o a",r  []?c@s0eZdZdZeeeedddfddZddZ dS) CleaneraCleaner for cleaning HTML fragments of malicious content This cleaner is a security-focused function whose sole purpose is to remove malicious content from a string such that it can be displayed as content in a web page. To use:: from bleach.sanitizer import Cleaner cleaner = Cleaner() for text in all_the_yucky_things: sanitized = cleaner.clean(text) .. Note:: This cleaner is not designed to use to transform content to be used in non-web-page contexts. .. Warning:: This cleaner is not thread-safe--the html parser has internal state. Create a separate cleaner per thread! FTNcCsn||_||_||_||_||_||_|pg|_tj|j|jddd|_ t d|_ tj ddddddd|_ dS)a Initializes a Cleaner :arg list tags: allowed list of tags; defaults to ``bleach.sanitizer.ALLOWED_TAGS`` :arg dict attributes: allowed attributes; can be a callable, list or dict; defaults to ``bleach.sanitizer.ALLOWED_ATTRIBUTES`` :arg list styles: allowed list of css styles; defaults to ``bleach.sanitizer.ALLOWED_STYLES`` :arg list protocols: allowed list of protocols for links; defaults to ``bleach.sanitizer.ALLOWED_PROTOCOLS`` :arg bool strip: whether or not to strip disallowed elements :arg bool strip_comments: whether or not to strip HTML comments :arg list filters: list of html5lib Filter classes to pass streamed content through .. seealso:: http://html5lib.readthedocs.io/en/latest/movingparts.html#filters .. Warning:: Using filters changes the output of ``bleach.Cleaner.clean``. Make sure the way the filters change the output are secure. F)tagsstripconsume_entitiesnamespaceHTMLElementsetreealwaysT)quote_attr_valuesomit_optional_tagsescape_lt_in_attrsresolve_entitiessanitizealphabetical_attributesN)r) attributesstyles protocolsr*strip_commentsfiltersrBleachHTMLParserparser getTreeWalkerwalkerBleachHTMLSerializer serializer)selfr)r5r6r7r*r8r9rrr__init__Ts,&   zCleaner.__init__c Cst|tsdj|jjd}t||sdS|j|}t| ||j |j |j |j |j|jgd}|jD]}||d}q3|j|S)zCleans text and returns sanitized result as unicode :arg str text: text to be cleaned :returns: sanitized text as unicode :raises TypeError: if ``text`` is not a text type z9argument cannot be of '{name}' type, must be of text type)namer)sourcer5strip_disallowed_elementsstrip_html_commentsallowed_elementsallowed_css_propertiesallowed_protocolsallowed_svg_properties)rC) isinstancestrformat __class____name__ TypeErrorr; parseFragmentBleachSanitizerFilterr=r5r*r8r)r6r7r9r?render)r@textmessagedomfiltered filter_classrrrcleans,     z Cleaner.clean) rN __module__ __qualname____doc__ ALLOWED_TAGSALLOWED_ATTRIBUTESALLOWED_STYLESALLOWED_PROTOCOLSrArXrrrrr(7s Br(csHtrSttrfdd}|Sttr fdd}|Std)a0Generates attribute filter function for the given attributes value The attributes value can take one of several shapes. This returns a filter function appropriate to the attributes value. One nice thing about this is that there's less if/then shenanigans in the ``allow_token`` method. cs`|vr|}t|r||||S||vrdSdvr.d}t|r*||||S||vSdS)NT*F)callable)tagattrvalueattr_valr5rr _attr_filters  z.attribute_filter_factory.._attr_filtercs|vSNr)rbrcrdrfrrrgsz3attributes needs to be a callable, a list or a dict)rarJdictlist ValueError)r5rgrrfrattribute_filter_factorys    rlcspeZdZdZeddffdd ZddZdd Zd d Zd d Z ddZ ddZ ddZ ddZ ddZZS)rQzmhtml5lib Filter that sanitizes text This filter can be used anywhere html5lib filters can be used. FTc s@t||_||_||_tjddtddtt|j |fi|S)aCreates a BleachSanitizerFilter instance :arg Treewalker source: stream :arg list tags: allowed list of tags; defaults to ``bleach.sanitizer.ALLOWED_TAGS`` :arg dict attributes: allowed attributes; can be a callable, list or dict; defaults to ``bleach.sanitizer.ALLOWED_ATTRIBUTES`` :arg list styles: allowed list of css styles; defaults to ``bleach.sanitizer.ALLOWED_STYLES`` :arg list protocols: allowed list of protocols for links; defaults to ``bleach.sanitizer.ALLOWED_PROTOCOLS`` :arg bool strip_disallowed_elements: whether or not to strip disallowed elements :arg bool strip_html_comments: whether or not to strip HTML comments ignorez"html5lib's sanitizer is deprecatedzbleach._vendor.html5lib)rTcategorymodule) rl attr_filterrDrEwarningsfilterwarningsDeprecationWarningsuperrQrA)r@rCr5rDrEkwargsrMrrrAs zBleachSanitizerFilter.