diff options
Diffstat (limited to 'vendor/github.com/microcosm-cc')
| -rw-r--r-- | vendor/github.com/microcosm-cc/bluemonday/CONTRIBUTING.md | 50 | ||||
| -rw-r--r-- | vendor/github.com/microcosm-cc/bluemonday/CREDITS.md | 8 | ||||
| -rw-r--r-- | vendor/github.com/microcosm-cc/bluemonday/LICENSE.md | 28 | ||||
| -rw-r--r-- | vendor/github.com/microcosm-cc/bluemonday/README.md | 386 | ||||
| -rw-r--r-- | vendor/github.com/microcosm-cc/bluemonday/SECURITY.md | 13 | ||||
| -rw-r--r-- | vendor/github.com/microcosm-cc/bluemonday/css/handlers.go | 2016 | ||||
| -rw-r--r-- | vendor/github.com/microcosm-cc/bluemonday/doc.go | 104 | ||||
| -rw-r--r-- | vendor/github.com/microcosm-cc/bluemonday/helpers.go | 300 | ||||
| -rw-r--r-- | vendor/github.com/microcosm-cc/bluemonday/policies.go | 253 | ||||
| -rw-r--r-- | vendor/github.com/microcosm-cc/bluemonday/policy.go | 990 | ||||
| -rw-r--r-- | vendor/github.com/microcosm-cc/bluemonday/sanitize.go | 1096 |
11 files changed, 0 insertions, 5244 deletions
diff --git a/vendor/github.com/microcosm-cc/bluemonday/CONTRIBUTING.md b/vendor/github.com/microcosm-cc/bluemonday/CONTRIBUTING.md deleted file mode 100644 index d33909f81..000000000 --- a/vendor/github.com/microcosm-cc/bluemonday/CONTRIBUTING.md +++ /dev/null @@ -1,50 +0,0 @@ -# Contributing to bluemonday - -Third-party patches are essential for keeping bluemonday secure and offering the features developers want. However there are a few guidelines that we need contributors to follow so that we can maintain the quality of work that developers who use bluemonday expect. - -## Getting Started - -* Make sure you have a [Github account](https://github.com/signup/free) - -## Guidelines - -1. Do not vendor dependencies. Vendoring is a project problem, not a package problem. -2. I do not care about spelling mistakes or whitespace and I do not believe that you should either. PRs therefore must be functional in their nature or be substantial and impactful if documentation or examples. -3. This module does not participate in hacktober, please make your contributions meaningful. - -## Submitting an Issue - -* Submit a ticket for your issue, assuming one does not already exist -* Clearly describe the issue including the steps to reproduce (with sample input and output) if it is a bug - -If you are reporting a security flaw, you may expect that we will provide the code to fix it for you. Otherwise you may want to submit a pull request to ensure the resolution is applied sooner rather than later: - -* Fork the repository on Github -* Issue a pull request containing code to resolve the issue - -## Submitting a Pull Request - -* Submit a ticket for your issue, assuming one does not already exist -* Describe the reason for the pull request and if applicable show some example inputs and outputs to demonstrate what the patch does -* Fork the repository on Github -* Before submitting the pull request you should - 1. Include tests for your patch, 1 test should encapsulate the entire patch and should refer to the Github issue - 1. If you have added new exposed/public functionality, you should ensure it is documented appropriately - 1. If you have added new exposed/public functionality, you should consider demonstrating how to use it within one of the helpers or shipped policies if appropriate or within a test if modifying a helper or policy is not appropriate - 1. Run all of the tests `go test -v ./...` and ensure all tests pass - 1. Run gofmt `go fmt ./...` - 1. Run vet `go vet ./...` and resolve any issues -* When submitting the pull request you should - 1. Note the issue(s) it resolves, i.e. `Closes #6` in the pull request comment to close issue #6 when the pull request is accepted - -Once you have submitted a pull request, we *may* merge it without changes. If we have any comments or feedback, or need you to make changes to your pull request we will update the Github pull request or the associated issue. We expect responses from you within two weeks, and we may close the pull request is there is no activity. - -### Contributor Licence Agreement - -We haven't gone for the formal "Sign a Contributor Licence Agreement" thing that projects like [puppet](https://cla.puppetlabs.com/), [Mojito](https://developer.yahoo.com/cocktails/mojito/cla/) and companies like [Google](http://code.google.com/legal/individual-cla-v1.0.html) are using. - -But we do need to know that we can accept and merge your contributions, so for now the act of contributing a pull request should be considered equivalent to agreeing to a contributor licence agreement, specifically: - -* You accept that the act of submitting code to the bluemonday project is to grant a copyright licence to the project that is perpetual, worldwide, non-exclusive, no-charge, royalty free and irrevocable. -* You accept that all who comply with the licence of the project (BSD 3-clause) are permitted to use your contributions to the project. -* You accept, and by submitting code do declare, that you have the legal right