Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings
This repository was archived by the owner on Nov 8, 2022. It is now read-only.

Commit8b0fa5e

Browse files
committed
chore: wip - add sanitizer
1 parent4b11b29 commit8b0fa5e

File tree

5 files changed

+57
-2
lines changed

5 files changed

+57
-2
lines changed

‎lib/helper/sanitizer.ex‎

Lines changed: 29 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,29 @@
1+
defmoduleHelper.Sanitizerdo
2+
@moduledoc"""
3+
Sanitizer user input from editor.js or other
4+
content contains html tags
5+
see; http://katafrakt.me/2016/09/03/custom-rules-in-htmlsanitizeex/
6+
"""
7+
defmoduleScrubberdo
8+
@moduledocfalse
9+
10+
requireHtmlSanitizeEx.Scrubber.Meta
11+
aliasHtmlSanitizeEx.Scrubber.Meta
12+
13+
Meta.remove_cdata_sections_before_scrub()
14+
Meta.strip_comments()
15+
16+
Meta.allow_tag_with_uri_attributes("a",["href"],["http","https"])
17+
Meta.allow_tag_with_these_attributes("a",["name","title"])
18+
19+
Meta.allow_tag_with_these_attributes("strong",[])
20+
Meta.allow_tag_with_these_attributes("em",[])
21+
Meta.allow_tag_with_these_attributes("p",[])
22+
23+
Meta.strip_everything_not_covered()
24+
end
25+
26+
defsanitize(html)do
27+
html|>HtmlSanitizeEx.Scrubber.scrub(Scrubber)
28+
end
29+
end

‎mix.exs‎

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -100,7 +100,8 @@ defmodule GroupherServer.Mixfile do
100100
# postgres-backed job queue
101101
{:rihanna,"1.3.5"},
102102
# cron-like scheduler job
103-
{:quantum,"~> 2.3"}
103+
{:quantum,"~> 2.3"},
104+
{:html_sanitize_ex,"~> 1.3"}
104105
]
105106
end
106107

