implement dotenv loading for allowed domains
This commit is contained in:
+3
-1
@@ -672,4 +672,6 @@ fabric.properties
|
|||||||
|
|
||||||
## ENVIRONMENT
|
## ENVIRONMENT
|
||||||
|
|
||||||
.env
|
.env
|
||||||
|
lvenv
|
||||||
|
wvenv
|
||||||
@@ -1,3 +1,10 @@
|
|||||||
# sanigi-html
|
# sanigi-html
|
||||||
|
|
||||||
sanigi-html (esperanto for sanitize html) is a python tool which takes in HTML and sanitzies it for use with student webspaces
|
sanigi-html (esperanto for sanitize html) is a python tool which takes in HTML and sanitzies it for use with student webspaces
|
||||||
|
|
||||||
|
.env spec:
|
||||||
|
|
||||||
|
```env
|
||||||
|
ALLOWED_DOMAINS_IMG=images.example.org,cdn.example.com
|
||||||
|
ALLOWED_DOMAINS_LINK=example.com
|
||||||
|
```
|
||||||
@@ -23,7 +23,7 @@ NOTE: That things which are in italic text are already implemented!
|
|||||||
- *img*
|
- *img*
|
||||||
- *link href*
|
- *link href*
|
||||||
- *[x] add custom attribute filter function*
|
- *[x] add custom attribute filter function*
|
||||||
- [] load dotenv (chore for profiles.py) ; do this someday when implementing JSON configs. Or dotenv stuff : PRIO:HIGH
|
- *[x] load dotenv (chore for profiles.py) ; do this someday when implementing JSON configs. Or dotenv stuff : PRIO:HIGH*
|
||||||
---
|
---
|
||||||
|
|
||||||
### Expland strict mode:
|
### Expland strict mode:
|
||||||
|
|||||||
Binary file not shown.
+36
-6
@@ -4,10 +4,14 @@
|
|||||||
#
|
#
|
||||||
# presets for sanitization of HTML
|
# presets for sanitization of HTML
|
||||||
#
|
#
|
||||||
import re
|
|
||||||
from dotenv import dotenv_values
|
import os
|
||||||
|
from dotenv import load_dotenv
|
||||||
from urllib.parse import urlparse
|
from urllib.parse import urlparse
|
||||||
|
|
||||||
|
# loadenv init
|
||||||
|
load_dotenv()
|
||||||
|
|
||||||
def is_safe_url(url : str, allowed_domain=None, allow_relative : bool = True) -> bool:
|
def is_safe_url(url : str, allowed_domain=None, allow_relative : bool = True) -> bool:
|
||||||
"""
|
"""
|
||||||
Determine wether or not a URL is safe or not.
|
Determine wether or not a URL is safe or not.
|
||||||
@@ -48,6 +52,21 @@ def create_url_filter(allowed_attrs, allowed_domains=None, allow_relative=True):
|
|||||||
return value
|
return value
|
||||||
return filter_func
|
return filter_func
|
||||||
|
|
||||||
|
def get_domains(variable):
|
||||||
|
value = os.getenv(variable, "")
|
||||||
|
return [
|
||||||
|
# return a list of domains, and split by comma
|
||||||
|
d.strip() for d in value.split(",") if d.strip()
|
||||||
|
]
|
||||||
|
|
||||||
|
# Setup any .env variables for python to use
|
||||||
|
|
||||||
|
allow_relative = os.getenv("ALLOW_RELATIVE_URLS", "true").lower() == "true"
|
||||||
|
|
||||||
|
allowed_domains_default = get_domains("ALLOWED_DOMAINS")
|
||||||
|
allowed_domains_img = get_domains("ALLOWED_DOMAINS_IMG") or allowed_domains_default
|
||||||
|
allowed_domains_link = get_domains("ALLOWED_DOMAINS_LINK") or allowed_domains_default
|
||||||
|
|
||||||
STRICT = {
|
STRICT = {
|
||||||
"tags" : [
|
"tags" : [
|
||||||
"p", "b", "i", "u", "em", "strong",
|
"p", "b", "i", "u", "em", "strong",
|
||||||
@@ -56,10 +75,21 @@ STRICT = {
|
|||||||
"h1", "h2", "h3", "h4", "h5", "h6"
|
"h1", "h2", "h3", "h4", "h5", "h6"
|
||||||
],
|
],
|
||||||
"attributes": {
|
"attributes": {
|
||||||
# TODO: add loading dotenv variables
|
"a": create_url_filter(
|
||||||
"a": create_url_filter(["href"], allowed_domains=[], allow_relative=True),
|
["href"],
|
||||||
"img" : create_url_filter(["src", "alt"], allowed_domains=[], allow_relative=True),
|
allowed_domains=allowed_domains_link,
|
||||||
"link" : create_url_filter(["href"], allowed_domains=[], allow_relative=True),
|
allow_relative=allow_relative
|
||||||
|
),
|
||||||
|
"img": create_url_filter(
|
||||||
|
["src", "alt"],
|
||||||
|
allowed_domains=allowed_domains_img,
|
||||||
|
allow_relative=allow_relative
|
||||||
|
),
|
||||||
|
"link": create_url_filter(
|
||||||
|
["href"],
|
||||||
|
allowed_domains=allowed_domains_default,
|
||||||
|
allow_relative=allow_relative
|
||||||
|
),
|
||||||
},
|
},
|
||||||
"protocols": [],
|
"protocols": [],
|
||||||
"strip": True,
|
"strip": True,
|
||||||
|
|||||||
Reference in New Issue
Block a user