225 lines
5.9 KiB
Markdown
225 lines
5.9 KiB
Markdown
# saningi-html todo
|
|
|
|
## Current:
|
|
- [x] basic cli argparsing working (stdin -> sanizization -> stdout)
|
|
- [x] Modes implemented:
|
|
- strict
|
|
- loose
|
|
- passthrough
|
|
- [x] profiles in a seperate .py file
|
|
- Ok you see, I am too lazy to write the stuff which I completed here, so i just italizized it.
|
|
|
|
## To implement:
|
|
|
|
things not yet implemented in the program
|
|
NOTE: That things which are in italic text are already implemented!
|
|
|
|
### url filtering:
|
|
|
|
- *[x] block external URL in strict mode (eg a link with href to some porn site or something)*
|
|
- *[x] allow relative paths:*
|
|
*- eg "/path/to/my/awesome/post.html"*
|
|
- *[x] apply to any of these:*
|
|
- *a*
|
|
- *img*
|
|
- *link href*
|
|
- *[x] add custom attribute filter function*
|
|
- *[x] load dotenv (chore for profiles.py) ; do this someday when implementing JSON configs. Or dotenv stuff : PRIO:HIGH*
|
|
---
|
|
|
|
### Expland strict mode:
|
|
- *[x] Allow these:*
|
|
- *html, head, body*
|
|
- *title*
|
|
- *meta (with restrictions)*
|
|
- *link (for css only)*
|
|
- *table, tr, td, th*
|
|
- *any of crucuial html tags*
|
|
- [x] *restrict metas (allow):*
|
|
- *allow only charset, name, content*
|
|
- [ ] restrict metas (dont allow):
|
|
- base
|
|
- meta http-equiv
|
|
|
|
---
|
|
|
|
### passthrough safety
|
|
- *[x] add stderr warning for user*
|
|
|
|
---
|
|
|
|
### Add some logging:
|
|
- [ ] debugging with --debug
|
|
- [ ] print what was removed, to stderr
|
|
|
|
### Config files:
|
|
- [ ] allow custom JSON/YAML/yadayadayada configurations
|
|
- pass in through CLI with flag --config "file.idk"
|
|
|
|
## Fixes:
|
|
|
|
## Content of tag staying after removal of tag
|
|
|
|
When running strict/loose:
|
|
```
|
|
(venv) rattatwinko@kubuntu:~/Documents/sanigi-html$ echo "<html><body><h1>Heading</h1><script>var=j;</script></body></html>" | python3 src/main.py --mode strict
|
|
[ DEBUG@2026-04-20 07:54:57 ]: called sanitizer! using this as args:
|
|
<html><body><h1>Heading</h1><script>var=j;</script></body></html>
|
|
['p', 'b', 'i', 'u', 'em', 'strong', 'ul', 'ol', 'li', 'br', 'hr', 'h1', 'h2', 'h3', 'h4', 'h5', 'h6']
|
|
[]
|
|
True
|
|
<h1>Heading</h1>**var=j;**
|
|
```
|
|
|
|
You can see that the ```<script>``` tag gets removed but doesnt bother with removing the contents of that tag. The remaining thing is : **var=j;** ; If this gets rendered its bad, cause it looks bad!
|
|
We need to fix this.
|
|
|
|
### Plan for fixing this:
|
|
|
|
Lets maybe use bs4 for this, its fitting cause it can decompose HTML. Fixed!
|
|
|
|
### Around 30 minutes later:
|
|
|
|
This issue is no longer relevant, it is fixed! using bs4.
