2024-07-15 23:47:29 +02:00
|
|
|
use html5ever::{tendril::SliceExt, tokenizer::{BufferQueue, TagKind, Token, TokenSink, TokenSinkResult, Tokenizer}};
|
2024-05-02 14:20:49 +02:00
|
|
|
use comrak::{markdown_to_html, Options};
|
|
|
|
|
|
2024-07-15 23:47:29 +02:00
|
|
|
pub type Cloaker = Box<dyn Fn(&str) -> String>;
|
|
|
|
|
|
|
|
|
|
#[derive(Default)]
|
|
|
|
|
pub struct Sanitizer {
|
|
|
|
|
pub cloaker: Option<Cloaker>,
|
2024-06-07 06:29:50 +02:00
|
|
|
pub buffer: String,
|
|
|
|
|
}
|
2024-05-02 14:20:49 +02:00
|
|
|
|
2024-07-15 23:47:29 +02:00
|
|
|
pub fn safe_html(text: &str) -> String {
|
|
|
|
|
Sanitizer::default().html(text)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
pub fn safe_markdown(text: &str) -> String {
|
|
|
|
|
Sanitizer::default().markdown(text)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
impl Sanitizer {
|
|
|
|
|
pub fn new(cloak: Cloaker) -> Self {
|
|
|
|
|
Self {
|
|
|
|
|
buffer: String::default(),
|
|
|
|
|
cloaker: Some(cloak),
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
pub fn markdown(self, text: &str) -> String {
|
|
|
|
|
self.html(&markdown_to_html(text, &Options::default()))
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
pub fn html(self, text: &str) -> String {
|
|
|
|
|
let mut input = BufferQueue::default();
|
|
|
|
|
input.push_back(text.to_tendril().try_reinterpret().unwrap());
|
|
|
|
|
|
|
|
|
|
let mut tok = Tokenizer::new(self, Default::default());
|
|
|
|
|
let _ = tok.feed(&mut input);
|
|
|
|
|
|
|
|
|
|
if !input.is_empty() {
|
|
|
|
|
tracing::warn!("buffer input not empty after processing html");
|
|
|
|
|
}
|
|
|
|
|
tok.end();
|
|
|
|
|
|
|
|
|
|
tok.sink.buffer
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
impl TokenSink for Sanitizer {
|
2024-05-02 14:20:49 +02:00
|
|
|
type Handle = ();
|
|
|
|
|
|
|
|
|
|
/// Each processed token will be handled by this method
|
|
|
|
|
fn process_token(&mut self, token: Token, _line_number: u64) -> TokenSinkResult<()> {
|
|
|
|
|
match token {
|
|
|
|
|
Token::TagToken(tag) => {
|
|
|
|
|
if !matches!(
|
|
|
|
|
tag.name.as_ref(),
|
|
|
|
|
"h1" | "h2" | "h3"
|
2024-08-11 13:48:53 +02:00
|
|
|
| "hr" | "br" | "p" | "b" | "i" | "s"
|
2024-05-02 14:20:49 +02:00
|
|
|
| "blockquote" | "pre" | "code"
|
|
|
|
|
| "ul" | "ol" | "li"
|
|
|
|
|
| "img" | "a"
|
|
|
|
|
) { return TokenSinkResult::Continue } // skip this tag
|
|
|
|
|
|
2024-06-07 06:29:50 +02:00
|
|
|
self.buffer.push('<');
|
2024-05-30 11:58:35 +02:00
|
|
|
|
2024-05-02 14:20:49 +02:00
|
|
|
if !tag.self_closing && matches!(tag.kind, TagKind::EndTag) {
|
2024-06-07 06:29:50 +02:00
|
|
|
self.buffer.push('/');