to grant such a licence to the project and that each of the contributions is your own original creation. diff --git a/vendor/github.com/microcosm-cc/bluemonday/CREDITS.md b/vendor/github.com/microcosm-cc/bluemonday/CREDITS.md deleted file mode 100644 index 68fa88da8..000000000 --- a/vendor/github.com/microcosm-cc/bluemonday/CREDITS.md +++ /dev/null @@ -1,8 +0,0 @@ -1. John Graham-Cumming http://jgc.org/ -1. Mohammad Gufran https://github.com/Gufran -1. Steven Gutzwiller https://github.com/StevenGutzwiller -1. Andrew Krasichkov @buglloc https://github.com/buglloc -1. Mike Samuel mikesamuel@gmail.com -1. Dmitri Shuralyov shurcooL@gmail.com -1. opennota https://github.com/opennota https://gitlab.com/opennota -1. Tom Anthony https://www.tomanthony.co.uk/
\ No newline at end of file diff --git a/vendor/github.com/microcosm-cc/bluemonday/LICENSE.md b/vendor/github.com/microcosm-cc/bluemonday/LICENSE.md deleted file mode 100644 index f822458ed..000000000 --- a/vendor/github.com/microcosm-cc/bluemonday/LICENSE.md +++ /dev/null @@ -1,28 +0,0 @@ -Copyright (c) 2014, David Kitchen <david@buro9.com> - -All rights reserved. - -Redistribution and use in source and binary forms, with or without -modification, are permitted provided that the following conditions are met: - -* Redistributions of source code must retain the above copyright notice, this - list of conditions and the following disclaimer. - -* Redistributions in binary form must reproduce the above copyright notice, - this list of conditions and the following disclaimer in the documentation - and/or other materials provided with the distribution. - -* Neither the name of the organisation (Microcosm) nor the names of its - contributors may be used to endorse or promote products derived from - this software without specific prior written permission. - -THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" -AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE -DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE -FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR -SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER -CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, -OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE -OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. diff --git a/vendor/github.com/microcosm-cc/bluemonday/README.md b/vendor/github.com/microcosm-cc/bluemonday/README.md deleted file mode 100644 index 023a3041f..000000000 --- a/vendor/github.com/microcosm-cc/bluemonday/README.md +++ /dev/null @@ -1,386 +0,0 @@ -# bluemonday [](https://godoc.org/github.com/microcosm-cc/bluemonday) [](https://sourcegraph.com/github.com/microcosm-cc/bluemonday?badge) - -bluemonday is a HTML sanitizer implemented in Go. It is fast and highly configurable. - -bluemonday takes untrusted user generated content as an input, and will return HTML that has been sanitised against an allowlist of approved HTML elements and attributes so that you can safely include the content in your web page. - -If you accept user generated content, and your server uses Go, you **need** bluemonday. - -The default policy for user generated content (`bluemonday.UGCPolicy().Sanitize()`) turns this: -```html -Hello <STYLE>.XSS{background-image:url("javascript:alert('XSS')");}</STYLE><A CLASS=XSS></A>World -``` - -Into a harmless: -```html -Hello World -``` - -And it turns this: -```html -<a href="javascript:alert('XSS1')" onmouseover="alert('XSS2')">XSS<a> -``` - -Into this: -```html -XSS -``` - -Whilst still allowing this: -```html -<a href="http://www.google.com/"> - <img src="https://ssl.gstatic.com/accounts/ui/logo_2x.png"/> -</a> -``` - -To pass through mostly unaltered (it gained a rel="nofollow" which is a good thing for user generated content): -```html -<a href="http://www.google.com/" rel="nofollow"> - <img src="https://ssl.gstatic.com/accounts/ui/logo_2x.png"/> -</a> -``` - -It protects sites from [XSS](http://en.wikipedia.org/wiki/Cross-site_scripting) attacks. There are many [vectors for an XSS attack](https://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet) and the best way to mitigate the risk is to sanitize user input against a known safe list of HTML elements and attributes. - -You should **always** run bluemonday **after** any other processing. - -If you use [blackfriday](https://github.com/russross/blackfriday) or [Pandoc](http://johnmacfarlane.net/pandoc/) then bluemonday should be run after these steps. This ensures that no insecure HTML is introduced later in your process. - -bluemonday is heavily inspired by both the [OWASP Java HTML Sanitizer](https://code.google.com/p/owasp-java-html-sanitizer/) and the [HTML Purifier](http://htmlpurifier.org/). - -## Technical Summary - -Allowlist based, you need to either build a policy describing the HTML elements and attributes to permit (and the `regexp` patterns of attributes), or use one of the supplied policies representing good defaults. - -The policy containing the allowlist is applied using a fast