MarseyWorld/files/helpers/sanitize.py

267 lines
8.1 KiB
Python
Raw Normal View History

2021-07-21 01:12:26 +00:00
import bleach
from bs4 import BeautifulSoup
from bleach.linkifier import LinkifyFilter
from urllib.parse import ParseResult, urlunparse, urlparse
2021-07-21 01:12:26 +00:00
from functools import partial
from .get import *
2021-09-14 13:40:52 +00:00
from os import path, environ
2021-09-14 13:43:35 +00:00
import re
2021-07-21 01:12:26 +00:00
2021-08-05 14:41:32 +00:00
site = environ.get("DOMAIN").strip()
2021-08-02 14:27:20 +00:00
2021-07-21 01:12:26 +00:00
_allowed_tags = tags = ['b',
'blockquote',
'br',
'code',
'del',
'em',
'h1',
'h2',
'h3',
'h4',
'h5',
'h6',
'hr',
'i',
'li',
'ol',
'p',
'pre',
'strong',
'sub',
'sup',
'table',
'tbody',
'th',
'thead',
'td',
'tr',
'ul',
'marquee',
'a',
'img',
'span',
]
2021-08-31 21:58:25 +00:00
no_images = ['b',
2021-08-31 21:54:34 +00:00
'blockquote',
'br',
'code',
'del',
'em',
'h1',
'h2',
'h3',
'h4',
'h5',
'h6',
'hr',
'i',
'li',
'ol',
'p',
'pre',
'strong',
'sub',
'sup',
'table',
'tbody',
'th',
'thead',
'td',
'tr',
'ul',
'marquee',
'a',
'span',
]
2021-07-21 01:12:26 +00:00
_allowed_attributes = {
2021-09-26 09:04:49 +00:00
'*': ['href', 'style', 'src', 'class', 'title', 'rel', 'data-bs-original-name']
2021-07-21 01:12:26 +00:00
}
_allowed_protocols = [
'http',
'https'
]
_allowed_styles =[
'color',
2021-09-13 18:35:04 +00:00
'font-weight'
2021-07-21 01:12:26 +00:00
]
# filter to make all links show domain on hover
2021-08-21 12:58:11 +00:00
def a_modify(attrs, whatever):
2021-07-21 01:12:26 +00:00
raw_url=attrs.get((None, "href"), None)
if raw_url:
parsed_url = urlparse(raw_url)
domain = parsed_url.netloc
attrs[(None, "target")] = "_blank"
2021-08-02 14:27:20 +00:00
if domain and not domain.endswith(domain):
2021-09-02 20:33:48 +00:00
attrs[(None, "rel")] = "nofollow noopener noreferrer"
2021-07-21 01:12:26 +00:00
# Force https for all external links in comments
2021-08-04 16:00:57 +00:00
# (Website already forces its own https)
2021-07-21 01:12:26 +00:00
new_url = ParseResult(scheme="https",
netloc=parsed_url.netloc,
path=parsed_url.path,
params=parsed_url.params,
query=parsed_url.query,
fragment=parsed_url.fragment)
attrs[(None, "href")] = urlunparse(new_url)
return attrs
2021-08-31 21:54:34 +00:00
def sanitize(sanitized, noimages=False):
2021-07-21 01:12:26 +00:00
2021-08-21 12:30:54 +00:00
sanitized = sanitized.replace("\ufeff", "").replace("m.youtube.com", "youtube.com")
2021-07-21 01:12:26 +00:00
2021-08-21 16:27:23 +00:00
for i in re.finditer('https://i.imgur.com/(([^_]*?)\.(jpg|png|jpeg))', sanitized):
2021-08-21 16:25:34 +00:00
sanitized = sanitized.replace(i.group(1), i.group(2) + "_d." + i.group(3) + "?maxwidth=9999")
2021-07-21 01:12:26 +00:00
2021-08-31 21:54:34 +00:00
if noimages:
2021-08-31 21:58:25 +00:00
sanitized = bleach.Cleaner(tags=no_images,
2021-08-31 21:54:34 +00:00
attributes=_allowed_attributes,
protocols=_allowed_protocols,
styles=_allowed_styles,
filters=[partial(LinkifyFilter,
skip_tags=["pre"],
parse_email=False,
callbacks=[a_modify]
)
]
).clean(sanitized)
else:
sanitized = bleach.Cleaner(tags=_allowed_tags,
attributes=_allowed_attributes,
protocols=_allowed_protocols,
styles=_allowed_styles,
filters=[partial(LinkifyFilter,
skip_tags=["pre"],
parse_email=False,
callbacks=[a_modify]
)
]
).clean(sanitized)
2021-07-21 01:12:26 +00:00
2021-08-21 12:30:54 +00:00
