summaryrefslogtreecommitdiff
path: root/vendor/github.com/microcosm-cc/bluemonday/policy.go
diff options
context:
space:
mode:
Diffstat (limited to 'vendor/github.com/microcosm-cc/bluemonday/policy.go')
-rw-r--r--vendor/github.com/microcosm-cc/bluemonday/policy.go74
1 files changed, 74 insertions, 0 deletions
diff --git a/vendor/github.com/microcosm-cc/bluemonday/policy.go b/vendor/github.com/microcosm-cc/bluemonday/policy.go
index 71f6b8db8..1a5e00ce6 100644
--- a/vendor/github.com/microcosm-cc/bluemonday/policy.go
+++ b/vendor/github.com/microcosm-cc/bluemonday/policy.go
@@ -74,6 +74,9 @@ type Policy struct {
// When true, add crossorigin="anonymous" to HTML audio, img, link, script, and video tags
requireCrossOriginAnonymous bool
+ // When true, add and filter sandbox attribute on iframe tags
+ requireSandboxOnIFrame map[string]bool
+
// When true add target="_blank" to fully qualified links
// Will add for href="http://foo"
// Will skip for href="/foo" or href="foo"
@@ -189,6 +192,25 @@ type stylePolicyBuilder struct {
type urlPolicy func(url *url.URL) (allowUrl bool)
+type SandboxValue int64
+
+const (
+ SandboxAllowDownloads SandboxValue = iota
+ SandboxAllowDownloadsWithoutUserActivation
+ SandboxAllowForms
+ SandboxAllowModals
+ SandboxAllowOrientationLock
+ SandboxAllowPointerLock
+ SandboxAllowPopups
+ SandboxAllowPopupsToEscapeSandbox
+ SandboxAllowPresentation
+ SandboxAllowSameOrigin
+ SandboxAllowScripts
+ SandboxAllowStorageAccessByUserActivation
+ SandboxAllowTopNavigation
+ SandboxAllowTopNavigationByUserActivation
+)
+
// init initializes the maps if this has not been done already
func (p *Policy) init() {
if !p.initialized {
@@ -680,6 +702,58 @@ func (p *Policy) AllowURLSchemeWithCustomPolicy(
return p
}
+// RequireSandboxOnIFrame will result in all iframe tags having a sandbox="" tag
+// Any sandbox values not specified here will be filtered from the generated HTML
+func (p *Policy) RequireSandboxOnIFrame(vals ...SandboxValue) {
+ p.requireSandboxOnIFrame = make(map[string]bool)
+
+ for _, val := range vals {
+ switch SandboxValue(val) {
+ case SandboxAllowDownloads:
+ p.requireSandboxOnIFrame["allow-downloads"] = true
+
+ case SandboxAllowDownloadsWithoutUserActivation:
+ p.requireSandboxOnIFrame["allow-downloads-without-user-activation"] = true
+
+ case SandboxAllowForms:
+ p.requireSandboxOnIFrame["allow-forms"] = true
+
+ case SandboxAllowModals:
+ p.requireSandboxOnIFrame["allow-modals"] = true
+
+ case SandboxAllowOrientationLock:
+ p.requireSandboxOnIFrame["allow-orientation-lock"] = true
+
+ case SandboxAllowPointerLock:
+ p.requireSandboxOnIFrame["allow-pointer-lock"] = true
+
+ case SandboxAllowPopups:
+ p.requireSandboxOnIFrame["allow-popups"] = true
+
+ case SandboxAllowPopupsToEscapeSandbox:
+ p.requireSandboxOnIFrame["allow-popups-to-escape-sandbox"] = true
+
+ case SandboxAllowPresentation:
+ p.requireSandboxOnIFrame["allow-presentation"] = true
+
+ case SandboxAllowSameOrigin:
+ p.requireSandboxOnIFrame["allow-same-origin"] = true
+
+ case SandboxAllowScripts:
+ p.requireSandboxOnIFrame["allow-scripts"] = true
+
+ case SandboxAllowStorageAccessByUserActivation:
+ p.requireSandboxOnIFrame["allow-storage-access-by-user-activation"] = true
+
+ case SandboxAllowTopNavigation:
+ p.requireSandboxOnIFrame["allow-top-navigation"] = true
+
+ case SandboxAllowTopNavigationByUserActivation:
+ p.requireSandboxOnIFrame["allow-top-navigation-by-user-activation"] = true
+ }
+ }
+}
+
// AddSpaceWhenStrippingTag states whether to add a single space " " when
// removing tags that are not allowed by the policy.
//
generated by cgit v1.2.3 (git 2.46.0) at 2025-08-05 03:50:33 +0000