|
2024-05-02 14:20:49 +02:00
|
|
|
}
|
|
|
|
|
|
2024-06-07 06:29:50 +02:00
|
|
|
self.buffer.push_str(tag.name.as_ref());
|
2024-05-02 14:20:49 +02:00
|
|
|
|
2024-05-30 11:58:35 +02:00
|
|
|
if !matches!(tag.kind, TagKind::EndTag) {
|
2024-05-29 05:04:59 +02:00
|
|
|
match tag.name.as_ref() {
|
|
|
|
|
"img" => for attr in tag.attrs {
|
2024-05-02 14:20:49 +02:00
|
|
|
match attr.name.local.as_ref() {
|
2024-06-07 06:29:50 +02:00
|
|
|
"src" => {
|
2024-07-15 23:47:29 +02:00
|
|
|
let src = if let Some(ref cloak) = self.cloaker {
|
|
|
|
|
cloak(attr.value.as_ref())
|
2024-06-07 06:29:50 +02:00
|
|
|
} else {
|
|
|
|
|
attr.value.to_string()
|
|
|
|
|
};
|
|
|
|
|
self.buffer.push_str(&format!(" src=\"{src}\""))
|
|
|
|
|
},
|
|
|
|
|
"title" => self.buffer.push_str(&format!(" title=\"{}\"", attr.value.as_ref())),
|
|
|
|
|
"alt" => self.buffer.push_str(&format!(" alt=\"{}\"", attr.value.as_ref())),
|
2024-05-02 14:20:49 +02:00
|
|
|
_ => {},
|
|
|
|
|
}
|
2024-05-29 05:04:59 +02:00
|
|
|
},
|
|
|
|
|
"a" => {
|
2024-07-06 03:45:02 +02:00
|
|
|
let any_attr = !tag.attrs.is_empty();
|
2024-05-29 05:04:59 +02:00
|
|
|
for attr in tag.attrs {
|
|
|
|
|
match attr.name.local.as_ref() {
|
2024-06-07 06:29:50 +02:00
|
|
|
"href" => self.buffer.push_str(&format!(" href=\"{}\"", attr.value.as_ref())),
|
|
|
|
|
"title" => self.buffer.push_str(&format!(" title=\"{}\"", attr.value.as_ref())),
|
2024-07-04 02:12:52 +02:00
|
|
|
"class" => if attr.value.as_ref() == "u-url mention" {
|
|
|
|
|
self.buffer.push_str(" class=\"u-url mention\"")
|
|
|
|
|
},
|
2024-05-29 05:04:59 +02:00
|
|
|
_ => {},
|
|
|
|
|
}
|
|
|
|
|
}
|
2024-05-30 11:58:35 +02:00
|
|
|
if any_attr {
|
2024-06-07 06:29:50 +02:00
|
|
|
self.buffer.push_str(" rel=\"nofollow noreferrer\" target=\"_blank\"");
|
2024-05-30 11:58:35 +02:00
|
|
|
}
|
2024-05-29 05:04:59 +02:00
|
|
|
},
|
|
|
|
|
_ => {},
|
|
|
|
|
}
|
2024-05-02 14:20:49 +02:00
|
|
|
}
|
|
|
|
|
|
2024-05-30 11:58:35 +02:00
|
|
|
if tag.self_closing {
|
2024-06-07 06:29:50 +02:00
|
|
|
self.buffer.push('/');
|
2024-05-30 11:58:35 +02:00
|
|
|
}
|
|
|
|
|
|
2024-06-07 06:29:50 +02:00
|
|
|
self.buffer.push('>');
|
2024-05-02 14:20:49 +02:00
|
|
|
},
|
2024-06-07 06:29:50 +02:00
|
|
|
Token::CharacterTokens(txt) => self.buffer.push_str(txt.as_ref()),
|
2024-05-02 14:20:49 +02:00
|
|
|
Token::CommentToken(_) => {},
|
|
|
|
|
Token::DoctypeToken(_) => {},
|
|
|
|
|
Token::NullCharacterToken => {},
|
|
|
|
|
Token::EOFToken => {},
|
|
|
|
|
Token::ParseError(e) => tracing::error!("error parsing html: {e}"),
|
|
|
|
|
}
|
|
|
|
|
TokenSinkResult::Continue
|
|
|
|
|
}
|
|
|
|
|
}
|
