haskell/xss-sanitize
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Change name to safeTagsCustom, minor bump version to 0.3.5.8.

Browse Source
This commit is contained in:
Yitzchak Gale 2018-07-01 12:59:58 +03:00
parent 101690ff7b
commit 8f453e3dd5
3 changed files with 16 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
Text/HTML/SanitizeXSS.hs
View File

@ -12,7 +12,7 @@ module Text.HTML.SanitizeXSS
-- * Custom filtering -- * Custom filtering
, filterTags , filterTags
, safeTags , safeTags
, mySafeTags , safeTagsCustom
, balanceTags , balanceTags
-- * Utilities -- * Utilities
@ -77,25 +77,27 @@ balance unclosed (t:ts) = t : balance unclosed ts
-- | Filters out any usafe tags and attributes. Use with filterTags to create a custom filter. -- | Filters out any usafe tags and attributes. Use with filterTags to create a custom filter.
safeTags :: [Tag Text] -> [Tag Text] safeTags :: [Tag Text] -> [Tag Text]
safeTags = mySafeTags safeTagName sanitizeAttribute safeTags = safeTagsCustom safeTagName sanitizeAttribute
-- | Filters out unsafe tags and attributes like 'safeTags', but uses -- | Filters out unsafe tags and attributes like 'safeTags', but uses
-- custom functions for determining which tags and attributes are -- custom functions for determining which tags and attributes are
-- safe. This allows you to add or remove specific tags or attributes -- safe. This allows you to add or remove specific tags or attributes
-- on the white list, or to use your own white list. -- on the white list, or to use your own white list.
-- @mySafeTags safeTagName sanitizeAttribute@ is equivalent to -- @safeTagsCustom safeTagName sanitizeAttribute@ is equivalent to
-- 'safeTags'. -- 'safeTags'.
mySafeTags :: (Text -> Bool) -> ((Text, Text) -> Maybe (Text, Text)) -> --
-- @since 0.3.5.8
safeTagsCustom :: (Text -> Bool) -> ((Text, Text) -> Maybe (Text, Text)) ->
[Tag Text] -> [Tag Text] [Tag Text] -> [Tag Text]
mySafeTags _ _ [] = [] safeTagsCustom _ _ [] = []
mySafeTags safeName sanitizeAttr (t@(TagClose name):tags) safeTagsCustom safeName sanitizeAttr (t@(TagClose name):tags)
| safeName name = t : mySafeTags safeName sanitizeAttr tags | safeName name = t : safeTagsCustom safeName sanitizeAttr tags
| otherwise = mySafeTags safeName sanitizeAttr tags | otherwise = safeTagsCustom safeName sanitizeAttr tags
mySafeTags safeName sanitizeAttr (TagOpen name attributes:tags) safeTagsCustom safeName sanitizeAttr (TagOpen name attributes:tags)
| safeName name = TagOpen name (mapMaybe sanitizeAttr attributes) : | safeName name = TagOpen name (mapMaybe sanitizeAttr attributes) :
mySafeTags safeName sanitizeAttr tags safeTagsCustom safeName sanitizeAttr tags
| otherwise = mySafeTags safeName sanitizeAttr tags | otherwise = safeTagsCustom safeName sanitizeAttr tags
mySafeTags n a (t:tags) = t : mySafeTags n a tags safeTagsCustom n a (t:tags) = t : safeTagsCustom n a tags
safeTagName :: Text -> Bool safeTagName :: Text -> Bool
safeTagName tagname = tagname `member` sanitaryTags safeTagName tagname = tagname `member` sanitaryTags

2
test/main.hs
View File

@ -17,7 +17,7 @@ sanitizedB = test sanitizeBalance
sanitizedC = test sanitizeCustom sanitizedC = test sanitizeCustom
sanitizeCustom :: Text -> Text sanitizeCustom :: Text -> Text
sanitizeCustom = filterTags $ mySafeTags mySafeName mySanitizeAttr sanitizeCustom = filterTags $ safeTagsCustom mySafeName mySanitizeAttr
where where
mySafeName t = t `elem` myTags || safeTagName t mySafeName t = t `elem` myTags || safeTagName t
mySanitizeAttr (key, val) | key `elem` myAttrs = Just (key, val) mySanitizeAttr (key, val) | key `elem` myAttrs = Just (key, val)

2
xss-sanitize.cabal
View File

@ -1,5 +1,5 @@
name: xss-sanitize name: xss-sanitize
version: 0.3.5.7 version: 0.3.5.8
license: BSD2 license: BSD2
license-file: LICENSE license-file: LICENSE
author: Greg Weber <greg@gregweber.info> author: Greg Weber <greg@gregweber.info>