soup = BeautifulSoup(sanitized, features="html.parser")
2021-07-21 01:12:26 +00:00
2021-08-21 12:30:54 +00:00
for tag in soup.find_all("img"):
2021-07-21 01:12:26 +00:00
2021-08-21 12:30:54 +00:00
url = tag.get("src", "")
if not url: continue
2021-07-21 01:12:26 +00:00
2021-08-21 12:30:54 +00:00
if "profile-pic-20" not in tag.get("class", ""):
2021-07-21 01:12:26 +00:00
2021-09-02 20:33:48 +00:00
tag["rel"] = "nofollow noopener noreferrer"
2021-08-21 12:30:54 +00:00
tag["style"] = "max-height: 100px; max-width: 100%;"
tag["class"] = "in-comment-image rounded-sm my-2"
2021-09-03 14:08:32 +00:00
tag["loading"] = "lazy"
2021-07-21 01:12:26 +00:00
2021-08-21 12:30:54 +00:00
link = soup.new_tag("a")
link["href"] = tag["src"]
2021-09-02 20:33:48 +00:00
link["rel"] = "nofollow noopener noreferrer"
2021-08-21 12:30:54 +00:00
link["target"] = "_blank"
2021-07-21 01:12:26 +00:00
2021-08-21 12:30:54 +00:00
link["onclick"] = f"expandDesktopImage('{tag['src']}');"
2021-09-26 09:04:49 +00:00
link["data-bs-toggle"] = "modal"
link["data-bs-target"] = "#expandImageModal"
2021-07-21 01:12:26 +00:00
2021-08-21 12:30:54 +00:00
tag.wrap(link)
2021-07-21 01:12:26 +00:00
2021-08-21 12:30:54 +00:00
#disguised link preventer
for tag in soup.find_all("a"):
2021-07-21 01:12:26 +00:00
2021-08-21 12:30:54 +00:00
if re.match("https?://\S+", str(tag.string)):
try:
tag.string = tag["href"]
except:
tag.string = ""
2021-07-21 01:12:26 +00:00
2021-08-21 12:30:54 +00:00
#clean up tags in code
for tag in soup.find_all("code"):
tag.contents=[x.string for x in tag.contents if x.string]
2021-07-21 01:12:26 +00:00
2021-08-21 12:30:54 +00:00
#whatever else happens with images, there are only two sets of classes allowed
for tag in soup.find_all("img"):
if 'profile-pic-20' not in tag.attrs.get("class",""):
tag.attrs['class']="in-comment-image rounded-sm my-2"
2021-07-21 01:12:26 +00:00
2021-08-21 12:30:54 +00:00
#table format
for tag in soup.find_all("table"):
tag.attrs['class']="table table-striped"
2021-07-21 01:12:26 +00:00
2021-08-21 12:30:54 +00:00
for tag in soup.find_all("thead"):
tag.attrs['class']="bg-primary text-white"
2021-07-21 01:12:26 +00:00
2021-08-21 12:30:54 +00:00
sanitized = str(soup)
2021-07-21 01:12:26 +00:00
start = '<s>'
end = '</s>'
2021-09-05 19:47:05 +00:00
2021-09-06 22:26:28 +00:00
try:
if not session.get("favorite_emojis"): session["favorite_emojis"] = {}
2021-09-07 02:07:11 +00:00
except:
2021-09-06 22:26:28 +00:00
pass
2021-09-05 19:47:05 +00:00
2021-08-05 14:58:25 +00:00
if start in sanitized and end in sanitized and start in sanitized.split(end)[0] and end in sanitized.split(start)[1]: sanitized = sanitized.replace(start, '<span class="spoiler">').replace(end, '</span>')
2021-07-21 01:12:26 +00:00
2021-09-30 23:57:24 +00:00
for i in re.finditer("<p>\s*((:\w+:)\s*)+<\/p>", sanitized):
2021-10-01 00:23:26 +00:00
old = i.group(0)
2021-10-01 00:26:21 +00:00
new = old.lower().replace("<p>", "<p style='margin-bottom:0 !important'>")
for i in re.finditer('\w*(?<!"):([^ ]{1,30}?):', new):
2021-09-30 21:25:51 +00:00
emoji = i.group(1).lower()
2021-09-30 21:01:52 +00:00
if path.isfile(f'./files/assets/images/emojis/{emoji}.webp'):
2021-10-01 00:26:21 +00:00
new = re.sub(f'\w*(?<!"):{emoji}:', f'<img loading="lazy" data-bs-toggle="tooltip" alt=":{emoji}:" title=":{emoji}:" delay="0" height=60 src="https://{site}/assets/images/emojis/{emoji}.webp">', new)
2021-10-01 00:12:27 +00:00
2021-10-01 00:13:20 +00:00
