82 lines
2.3 KiB
Markdown
82 lines
2.3 KiB
Markdown
# saningi-html todo
|
|
|
|
## Current:
|
|
- [x] basic cli argparsing working (stdin -> sanizization -> stdout)
|
|
- [x] Modes implemented:
|
|
- strict
|
|
- loose
|
|
- passthrough
|
|
- [x] profiles in a seperate .py file
|
|
|
|
## To implement:
|
|
|
|
things not yet implemented in the program
|
|
NOTE: That things which are in italic text are already implemented!
|
|
|
|
### url filtering:
|
|
|
|
- *[x] block external URL in strict mode (eg a link with href to some porn site or something)*
|
|
- *[x] allow relative paths:*
|
|
*- eg "/path/to/my/awesome/post.html"*
|
|
- *[x] apply to any of these:*
|
|
- *a*
|
|
- *img*
|
|
- *link href*
|
|
- *[x] add custom attribute filter function*
|
|
- *[x] load dotenv (chore for profiles.py) ; do this someday when implementing JSON configs. Or dotenv stuff : PRIO:HIGH*
|
|
---
|
|
|
|
### Expland strict mode:
|
|
- [ ] Allow these:
|
|
- html, head, body
|
|
- title
|
|
- meta (with restrictions)
|
|
- link (for css only)
|
|
- table, tr, td, th
|
|
- any of crucuial html tags
|
|
- [ ] restrict metas (allow):
|
|
- allow only charset, name, content
|
|
- [ ] restrict metas (dont allow):
|
|
- base
|
|
- meta http-equiv
|
|
|
|
---
|
|
|
|
### passthrough safety
|
|
- *[x] add stderr warning for user*
|
|
|
|
---
|
|
|
|
### Add some logging:
|
|
- [ ] debugging with --debug
|
|
- [ ] print what was removed, to stderr
|
|
|
|
### Config files:
|
|
- [ ] allow custom JSON/YAML/yadayadayada configurations
|
|
- pass in through CLI with flag --config "file.idk"
|
|
|
|
## Fixes:
|
|
|
|
## Content of tag staying after removal of tag
|
|
|
|
When running strict/loose:
|
|
```
|
|
(venv) rattatwinko@kubuntu:~/Documents/sanigi-html$ echo "<html><body><h1>Heading</h1><script>var=j;</script></body></html>" | python3 src/main.py --mode strict
|
|
[ DEBUG@2026-04-20 07:54:57 ]: called sanitizer! using this as args:
|
|
<html><body><h1>Heading</h1><script>var=j;</script></body></html>
|
|
['p', 'b', 'i', 'u', 'em', 'strong', 'ul', 'ol', 'li', 'br', 'hr', 'h1', 'h2', 'h3', 'h4', 'h5', 'h6']
|
|
[]
|
|
True
|
|
<h1>Heading</h1>**var=j;**
|
|
```
|
|
|
|
You can see that the ```<script>``` tag gets removed but doesnt bother with removing the contents of that tag. The remaining thing is : **var=j;** ; If this gets rendered its bad, cause it looks bad!
|
|
We need to fix this.
|
|
|
|
### Plan for fixing this:
|
|
|
|
Lets maybe use bs4 for this, its fitting cause it can decompose HTML. Fixed!
|
|
|
|
### Around 30 minutes later:
|
|
|
|
This issue is no longer relevant, it is fixed! using bs4. |