fixed a issue using bs4. see TODO

This commit is contained in:
2026-04-20 08:30:39 +02:00
parent dd5f638149
commit d1d4e497be
3 changed files with 55 additions and 4 deletions
+27 -1
View File
@@ -43,7 +43,7 @@ NOTE: That things which are in italic text are already implemented!
---
### passthrough safety
- [ ] add stderr warning for user
- *[x] add stderr warning for user*
---
@@ -54,3 +54,29 @@ NOTE: That things which are in italic text are already implemented!
### Config files:
- [ ] allow custom JSON/YAML/yadayadayada configurations
- pass in through CLI with flag --config "file.idk"
## Fixes:
## Content of tag staying after removal of tag
When running strict/loose:
```
(venv) rattatwinko@kubuntu:~/Documents/sanigi-html$ echo "<html><body><h1>Heading</h1><script>var=j;</script></body></html>" | python3 src/main.py --mode strict
[ DEBUG@2026-04-20 07:54:57 ]: called sanitizer! using this as args:
<html><body><h1>Heading</h1><script>var=j;</script></body></html>
['p', 'b', 'i', 'u', 'em', 'strong', 'ul', 'ol', 'li', 'br', 'hr', 'h1', 'h2', 'h3', 'h4', 'h5', 'h6']
[]
True
<h1>Heading</h1>**var=j;**
```
You can see that the ```<script>``` tag gets removed but doesnt bother with removing the contents of that tag. The remaining thing is : **var=j;** ; If this gets rendered its bad, cause it looks bad!
We need to fix this.
### Plan for fixing this:
Lets maybe use bs4 for this, its fitting cause it can decompose HTML. Fixed!
### Around 30 minutes later:
This issue is no longer relevant, it is fixed! using bs4.
BIN
View File
Binary file not shown.
+27 -2
View File
@@ -5,6 +5,7 @@
import bleach
from bs4 import BeautifulSoup, Tag
from profiles import STRICT, LOOSE
from log.Logger import *
logger = Logger()
@@ -14,6 +15,7 @@ PROFILES = {
"loose": LOOSE,
}
def sanitize(html : str, mode : str) -> str:
"""
Arguments:
@@ -27,22 +29,45 @@ def sanitize(html : str, mode : str) -> str:
# this should be used with caution! it is for trusted
# individuals only
if mode == "passthrough":
logger.log_warning("You are about to not care about sanitizing ANY HTML. You are in passthrough mode.")
return html
config = PROFILES.get(mode)
if not config:
raise ValueError(f"Unknown mode! : {mode}")
allowed = set(config.get("tags", []))
good_soup = BeautifulSoup(html, "html.parser")
def has_allowed_child(node: Tag) -> bool:
# check if shit is allowed
for child in node.descendants:
if isinstance(child, Tag) and child.name.lower() in allowed:
return True
return False
for child in list(good_soup.find_all()):
name = child.name.lower()
if name in allowed:
continue
if has_allowed_child(child):
child.unwrap()
else:
child.decompose()
bs_parsed = str(good_soup)
logger.log_debug(
"called sanitizer! using this as args: \n" +
str(html) +
str(bs_parsed) +
str(config["tags"]) + "\n" +
str(config["protocols"]) + "\n" +
str(config["strip"])
)
return bleach.clean(
html,
bs_parsed,
tags=config["tags"],
attributes=config["attributes"],
protocols=config["protocols"],