haskell/xss-sanitize
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

minimize br and img

Browse Source
This commit is contained in:
Greg Weber 2010-09-24 09:14:15 -07:00
parent ca3b8e7b0c
commit b051155461
2 changed files with 7 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
Text/HTML/SanitizeXSS.hs
View File

@ -12,7 +12,9 @@ import Codec.Binary.UTF8.String ( encodeString, decodeString )
import Text.HTML.TagSoup
sanitizeXSS :: String -> String
sanitizeXSS = renderTags . safeTags . parseTagsOptions parseOptions { optTagPosition = True }
sanitizeXSS = renderTagsOptions renderOptions {
optMinimize = \x -> x `elem` ["br","img"]
} . safeTags . parseTagsOptions parseOptions { optTagPosition = True }
where
safeTags :: [Tag String] -> [Tag String]
safeTags [] = []

8
test.hs
View File

@ -1,7 +1,7 @@
import Text.HTML.SanitizeXSS
main = do
let test = " <a href='unsafe://hack.com'>anchor</a> <img src='evil://evil.com' /> </foo> "
let result = (sanitizeXSS test)
let expected = " <a>anchor</a> <img /> "
putStrLn $ if result == expected then "pass" else "failure parsing:" ++ (show test) ++ "\nexpected:" ++ (show expected) ++ "\nactual: " ++ (show result)
let test = " <a href='unsafe://hack.com'>anchor</a> <img src='evil://evil.com' /> </foo> <br></br> "
let actual = (sanitizeXSS test)
let expected = " <a>anchor</a> <img /> <br /> "
putStrLn $ if actual == expected then "pass" else "failure parsing:" ++ (show test) ++ "\nexpected:" ++ (show expected) ++ "\nactual: " ++ (show actual)