Files
sanigi-html/TODO.md
T
2026-04-22 20:39:59 +02:00

225 lines
5.9 KiB
Markdown

# saningi-html todo
## Current:
- [x] basic cli argparsing working (stdin -> sanizization -> stdout)
- [x] Modes implemented:
- strict
- loose
- passthrough
- [x] profiles in a seperate .py file
- Ok you see, I am too lazy to write the stuff which I completed here, so i just italizized it.
## To implement:
things not yet implemented in the program
NOTE: That things which are in italic text are already implemented!
### url filtering:
- *[x] block external URL in strict mode (eg a link with href to some porn site or something)*
- *[x] allow relative paths:*
*- eg "/path/to/my/awesome/post.html"*
- *[x] apply to any of these:*
- *a*
- *img*
- *link href*
- *[x] add custom attribute filter function*
- *[x] load dotenv (chore for profiles.py) ; do this someday when implementing JSON configs. Or dotenv stuff : PRIO:HIGH*
---
### Expland strict mode:
- *[x] Allow these:*
- *html, head, body*
- *title*
- *meta (with restrictions)*
- *link (for css only)*
- *table, tr, td, th*
- *any of crucuial html tags*
- [x] *restrict metas (allow):*
- *allow only charset, name, content*
- [ ] restrict metas (dont allow):
- base
- meta http-equiv
---
### passthrough safety
- *[x] add stderr warning for user*
---
### Add some logging:
- [ ] debugging with --debug
- [ ] print what was removed, to stderr
### Config files:
- [ ] allow custom JSON/YAML/yadayadayada configurations
- pass in through CLI with flag --config "file.idk"
## Fixes:
## Content of tag staying after removal of tag
When running strict/loose:
```
(venv) rattatwinko@kubuntu:~/Documents/sanigi-html$ echo "<html><body><h1>Heading</h1><script>var=j;</script></body></html>" | python3 src/main.py --mode strict
[ DEBUG@2026-04-20 07:54:57 ]: called sanitizer! using this as args:
<html><body><h1>Heading</h1><script>var=j;</script></body></html>
['p', 'b', 'i', 'u', 'em', 'strong', 'ul', 'ol', 'li', 'br', 'hr', 'h1', 'h2', 'h3', 'h4', 'h5', 'h6']
[]
True
<h1>Heading</h1>**var=j;**
```
You can see that the ```<script>``` tag gets removed but doesnt bother with removing the contents of that tag. The remaining thing is : **var=j;** ; If this gets rendered its bad, cause it looks bad!
We need to fix this.
### Plan for fixing this:
Lets maybe use bs4 for this, its fitting cause it can decompose HTML. Fixed!
### Around 30 minutes later:
This issue is no longer relevant, it is fixed! using bs4.
## Development brach additions (overview of functionallity):
As a example of the functionallity we use a command to call our sanizizer using the strict mode and we specifiy a configuration living in examples/config_example.json:
```bash
cat ~/Documents/INF6B/html/wm/startseite_wm.html | python src/main.py --mode strict > out.html
```
We output to a file called out.html, this is what the stdout of our programm looks like. if we grad stderr we get any debugging information aswell as errors / warnings / info
### command output:
```bash
(venv) sebastian@kubuntu:~/Documents/sanigi-html$ cat ~/Documents/INF6B/html/wm/startseite_wm.html | python src/main.py --mode strict > out.html
[ DEBUG@2026-04-20 12:32:50 ]: called sanitizer! using this as args:
<!DOCTYPE html>
<html lang="en">
<h1>Die Fußball-Weltmeisterschaft 2026</h1>
<p id="h1_under">vom 11. Juni bis 19. Juli 2026 in Kanada, Mexiko und den USA</p>
<img height="480" src="images/wmlogo.jpg" width="640"/>
<ul>
<li>Eröffnungsspiel:
<ul>
<li>Am 11. Juni 2026 um 21:00 Uhr im Aztekenstadion in Mexiko-Stadt (Mexiko vs. Südafrika)</li>
</ul>
</li>
<li>Finale:
<ul>
<li>Am 19. Juli 2026 im MetLife Stadium in East Rutherford, New Jersey</li>
</ul>
</li>
<li>Teilnehmer:
<ul>
<li>Erste WM mit 48 teilnehmenden Nationen</li>
</ul>
</li>
<li>Format:
<ul>
<li>Insgesamt 104 Spiele in 12 Gruppen</li>
<li>Austragung in 16 Stadien in drei Ländern</li>
</ul>
</li>
<li>Zeitzonen:
<ul>
<li>Das Turnier erstreckt sich über vier verschiedene Zeitzonen in Nordamerika</li>
</ul>
</li>
<li>Maskottchen:
<ul>
<li>Maple, Zayu &amp; Clutch</li>
</ul>
</li>
</ul>
</html>['html', 'body', 'header', 'main', 'footer', 'section', 'article', 'nav', 'aside', 'h1', 'h2', 'h3', 'h4', 'h5', 'h6', 'p', 'pre', 'code', 'blockquote', 'ul', 'ol', 'li', 'dl', 'dt', 'dd', 'br', 'hr', 'a', 'img', 'figure', 'figcaption', 'table', 'thead', 'tbody', 'tfoot', 'tr', 'th', 'td', 'strong', 'em', 'b', 'i', 'u', 'small', 'details', 'summary', 'time']
['http', 'https', 'mailto']
True
```
This is what the programm outputted to the stdout file (inserted into out.html):
```html
<!DOCTYPE html>
<html>
<!-- sanigi-html parsed @ 2026-04-20 12:42:08.625481-->
<head></head>
<body>
<h1>Die Fußball-Weltmeisterschaft 2026</h1>
<p id="h1_under">vom 11. Juni bis 19. Juli 2026 in Kanada, Mexiko und den USA</p>
<img height="480" width="640">
<ul>
<li>Eröffnungsspiel:
<ul>
<li>Am 11. Juni 2026 um 21:00 Uhr im Aztekenstadion in Mexiko-Stadt (Mexiko vs. Südafrika)</li>
</ul>
</li>
<li>Finale:
<ul>
<li>Am 19. Juli 2026 im MetLife Stadium in East Rutherford, New Jersey</li>
</ul>
</li>
<li>Teilnehmer:
<ul>
<li>Erste WM mit 48 teilnehmenden Nationen</li>
</ul>
</li>
<li>Format:
<ul>
<li>Insgesamt 104 Spiele in 12 Gruppen</li>
<li>Austragung in 16 Stadien in drei Ländern</li>
</ul>
</li>
<li>Zeitzonen:
<ul>
<li>Das Turnier erstreckt sich über vier verschiedene Zeitzonen in Nordamerika</li>
</ul>
</li>
<li>Maskottchen:
<ul>
<li>Maple, Zayu &amp; Clutch</li>
</ul>
</li>
</ul>
</body>
</html>
```
### Fix (22/04/26):
rewrite of sanizizer.py
now output looks like this:
```html
<!DOCTYPE html>
<html>
<!-- sanigi-html parsed @ 2026-04-22 20:23:01.043256 -->
<head>
<meta charset="utf-8">
<meta content="width=device-width, initial-scale=1.0" name="viewport">
<title>Document</title>
</head>
<body>
<h1>Test</h1>
<p>This is a test</p>
</body>
</html>
```