fixed a issue using bs4. see TODO
This commit is contained in:
@@ -43,7 +43,7 @@ NOTE: That things which are in italic text are already implemented!
|
||||
---
|
||||
|
||||
### passthrough safety
|
||||
- [ ] add stderr warning for user
|
||||
- *[x] add stderr warning for user*
|
||||
|
||||
---
|
||||
|
||||
@@ -53,4 +53,30 @@ NOTE: That things which are in italic text are already implemented!
|
||||
|
||||
### Config files:
|
||||
- [ ] allow custom JSON/YAML/yadayadayada configurations
|
||||
- pass in through CLI with flag --config "file.idk"
|
||||
- pass in through CLI with flag --config "file.idk"
|
||||
|
||||
## Fixes:
|
||||
|
||||
## Content of tag staying after removal of tag
|
||||
|
||||
When running strict/loose:
|
||||
```
|
||||
(venv) rattatwinko@kubuntu:~/Documents/sanigi-html$ echo "<html><body><h1>Heading</h1><script>var=j;</script></body></html>" | python3 src/main.py --mode strict
|
||||
[ DEBUG@2026-04-20 07:54:57 ]: called sanitizer! using this as args:
|
||||
<html><body><h1>Heading</h1><script>var=j;</script></body></html>
|
||||
['p', 'b', 'i', 'u', 'em', 'strong', 'ul', 'ol', 'li', 'br', 'hr', 'h1', 'h2', 'h3', 'h4', 'h5', 'h6']
|
||||
[]
|
||||
True
|
||||
<h1>Heading</h1>**var=j;**
|
||||
```
|
||||
|
||||
You can see that the ```<script>``` tag gets removed but doesnt bother with removing the contents of that tag. The remaining thing is : **var=j;** ; If this gets rendered its bad, cause it looks bad!
|
||||
We need to fix this.
|
||||
|
||||
### Plan for fixing this:
|
||||
|
||||
Lets maybe use bs4 for this, its fitting cause it can decompose HTML. Fixed!
|
||||
|
||||
### Around 30 minutes later:
|
||||
|
||||
This issue is no longer relevant, it is fixed! using bs4.
|
||||
Binary file not shown.
+27
-2
@@ -5,6 +5,7 @@
|
||||
|
||||
|
||||
import bleach
|
||||
from bs4 import BeautifulSoup, Tag
|
||||
from profiles import STRICT, LOOSE
|
||||
from log.Logger import *
|
||||
logger = Logger()
|
||||
@@ -14,6 +15,7 @@ PROFILES = {
|
||||
"loose": LOOSE,
|
||||
}
|
||||
|
||||
|
||||
def sanitize(html : str, mode : str) -> str:
|
||||
"""
|
||||
Arguments:
|
||||
@@ -27,22 +29,45 @@ def sanitize(html : str, mode : str) -> str:
|
||||
# this should be used with caution! it is for trusted
|
||||
# individuals only
|
||||
if mode == "passthrough":
|
||||
logger.log_warning("You are about to not care about sanitizing ANY HTML. You are in passthrough mode.")
|
||||
return html
|
||||
|
||||
config = PROFILES.get(mode)
|
||||
if not config:
|
||||
raise ValueError(f"Unknown mode! : {mode}")
|
||||
|
||||
allowed = set(config.get("tags", []))
|
||||
good_soup = BeautifulSoup(html, "html.parser")
|
||||
|
||||
def has_allowed_child(node: Tag) -> bool:
|
||||
# check if shit is allowed
|
||||
for child in node.descendants:
|
||||
if isinstance(child, Tag) and child.name.lower() in allowed:
|
||||
return True
|
||||
return False
|
||||
|
||||
|
||||
for child in list(good_soup.find_all()):
|
||||
name = child.name.lower()
|
||||
if name in allowed:
|
||||
continue
|
||||
if has_allowed_child(child):
|
||||
child.unwrap()
|
||||
else:
|
||||
child.decompose()
|
||||
|
||||
bs_parsed = str(good_soup)
|
||||
|
||||
logger.log_debug(
|
||||
"called sanitizer! using this as args: \n" +
|
||||
str(html) +
|
||||
str(bs_parsed) +
|
||||
str(config["tags"]) + "\n" +
|
||||
str(config["protocols"]) + "\n" +
|
||||
str(config["strip"])
|
||||
)
|
||||
|
||||
return bleach.clean(
|
||||
html,
|
||||
bs_parsed,
|
||||
tags=config["tags"],
|
||||
attributes=config["attributes"],
|
||||
protocols=config["protocols"],
|
||||
|
||||
Reference in New Issue
Block a user