fixed a issue using bs4. see TODO
This commit is contained in:
@@ -43,7 +43,7 @@ NOTE: That things which are in italic text are already implemented!
|
|||||||
---
|
---
|
||||||
|
|
||||||
### passthrough safety
|
### passthrough safety
|
||||||
- [ ] add stderr warning for user
|
- *[x] add stderr warning for user*
|
||||||
|
|
||||||
---
|
---
|
||||||
|
|
||||||
@@ -54,3 +54,29 @@ NOTE: That things which are in italic text are already implemented!
|
|||||||
### Config files:
|
### Config files:
|
||||||
- [ ] allow custom JSON/YAML/yadayadayada configurations
|
- [ ] allow custom JSON/YAML/yadayadayada configurations
|
||||||
- pass in through CLI with flag --config "file.idk"
|
- pass in through CLI with flag --config "file.idk"
|
||||||
|
|
||||||
|
## Fixes:
|
||||||
|
|
||||||
|
## Content of tag staying after removal of tag
|
||||||
|
|
||||||
|
When running strict/loose:
|
||||||
|
```
|
||||||
|
(venv) rattatwinko@kubuntu:~/Documents/sanigi-html$ echo "<html><body><h1>Heading</h1><script>var=j;</script></body></html>" | python3 src/main.py --mode strict
|
||||||
|
[ DEBUG@2026-04-20 07:54:57 ]: called sanitizer! using this as args:
|
||||||
|
<html><body><h1>Heading</h1><script>var=j;</script></body></html>
|
||||||
|
['p', 'b', 'i', 'u', 'em', 'strong', 'ul', 'ol', 'li', 'br', 'hr', 'h1', 'h2', 'h3', 'h4', 'h5', 'h6']
|
||||||
|
[]
|
||||||
|
True
|
||||||
|
<h1>Heading</h1>**var=j;**
|
||||||
|
```
|
||||||
|
|
||||||
|
You can see that the ```<script>``` tag gets removed but doesnt bother with removing the contents of that tag. The remaining thing is : **var=j;** ; If this gets rendered its bad, cause it looks bad!
|
||||||
|
We need to fix this.
|
||||||
|
|
||||||
|
### Plan for fixing this:
|
||||||
|
|
||||||
|
Lets maybe use bs4 for this, its fitting cause it can decompose HTML. Fixed!
|
||||||
|
|
||||||
|
### Around 30 minutes later:
|
||||||
|
|
||||||
|
This issue is no longer relevant, it is fixed! using bs4.
|
||||||
Binary file not shown.
+27
-2
@@ -5,6 +5,7 @@
|
|||||||
|
|
||||||
|
|
||||||
import bleach
|
import bleach
|
||||||
|
from bs4 import BeautifulSoup, Tag
|
||||||
from profiles import STRICT, LOOSE
|
from profiles import STRICT, LOOSE
|
||||||
from log.Logger import *
|
from log.Logger import *
|
||||||
logger = Logger()
|
logger = Logger()
|
||||||
@@ -14,6 +15,7 @@ PROFILES = {
|
|||||||
"loose": LOOSE,
|
"loose": LOOSE,
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
def sanitize(html : str, mode : str) -> str:
|
def sanitize(html : str, mode : str) -> str:
|
||||||
"""
|
"""
|
||||||
Arguments:
|
Arguments:
|
||||||
@@ -27,22 +29,45 @@ def sanitize(html : str, mode : str) -> str:
|
|||||||
# this should be used with caution! it is for trusted
|
# this should be used with caution! it is for trusted
|
||||||
# individuals only
|
# individuals only
|
||||||
if mode == "passthrough":
|
if mode == "passthrough":
|
||||||
|
logger.log_warning("You are about to not care about sanitizing ANY HTML. You are in passthrough mode.")
|
||||||
return html
|
return html
|
||||||
|
|
||||||
config = PROFILES.get(mode)
|
config = PROFILES.get(mode)
|
||||||
if not config:
|
if not config:
|
||||||
raise ValueError(f"Unknown mode! : {mode}")
|
raise ValueError(f"Unknown mode! : {mode}")
|
||||||
|
|
||||||
|
allowed = set(config.get("tags", []))
|
||||||
|
good_soup = BeautifulSoup(html, "html.parser")
|
||||||
|
|
||||||
|
def has_allowed_child(node: Tag) -> bool:
|
||||||
|
# check if shit is allowed
|
||||||
|
for child in node.descendants:
|
||||||
|
if isinstance(child, Tag) and child.name.lower() in allowed:
|
||||||
|
return True
|
||||||
|
return False
|
||||||
|
|
||||||
|
|
||||||
|
for child in list(good_soup.find_all()):
|
||||||
|
name = child.name.lower()
|
||||||
|
if name in allowed:
|
||||||
|
continue
|
||||||
|
if has_allowed_child(child):
|
||||||
|
child.unwrap()
|
||||||
|
else:
|
||||||
|
child.decompose()
|
||||||
|
|
||||||
|
bs_parsed = str(good_soup)
|
||||||
|
|
||||||
logger.log_debug(
|
logger.log_debug(
|
||||||
"called sanitizer! using this as args: \n" +
|
"called sanitizer! using this as args: \n" +
|
||||||
str(html) +
|
str(bs_parsed) +
|
||||||
str(config["tags"]) + "\n" +
|
str(config["tags"]) + "\n" +
|
||||||
str(config["protocols"]) + "\n" +
|
str(config["protocols"]) + "\n" +
|
||||||
str(config["strip"])
|
str(config["strip"])
|
||||||
)
|
)
|
||||||
|
|
||||||
return bleach.clean(
|
return bleach.clean(
|
||||||
html,
|
bs_parsed,
|
||||||
tags=config["tags"],
|
tags=config["tags"],
|
||||||
attributes=config["attributes"],
|
attributes=config["attributes"],
|
||||||
protocols=config["protocols"],
|
protocols=config["protocols"],
|
||||||
|
|||||||
Reference in New Issue
Block a user