff --git a/README.md b/README.md index 85f0df4..25d64f7 100644 --- a/README.md +++ b/README.md @@ -1,3 +1,10 @@ # sanigi-html -sanigi-html (esperanto for sanitize html) is a python tool which takes in HTML and sanitzies it for use with student webspaces \ No newline at end of file +sanigi-html (esperanto for sanitize html) is a python tool which takes in HTML and sanitzies it for use with student webspaces + +.env spec: + +```env +ALLOWED_DOMAINS_IMG=images.example.org,cdn.example.com +ALLOWED_DOMAINS_LINK=example.com +``` \ No newline at end of file diff --git a/TODO.md b/TODO.md index 752ecda..0810bfb 100644 --- a/TODO.md +++ b/TODO.md @@ -23,7 +23,7 @@ NOTE: That things which are in italic text are already implemented! - *img* - *link href* - *[x] add custom attribute filter function* -- [] load dotenv (chore for profiles.py) ; do this someday when implementing JSON configs. Or dotenv stuff : PRIO:HIGH +- *[x] load dotenv (chore for profiles.py) ; do this someday when implementing JSON configs. Or dotenv stuff : PRIO:HIGH* --- ### Expland strict mode: diff --git a/requirements.txt b/requirements.txt index 70f79ef..1f4218f 100644 Binary files a/requirements.txt and b/requirements.txt differ diff --git a/src/profiles.py b/src/profiles.py index 4a0c6b5..64aceb8 100644 --- a/src/profiles.py +++ b/src/profiles.py @@ -4,10 +4,14 @@ # # presets for sanitization of HTML # -import re -from dotenv import dotenv_values + +import os +from dotenv import load_dotenv from urllib.parse import urlparse +# loadenv init +load_dotenv() + def is_safe_url(url : str, allowed_domain=None, allow_relative : bool = True) -> bool: """ Determine wether or not a URL is safe or not. @@ -48,6 +52,21 @@ def create_url_filter(allowed_attrs, allowed_domains=None, allow_relative=True): return value return filter_func +def get_domains(variable): + value = os.getenv(variable, "") + return [ + # return a list of domains, and split by comma + d.strip() for d in value.split(",") if d.strip() + ] + +# Setup any .env variables for python to use + +allow_relative = os.getenv("ALLOW_RELATIVE_URLS", "true").lower() == "true" + +allowed_domains_default = get_domains("ALLOWED_DOMAINS") +allowed_domains_img = get_domains("ALLOWED_DOMAINS_IMG") or allowed_domains_default +allowed_domains_link = get_domains("ALLOWED_DOMAINS_LINK") or allowed_domains_default + STRICT = { "tags" : [ "p", "b", "i", "u", "em", "strong", @@ -56,10 +75,21 @@ STRICT = { "h1", "h2", "h3", "h4", "h5", "h6" ], "attributes": { - # TODO: add loading dotenv variables - "a": create_url_filter(["href"], allowed_domains=[], allow_relative=True), - "img" : create_url_filter(["src", "alt"], allowed_domains=[], allow_relative=True), - "link" : create_url_filter(["href"], allowed_domains=[], allow_relative=True), + "a": create_url_filter( + ["href"], + allowed_domains=allowed_domains_link, + allow_relative=allow_relative + ), + "img": create_url_filter( + ["src", "alt"], + allowed_domains=allowed_domains_img, + allow_relative=allow_relative + ), + "link": create_url_filter( + ["href"], + allowed_domains=allowed_domains_default, + allow_relative=allow_relative + ), }, "protocols": [], "strip": True,