5.9 KiB
saningi-html todo
Current:
- basic cli argparsing working (stdin -> sanizization -> stdout)
- Modes implemented:
- strict
- loose
- passthrough
- profiles in a seperate .py file
- Ok you see, I am too lazy to write the stuff which I completed here, so i just italizized it.
To implement:
things not yet implemented in the program NOTE: That things which are in italic text are already implemented!
url filtering:
- [x] block external URL in strict mode (eg a link with href to some porn site or something)
- [x] allow relative paths: - eg "/path/to/my/awesome/post.html"
- [x] apply to any of these:
- a
- img
- link href
- [x] add custom attribute filter function
- [x] load dotenv (chore for profiles.py) ; do this someday when implementing JSON configs. Or dotenv stuff : PRIO:HIGH
Expland strict mode:
- [x] Allow these:
- html, head, body
- title
- meta (with restrictions)
- link (for css only)
- table, tr, td, th
- any of crucuial html tags
- restrict metas (allow):
- allow only charset, name, content
- restrict metas (dont allow):
- base
- meta http-equiv
passthrough safety
- [x] add stderr warning for user
Add some logging:
- debugging with --debug
- print what was removed, to stderr
Config files:
- allow custom JSON/YAML/yadayadayada configurations
- pass in through CLI with flag --config "file.idk"
Fixes:
Content of tag staying after removal of tag
When running strict/loose:
(venv) rattatwinko@kubuntu:~/Documents/sanigi-html$ echo "<html><body><h1>Heading</h1><script>var=j;</script></body></html>" | python3 src/main.py --mode strict
[ DEBUG@2026-04-20 07:54:57 ]: called sanitizer! using this as args:
<html><body><h1>Heading</h1><script>var=j;</script></body></html>
['p', 'b', 'i', 'u', 'em', 'strong', 'ul', 'ol', 'li', 'br', 'hr', 'h1', 'h2', 'h3', 'h4', 'h5', 'h6']
[]
True
<h1>Heading</h1>**var=j;**
You can see that the <script> tag gets removed but doesnt bother with removing the contents of that tag. The remaining thing is : var=j; ; If this gets rendered its bad, cause it looks bad!
We need to fix this.
Plan for fixing this:
Lets maybe use bs4 for this, its fitting cause it can decompose HTML. Fixed!
Around 30 minutes later:
This issue is no longer relevant, it is fixed! using bs4.
Development brach additions (overview of functionallity):
As a example of the functionallity we use a command to call our sanizizer using the strict mode and we specifiy a configuration living in examples/config_example.json:
cat ~/Documents/INF6B/html/wm/startseite_wm.html | python src/main.py --mode strict > out.html
We output to a file called out.html, this is what the stdout of our programm looks like. if we grad stderr we get any debugging information aswell as errors / warnings / info
command output:
(venv) sebastian@kubuntu:~/Documents/sanigi-html$ cat ~/Documents/INF6B/html/wm/startseite_wm.html | python src/main.py --mode strict > out.html
[ DEBUG@2026-04-20 12:32:50 ]: called sanitizer! using this as args:
<!DOCTYPE html>
<html lang="en">
<h1>Die Fußball-Weltmeisterschaft 2026</h1>
<p id="h1_under">vom 11. Juni bis 19. Juli 2026 in Kanada, Mexiko und den USA</p>
<img height="480" src="images/wmlogo.jpg" width="640"/>
<ul>
<li>Eröffnungsspiel:
<ul>
<li>Am 11. Juni 2026 um 21:00 Uhr im Aztekenstadion in Mexiko-Stadt (Mexiko vs. Südafrika)</li>
</ul>
</li>
<li>Finale:
<ul>
<li>Am 19. Juli 2026 im MetLife Stadium in East Rutherford, New Jersey</li>
</ul>
</li>
<li>Teilnehmer:
<ul>
<li>Erste WM mit 48 teilnehmenden Nationen</li>
</ul>
</li>
<li>Format:
<ul>
<li>Insgesamt 104 Spiele in 12 Gruppen</li>
<li>Austragung in 16 Stadien in drei Ländern</li>
</ul>
</li>
<li>Zeitzonen:
<ul>
<li>Das Turnier erstreckt sich über vier verschiedene Zeitzonen in Nordamerika</li>
</ul>
</li>
<li>Maskottchen:
<ul>
<li>Maple, Zayu & Clutch</li>
</ul>
</li>
</ul>
</html>['html', 'body', 'header', 'main', 'footer', 'section', 'article', 'nav', 'aside', 'h1', 'h2', 'h3', 'h4', 'h5', 'h6', 'p', 'pre', 'code', 'blockquote', 'ul', 'ol', 'li', 'dl', 'dt', 'dd', 'br', 'hr', 'a', 'img', 'figure', 'figcaption', 'table', 'thead', 'tbody', 'tfoot', 'tr', 'th', 'td', 'strong', 'em', 'b', 'i', 'u', 'small', 'details', 'summary', 'time']
['http', 'https', 'mailto']
True
This is what the programm outputted to the stdout file (inserted into out.html):
<!DOCTYPE html>
<html>
<!-- sanigi-html parsed @ 2026-04-20 12:42:08.625481-->
<head></head>
<body>
<h1>Die Fußball-Weltmeisterschaft 2026</h1>
<p id="h1_under">vom 11. Juni bis 19. Juli 2026 in Kanada, Mexiko und den USA</p>
<img height="480" width="640">
<ul>
<li>Eröffnungsspiel:
<ul>
<li>Am 11. Juni 2026 um 21:00 Uhr im Aztekenstadion in Mexiko-Stadt (Mexiko vs. Südafrika)</li>
</ul>
</li>
<li>Finale:
<ul>
<li>Am 19. Juli 2026 im MetLife Stadium in East Rutherford, New Jersey</li>
</ul>
</li>
<li>Teilnehmer:
<ul>
<li>Erste WM mit 48 teilnehmenden Nationen</li>
</ul>
</li>
<li>Format:
<ul>
<li>Insgesamt 104 Spiele in 12 Gruppen</li>
<li>Austragung in 16 Stadien in drei Ländern</li>
</ul>
</li>
<li>Zeitzonen:
<ul>
<li>Das Turnier erstreckt sich über vier verschiedene Zeitzonen in Nordamerika</li>
</ul>
</li>
<li>Maskottchen:
<ul>
<li>Maple, Zayu & Clutch</li>
</ul>
</li>
</ul>
</body>
</html>
Fix (22/04/26):
rewrite of sanizizer.py
now output looks like this:
<!DOCTYPE html>
<html>
<!-- sanigi-html parsed @ 2026-04-22 20:23:01.043256 -->
<head>
<meta charset="utf-8">
<meta content="width=device-width, initial-scale=1.0" name="viewport">
<title>Document</title>
</head>
<body>
<h1>Test</h1>
<p>This is a test</p>
</body>
</html>