master
Aevann1 2022-04-17 01:06:53 +02:00
parent 0005e0c41b
commit 5e18eb7222
1 changed files with 62 additions and 64 deletions

View File

@ -13,6 +13,7 @@ import signal
import time
import requests
def callback(attrs, new=False):
href = attrs[(None, "href")]
@ -23,12 +24,59 @@ def callback(attrs, new=False):
return attrs
def sanitize(sanitized, noimages=False, alert=False, comment=False, edit=False):
def allowed_attributes(tag, name, value):
def handler(signum, frame):
if name == 'style': return True
if tag == 'marquee':
if name in ['direction', 'behavior', 'scrollamount']: return True
if name in {'height', 'width'}:
try: value = int(value.replace('px', ''))
except: return False
if 0 < value <= 250: return True
return False
if tag == 'a':
if name == 'href': return True
if name == 'rel' and value == 'nofollow noopener noreferrer': return True
if name == 'target' and value == '_blank': return True
return False
if tag == 'img':
if name in ['src','data-src'] and not value.startswith('/') and noimages: return False
if name == 'loading' and value == 'lazy': return True
if name == 'referrpolicy' and value == 'no-referrer': return True
if name == 'data-bs-toggle' and value == 'tooltip': return True
if name in ['src','data-src','alt','title','g','b']: return True
return False
if tag == 'lite-youtube':
if name == 'params' and value.startswith('autoplay=1&modestbranding=1'): return True
if name == 'videoid': return True
return False
if tag == 'video':
if name == 'controls' and value == '': return True
if name == 'preload' and value == 'none': return True
return False
if tag == 'source':
if name == 'src': return True
return False
if tag == 'p':
if name == 'class' and value == 'mb-0': return True
return False
def handler(signum, frame):
print("Timeout!")
raise Exception("Timeout")
def sanitize(sanitized, noimages=False, alert=False, comment=False, edit=False):
signal.signal(signal.SIGALRM, handler)
signal.alarm(1)
@ -200,51 +248,6 @@ def sanitize(sanitized, noimages=False, alert=False, comment=False, edit=False):
allowed_tags = ['b','blockquote','br','code','del','em','h1','h2','h3','h4','h5','h6','hr','i','li','ol','p','pre','strong','sub','sup','table','tbody','th','thead','td','tr','ul','marquee','a','span','ruby','rp','rt','spoiler','img','lite-youtube']
if not noimages: allowed_tags += ['video','source']
def allowed_attributes(tag, name, value):
if name == 'style': return True
if tag == 'marquee':
if name in ['direction', 'behavior', 'scrollamount']: return True
if name in {'height', 'width'}:
try: value = int(value.replace('px', ''))
except: return False
if 0 < value <= 250: return True
return False
if tag == 'a':
if name == 'href': return True
if name == 'rel' and value == 'nofollow noopener noreferrer': return True
if name == 'target' and value == '_blank': return True
return False
if tag == 'img':
if name in ['src','data-src'] and not value.startswith('/') and noimages: return False
if name == 'loading' and value == 'lazy': return True
if name == 'referrpolicy' and value == 'no-referrer': return True
if name == 'data-bs-toggle' and value == 'tooltip': return True
if name in ['src','data-src','alt','title','g','b']: return True
return False
if tag == 'lite-youtube':
if name == 'params' and value.startswith('autoplay=1&modestbranding=1'): return True
if name == 'videoid': return True
return False
if tag == 'video':
if name == 'controls' and value == '': return True
if name == 'preload' and value == 'none': return True
return False
if tag == 'source':
if name == 'src': return True
return False
if tag == 'p':
if name == 'class' and value == 'mb-0': return True
return False
sanitized = bleach.Cleaner(tags=allowed_tags,
attributes=allowed_attributes,
@ -263,11 +266,16 @@ def sanitize(sanitized, noimages=False, alert=False, comment=False, edit=False):
def filter_emojis_only(title, edit=False, graceful=False):
def allowed_attributes2(tag, name, value):
def handler(signum, frame):
print("Timeout!")
raise Exception("Timeout")
if tag == 'img':
if name == 'loading' and value == 'lazy': return True
if name == 'data-bs-toggle' and value == 'tooltip': return True
if name in ['src','alt','title','g']: return True
return False
def filter_emojis_only(title, edit=False, graceful=False):
signal.signal(signal.SIGALRM, handler)
signal.alarm(1)
@ -300,17 +308,7 @@ def filter_emojis_only(title, edit=False, graceful=False):
title = strikethrough_regex.sub(r'<del>\1</del>', title)
def allowed_attributes(tag, name, value):
if tag == 'img':
if name == 'loading' and value == 'lazy': return True
if name == 'data-bs-toggle' and value == 'tooltip': return True
if name in ['src','alt','title','g']: return True
return False
sanitized = bleach.clean(title, tags=['img','del'], attributes=allowed_attributes, protocols=['http','https'])
sanitized = bleach.clean(title, tags=['img','del'], attributes=allowed_attributes2, protocols=['http','https'])
signal.alarm(0)