‎mix.lock‎

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -37,6 +37,7 @@
3737
"gettext":{:hex,:gettext,"0.17.0","abe21542c831887a2b16f4c94556db9c421ab301aee417b7c4fbde7fbdbe01ec",[:mix],[],"hexpm"},
3838
"guardian":{:hex,:guardian,"2.0.0","5d3e537832b7cf35c8674da92457b7be671666a2eff4bf0f2ccfcfb3a8c67a0b",[:mix],[{:jose,"~> 1.8",[hex::jose,repo:"hexpm",optional:false]},{:plug,"~> 1.3.3 or ~> 1.4",[hex::plug,repo:"hexpm",optional:true]}],"hexpm"},
3939
"hackney":{:hex,:hackney,"1.15.1","9f8f471c844b8ce395f7b6d8398139e26ddca9ebc171a8b91342ee15a19963f4",[:rebar3],[{:certifi,"2.5.1",[hex::certifi,repo:"hexpm",optional:false]},{:idna,"6.0.0",[hex::idna,repo:"hexpm",optional:false]},{:metrics,"1.0.1",[hex::metrics,repo:"hexpm",optional:false]},{:mimerl,"~>1.1",[hex::mimerl,repo:"hexpm",optional:false]},{:ssl_verify_fun,"1.1.4",[hex::ssl_verify_fun,repo:"hexpm",optional:false]}],"hexpm"},
40+
"html_sanitize_ex":{:hex,:html_sanitize_ex,"1.3.0","f005ad692b717691203f940c686208aa3d8ffd9dd4bb3699240096a51fa9564e",[:mix],[{:mochiweb,"~> 2.15",[hex::mochiweb,repo:"hexpm",optional:false]}],"hexpm"},
4041
"idna":{:hex,:idna,"6.0.0","689c46cbcdf3524c44d5f3dde8001f364cd7608a99556d8fbd8239a5798d4c10",[:rebar3],[{:unicode_util_compat,"0.4.1",[hex::unicode_util_compat,repo:"hexpm",optional:false]}],"hexpm"},
4142
"inch_ex":{:hex,:inch_ex,"2.0.0","24268a9284a1751f2ceda569cd978e1fa394c977c45c331bb52a405de544f4de",[:mix],[{:bunt,"~> 0.2",[hex::bunt,repo:"hexpm",optional:false]},{:jason,"~> 1.0",[hex::jason,repo:"hexpm",optional:false]}],"hexpm"},
4243
"jason":{:hex,:jason,"1.1.2","b03dedea67a99223a2eaf9f1264ce37154564de899fd3d8b9a21b1a6fd64afe7",[:mix],[{:decimal,"~> 1.0",[hex::decimal,repo:"hexpm",optional:true]}],"hexpm"},
@@ -47,6 +48,7 @@
4748
"mime":{:hex,:mime,"1.3.1","30ce04ab3175b6ad0bdce0035cba77bba68b813d523d1aac73d9781b4d193cf8",[:mix],[],"hexpm"},
4849
"mimerl":{:hex,:mimerl,"1.2.0","67e2d3f571088d5cfd3e550c383094b47159f3eee8ffa08e64106cdf5e981be3",[:rebar3],[],"hexpm"},
4950
"mix_test_watch":{:hex,:mix_test_watch,"0.9.0","c72132a6071261893518fa08e121e911c9358713f62794a90c95db59042af375",[:mix],[{:file_system,"~> 0.2.1 or ~> 0.3",[hex::file_system,repo:"hexpm",optional:false]}],"hexpm"},
51+
"mochiweb":{:hex,:mochiweb,"2.18.0","eb55f1db3e6e960fac4e6db4e2db9ec3602cc9f30b86cd1481d56545c3145d2e",[],[],"hexpm"},
5052
"nanoid":{:hex,:nanoid,"2.0.1","7ddfe8f3abf1a559c3b673878efbe4feb2c81a657e3f0533aa28be5885257674",[:mix],[],"hexpm"},
5153
"parse_trans":{:hex,:parse_trans,"3.3.0","09765507a3c7590a784615cfd421d101aec25098d50b89d7aa1d66646bc571c1",[:rebar3],[],"hexpm"},
5254
"phoenix":{:hex,:phoenix,"1.4.9","746d098e10741c334d88143d3c94cab1756435f94387a63441792e66ec0ee974",[:mix],[{:jason,"~> 1.0",[hex::jason,repo:"hexpm",optional:true]},{:phoenix_pubsub,"~> 1.1",[hex::phoenix_pubsub,repo:"hexpm",optional:false]},{:plug,"~> 1.8.1 or ~> 1.9",[hex::plug,repo:"hexpm",optional:false]},{:plug_cowboy,"~> 1.0 or ~> 2.0",[hex::plug_cowboy,repo:"hexpm",optional:true]},{:telemetry,"~> 0.4",[hex::telemetry,repo:"hexpm",optional:false]}],"hexpm"},

‎test/helper/rich_text_parser_test.exs‎

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -18,7 +18,7 @@ defmodule GroupherServer.Test.Helper.RichTextParserTest do
1818
true
1919
end
2020

21-
@tag:wip
21+
@tag:wip2
2222
test"real data should work"do
2323
editor_json2=~S({
2424
"time": 1563816717958,

‎test/helper/sanitizer_test.exs‎

Lines changed: 23 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,23 @@
1+
defmoduleGroupherServer.Test.Helper.Sanitizerdo
2+
@moduledocfalse
3+
4+
useGroupherServerWeb.ConnCase,async:true
5+
6+
aliasHelper.RichTextParser,as:Parser
7+
8+
describe"[snaitizer test]"do
9+
@tag:wip
10+
test"basic test"do
11+
html="<h1>1</h1><h2>2</h2><h3>3</h3><h4>4</h4><h5>5</h5><h6>6</h6>"
12+
sanitized=Helper.Sanitizer.sanitize(html)
13+
assertsanitized="123456"
14+
end
15+
16+
@tag:wip
17+
test"disallow ftp urls"do
18+
html="<p>This is <a href=\"ftp://ftp.google.com/test\">FTP test</a></p>"
19+
sanitized=Helper.Sanitizer.sanitize(html)
20+
assertsanitized=="<p>This is <a>FTP test</a></p>"
21+
end
22+
end
23+
end

0 commit comments

Comments
 (0)
[8]ページ先頭
©2009-2025 Movatter.jp