if emoji in session["favorite_emojis"]: session["favorite_emojis"][emoji] += 1
else: session["favorite_emojis"][emoji] = 1
2021-10-01 00:21:33 +00:00
2021-10-01 00:26:21 +00:00
sanitized = sanitized.replace(old, new)
2021-10-01 00:13:20 +00:00
2021-10-01 00:24:39 +00:00
for i in re.finditer('\w*(?<!"):([^ ]{1,30}?):', sanitized):
emoji = i.group(1).lower()
if path.isfile(f'./files/assets/images/emojis/{emoji}.webp'):
sanitized = re.sub(f'\w*(?<!"):{emoji}:', f'<img loading="lazy" data-bs-toggle="tooltip" alt=":{emoji}:" title=":{emoji}:" delay="0" height=30 src="https://{site}/assets/images/emojis/{emoji}.webp">', sanitized)
if emoji in session["favorite_emojis"]: session["favorite_emojis"][emoji] += 1
else: session["favorite_emojis"][emoji] = 1
2021-09-05 17:55:36 +00:00
2021-07-21 01:12:26 +00:00
2021-09-23 20:43:11 +00:00
sanitized = sanitized.replace("https://www.", "https://").replace("https://youtu.be/", "https://youtube.com/watch?v=").replace("https://music.youtube.com/watch?v=", "https://youtube.com/watch?v=").replace("https://open.spotify.com/", "https://open.spotify.com/embed/").replace("https://streamable.com/", "https://streamable.com/e/").replace("https://youtube.com/shorts/", "https://youtube.com/watch?v=").replace("https://mobile.twitter", "https://twitter").replace("https://m.facebook", "https://facebook").replace("https://m.wikipedia", "https://wikipedia").replace("https://m.youtube", "https://youtube")
2021-08-22 19:51:19 +00:00
for i in re.finditer('" target="_blank">(https://youtube.com/watch\?v\=.*?)</a>', sanitized):
url = i.group(1)
replacing = f'<a href="{url}" target="_blank">{url}</a>'
2021-09-21 19:56:15 +00:00
htmlsource = f'<div style="padding-top:5px; padding-bottom: 10px;"><iframe style="max-width:100%" frameborder="0" src="{url}?controls=0"></iframe></div>'
2021-08-22 19:51:19 +00:00
sanitized = sanitized.replace(replacing, htmlsource.replace("watch?v=", "embed/"))
for i in re.finditer('<a href="(https://streamable.com/e/.*?)"', sanitized):
2021-07-21 01:12:26 +00:00
url = i.group(1)
2021-08-14 23:40:44 +00:00
replacing = f'<a href="{url}" target="_blank">{url}</a>'
2021-09-21 19:56:15 +00:00
htmlsource = f'<div style="padding-top:5px; padding-bottom: 10px;"><iframe style="max-width:100%" frameborder="0" src="{url}?controls=0"></iframe></div>'
2021-07-21 01:12:26 +00:00
sanitized = sanitized.replace(replacing, htmlsource)
2021-08-22 19:51:19 +00:00
2021-07-21 01:12:26 +00:00
for i in re.finditer('<a href="(https://open.spotify.com/embed/.*?)"', sanitized):
url = i.group(1)
2021-08-14 23:40:44 +00:00
replacing = f'<a href="{url}" target="_blank">{url}</a>'
2021-07-21 01:12:26 +00:00
htmlsource = f'<iframe src="{url}" width="100%" height="80" frameBorder="0" allowtransparency="true" allow="encrypted-media"></iframe>'
sanitized = sanitized.replace(replacing, htmlsource)
for rd in ["https://reddit.com/", "https://new.reddit.com/", "https://www.reddit.com/", "https://redd.it/"]:
sanitized = sanitized.replace(rd, "https://old.reddit.com/")
2021-09-01 21:16:51 +00:00
2021-09-02 20:33:48 +00:00
sanitized = re.sub(' (https:\/\/[^ <>]*)', r' <a target="_blank" rel="nofollow noopener noreferrer" href="\1">\1</a>', sanitized)
2021-09-19 11:02:35 +00:00
sanitized = re.sub('<p>(https:\/\/[^ <>]*)', r'<p><a target="_blank" rel="nofollow noopener noreferrer" href="\1">\1</a></p>', sanitized)
2021-09-01 20:58:53 +00:00
return sanitized