|
|
|
|
## Development brach additions (overview of functionallity):
|
|
|
|
As a example of the functionallity we use a command to call our sanizizer using the strict mode and we specifiy a configuration living in examples/config_example.json:
|
|
|
|
```bash
|
|
cat ~/Documents/INF6B/html/wm/startseite_wm.html | python src/main.py --mode strict > out.html
|
|
```
|
|
|
|
We output to a file called out.html, this is what the stdout of our programm looks like. if we grad stderr we get any debugging information aswell as errors / warnings / info
|
|
|
|
### command output:
|
|
|
|
```bash
|
|
(venv) sebastian@kubuntu:~/Documents/sanigi-html$ cat ~/Documents/INF6B/html/wm/startseite_wm.html | python src/main.py --mode strict > out.html
|
|
[ DEBUG@2026-04-20 12:32:50 ]: called sanitizer! using this as args:
|
|
<!DOCTYPE html>
|
|
|
|
<html lang="en">
|
|
|
|
<h1>Die Fußball-Weltmeisterschaft 2026</h1>
|
|
<p id="h1_under">vom 11. Juni bis 19. Juli 2026 in Kanada, Mexiko und den USA</p>
|
|
<img height="480" src="images/wmlogo.jpg" width="640"/>
|
|
<ul>
|
|
<li>Eröffnungsspiel:
|
|
<ul>
|
|
<li>Am 11. Juni 2026 um 21:00 Uhr im Aztekenstadion in Mexiko-Stadt (Mexiko vs. Südafrika)</li>
|
|
</ul>
|
|
</li>
|
|
<li>Finale:
|
|
<ul>
|
|
<li>Am 19. Juli 2026 im MetLife Stadium in East Rutherford, New Jersey</li>
|
|
</ul>
|
|
</li>
|
|
<li>Teilnehmer:
|
|
<ul>
|
|
<li>Erste WM mit 48 teilnehmenden Nationen</li>
|
|
</ul>
|
|
</li>
|
|
<li>Format:
|
|
<ul>
|
|
<li>Insgesamt 104 Spiele in 12 Gruppen</li>
|
|
<li>Austragung in 16 Stadien in drei Ländern</li>
|
|
</ul>
|
|
</li>
|
|
<li>Zeitzonen:
|
|
<ul>
|
|
<li>Das Turnier erstreckt sich über vier verschiedene Zeitzonen in Nordamerika</li>
|
|
</ul>
|
|
</li>
|
|
<li>Maskottchen:
|
|
<ul>
|
|
<li>Maple, Zayu & Clutch</li>
|
|
</ul>
|
|
</li>
|
|
</ul>
|
|
|
|
</html>['html', 'body', 'header', 'main', 'footer', 'section', 'article', 'nav', 'aside', 'h1', 'h2', 'h3', 'h4', 'h5', 'h6', 'p', 'pre', 'code', 'blockquote', 'ul', 'ol', 'li', 'dl', 'dt', 'dd', 'br', 'hr', 'a', 'img', 'figure', 'figcaption', 'table', 'thead', 'tbody', 'tfoot', 'tr', 'th', 'td', 'strong', 'em', 'b', 'i', 'u', 'small', 'details', 'summary', 'time']
|
|
['http', 'https', 'mailto']
|
|
True
|
|
```
|
|
|
|
This is what the programm outputted to the stdout file (inserted into out.html):
|
|
|
|
```html
|
|
|
|
<!DOCTYPE html>
|
|
|
|
<html>
|
|
|
|
<!-- sanigi-html parsed @ 2026-04-20 12:42:08.625481-->
|
|
<head></head>
|
|
|
|
<body>
|
|
|
|
|
|
|
|
<h1>Die Fußball-Weltmeisterschaft 2026</h1>
|
|
<p id="h1_under">vom 11. Juni bis 19. Juli 2026 in Kanada, Mexiko und den USA</p>
|
|
<img height="480" width="640">
|
|
<ul>
|
|
<li>Eröffnungsspiel:
|
|
<ul>
|
|
<li>Am 11. Juni 2026 um 21:00 Uhr im Aztekenstadion in Mexiko-Stadt (Mexiko vs. Südafrika)</li>
|
|
</ul>
|
|
</li>
|
|
<li>Finale:
|
|
<ul>
|
|
<li>Am 19. Juli 2026 im MetLife Stadium in East Rutherford, New Jersey</li>
|
|
</ul>
|
|
</li>
|
|
<li>Teilnehmer:
|
|
<ul>
|
|
<li>Erste WM mit 48 teilnehmenden Nationen</li>
|
|
</ul>
|
|
</li>
|
|
<li>Format:
|
|
<ul>
|
|
<li>Insgesamt 104 Spiele in 12 Gruppen</li>
|
|
<li>Austragung in 16 Stadien in drei Ländern</li>
|
|
</ul>
|
|
</li>
|
|
<li>Zeitzonen:
|
|
<ul>
|
|
<li>Das Turnier erstreckt sich über vier verschiedene Zeitzonen in Nordamerika</li>
|
|
</ul>
|
|
</li>
|
|
<li>Maskottchen:
|
|
<ul>
|
|
<li>Maple, Zayu & Clutch</li>
|
|
</ul>
|
|
</li>
|
|
</ul>
|
|
|
|
</body>
|
|
|
|
</html>
|
|
```
|
|
|
|
### Fix (22/04/26):
|
|
|
|
rewrite of sanizizer.py
|
|
|
|
now output looks like this:
|
|
|
|
```html
|
|
<!DOCTYPE html>
|
|
<html>
|
|
<!-- sanigi-html parsed @ 2026-04-22 20:23:01.043256 -->
|
|
<head>
|
|
<meta charset="utf-8">
|
|
<meta content="width=device-width, initial-scale=1.0" name="viewport">
|
|
<title>Document</title>
|
|
</head>
|
|
<body>
|
|
<h1>Test</h1>
|
|
<p>This is a test</p>
|
|
</body>
|
|
</html>
|
|
```
|
|
|