__init__ccsB|D]}||}|s qt|tr|D]}|Vqq|VqdSrh)sanitize_tokenrJrj)r@token_iteratortokenretsubtokenrrrsanitize_streams  z%BleachSanitizerFilter.sanitize_streamccsg}|D]2}|r(|ddkr||qddd|Ddd}g}|Vn |ddkr4||q|Vqddd|Ddd}|VdS) z/Merge consecutive Characters tokens in a streamtype CharactersrcSg|]}|dqSdatarr char_tokenrrrr8rz:BleachSanitizerFilter.merge_characters..)rr}cSrrrrrrrrFrN)appendjoin)r@rxcharacters_bufferry new_tokenrrrmerge_characters*s,      z&BleachSanitizerFilter.merge_characterscCs||tj|Srh)rr|rFilter__iter__)r@rrrrKszBleachSanitizerFilter.__iter__cCs|d}|dvr*|d|jvr||S|jrdSd|vr%t|d|d<||S|dkrC|jsAtj|dddd d |d<|SdS|d krL||S|S) aSanitize a token either by HTML-encoding or dropping. Unlike sanitizer.Filter, allowed_attributes can be a dict of {'tag': ['attribute', 'pairs'], 'tag': callable}. Here callable is a function with two arguments of attribute name and value. It should return true of false. Also gives the option to strip tags instead of encoding. :arg dict token: token to sanitize :returns: token or list of tokens r})StartTagEndTagEmptyTagrBNrCommentz"z')"')entitiesr~) rF allow_tokenrDrdisallowed_tokenrErescapesanitize_characters)r@ry token_typerrrrwPs&    z$BleachSanitizerFilter.sanitize_tokencCs|dd}|s |Stt|}||d<d|vr|Sg}t|D]E}|s&q!|dr^t|}|dur^|dkrA|dddn|d|d |t |d d}|r]|d|dq!|d|dq!|S) aHandles Characters tokens Our overridden tokenizer doesn't do anything with entities. However, that means that the serializer will convert all ``&`` in Characters tokens to ``&``. Since we don't want that, we extract entities here and convert them to Entity tokens so the serializer will let them be. :arg token: the Characters token to work on :returns: a list of tokens rr&Nampr~)r}rEntity)r}rB) getINVISIBLE_CHARACTERS_REsubINVISIBLE_REPLACEMENT_CHARrnext_possible_entity startswith match_entityrlen)r@ryr new_tokenspartentity remainderrrrrs.    z)BleachSanitizerFilter.sanitize_characterscCst|}tdd|}|dd}|}zt|}Wn ty&YdSw|jr3|j|vr1|SdS| dr:|Sd|vrI| dd|vrI|Sd|vrO|SdS) zChecks a uri value to see if it's allowed :arg value: the uri value to sanitize :arg allowed_protocols: list of allowed protocols :returns: allowed value or None z[`\000-\040\177-\240\s]+ru�N#:rr) rconvert_entitiesrerreplacelowerrrkschemersplit)r@rdrH new_valueparsedrrrsanitize_uri_values(      z(BleachSanitizerFilter.sanitize_uri_valuec Csd|vrwi}|dD]d\}}|\}}||d||sq ||jvr1|||j}|dur/q |}||jvrHtddt|}| }|sFq |}d|df|j vrc|dt j ddffvrct d |rcq |d krl||}|||<q t||d<|S) z-Handles the case where we're allowing the tagrrBNzurl\s*\(\s*[^#\s][^)]+?\) )Nrxlinkrz ^\s*[^#\s])Nstyle)itemsrpattr_val_is_urirrHsvg_attr_val_allows_refrrrr*svg_allow_local_hrefr namespacessearch sanitize_cssr) r@ryattrsnamespaced_nameval namespacerBrnew_valrrrrs:       z!BleachSanitizerFilter.allow_tokencCs|d}|dkrd|d|d<nV|dr_|dvsJg}|dD]-\\}}}|r2|s2||}}|dus;|tjvr>|}n dtj||f}|d||fq#d |dd |f|d<nd |d|d<|d rx|ddd d|d<d|d<|d=|S)Nr}rzrBr)rrz%s:%sz %s="%s"z<%s%s>rz<%s> selfClosingz/>r~)rrprefixesrrr)r@ryrrnsrBvrrrrr/s4    z&BleachSanitizerFilter.disallowed_tokencCst|}tdd|}|d}tjdtjtjBd}|D] }||s*dSq td|s3dSg}t d|D],\}}|sBq;| |j vrU| |d |dq;| |j vrg| |d |dq;d|S) zSanitizes css in style tagszurl\s*\(\s*[^\s)]+?\s*\)\s*r;ak^( # consider a style attribute value as composed of: [/:,#%!.\s\w] # a non-newline character |\w-\w # 3 characters in the form \w-\w |'[\s\w]+'\s* # a single quoted string of [\s\w]+ with trailing space |"[\s\w]+" # a double quoted string of [\s\w]+ |\([\d,%\.\s]+\) # a parenthesized string of one or more digits, commas, periods, ... )*$)flagsrz ^\s*([-\w]+\s*:[^:;]*(;\s*|$))*$z([-\w]+)\s*:\s*([^:;]*)z: )rrrcompilerrUVERBOSEmatchfindallrrGrrIr)r@rpartsgauntletrrXproprdrrrr[s.      z"BleachSanitizerFilter.sanitize_css)rNrYrZr[r]rAr|rrrwrrrrr __classcell__rrrvrrQs + !/=7<,rQ) itertoolsrrrqbleach._vendor.parserxml.sax.saxutilsrbleachr bleach.utilsrr\r]r^r_rrangeINVISIBLE_CHARACTERSrUNICODErrr(rlSanitizerFilterrQrrrrs.     & +