non-validating, forward only, token-based parser implemented in the [Go net/html library](https://godoc.org/golang.org/x/net/html) by the core Go team. - -We expect to be supplied with well-formatted HTML (closing elements for every applicable open element, nested correctly) and so we do not focus on repairing badly nested or incomplete HTML. We focus on simply ensuring that whatever elements do exist are described in the policy allowlist and that attributes and links are safe for use on your web page. [GIGO](http://en.wikipedia.org/wiki/Garbage_in,_garbage_out) does apply and if you feed it bad HTML bluemonday is not tasked with figuring out how to make it good again. - -## Is it production ready? - -*Yes* - -We are using bluemonday in production having migrated from the widely used and heavily field tested OWASP Java HTML Sanitizer. - -We are passing our extensive test suite (including AntiSamy tests as well as tests for any issues raised). Check for any [unresolved issues](https://github.com/microcosm-cc/bluemonday/issues?page=1&state=open) to see whether anything may be a blocker for you. - -We invite pull requests and issues to help us ensure we are offering comprehensive protection against various attacks via user generated content. - -## Usage - -Install using `go get github.com/microcosm-cc/bluemonday` - -Then call it: -```go -package main - -import ( - "fmt" - - "github.com/microcosm-cc/bluemonday" -) - -func main() { - // Do this once for each unique policy, and use the policy for the life of the program - // Policy creation/editing is not safe to use in multiple goroutines - p := bluemonday.UGCPolicy() - - // The policy can then be used to sanitize lots of input and it is safe to use the policy in multiple goroutines - html := p.Sanitize( - `<a onblur="alert(secret)" href="http://www.google.com">Google</a>`, - ) - - // Output: - // <a href="http://www.google.com" rel="nofollow">Google</a> - fmt.Println(html) -} -``` - -We offer three ways to call Sanitize: -```go -p.Sanitize(string) string -p.SanitizeBytes([]byte) []byte -p.SanitizeReader(io.Reader) bytes.Buffer -``` - -If you are obsessed about performance, `p.SanitizeReader(r).Bytes()` will return a `[]byte` without performing any unnecessary casting of the inputs or outputs. Though the difference is so negligible you should never need to care. - -You can build your own policies: -```go -package main - -import ( - "fmt" - - "github.com/microcosm-cc/bluemonday" -) - -func main() { - p := bluemonday.NewPolicy() - - // Require URLs to be parseable by net/url.Parse and either: - // mailto: http:// or https:// - p.AllowStandardURLs() - - // We only allow <p> and <a href=""> - p.AllowAttrs("href").OnElements("a") - p.AllowElements("p") - - html := p.Sanitize( - `<a onblur="alert(secret)" href="http://www.google.com">Google</a>`, - ) - - // Output: - // <a href="http://www.google.com">Google</a> - fmt.Println(html) -} -``` - -We ship two default policies: - -1. `bluemonday.StrictPolicy()` which can be thought of as equivalent to stripping all HTML elements and their attributes as it has nothing on its allowlist. An example usage scenario would be blog post titles where HTML tags are not expected at all and if they are then the elements *and* the content of the elements should be stripped. This is a *very* strict policy. -2. `bluemonday.UGCPolicy()` which allows a broad selection of HTML elements and attributes that are safe for user generated content. Note that this policy does *not* allow iframes, object, embed, styles, script, etc. An example usage scenario would be blog post bodies where a variety of formatting is expected along with the potential for TABLEs and IMGs. - -## Policy Building - -The essence of building a policy is to determine which HTML elements and attributes are considered safe for your scenario. OWASP provide an [XSS prevention cheat sheet](https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet) to help explain the risks, but essentially: - -1. Avoid anything other than the standard HTML elements -1. Avoid `script`, `style`, `iframe`, `object`, `embed`, `base` elements that allow code to be executed by the client or third party content to be included that can execute code -1. Avoid anything other than plain HTML attributes with values matched to a regexp - -Basically, you should be able to describe what HTML is fine for your scenario. If you do not have confidence that you can describe your policy please consider using one of the shipped policies such as `bluemonday.UGCPolicy()`. - -To create a new policy: -```go -p := bluemonday.NewPolicy() -``` - -To add elements to a policy either add just the elements: -```go -p.AllowElements("b", "strong") -``` - -Or using a regex: - -_Note: if an element is added by name as shown above, any matching regex will be ignored_ - -It is also recommended to ensure multiple patterns don't overlap as order of execution is not guaranteed and can result in some rules being missed. -```go -p.AllowElementsMatching(regex.MustCompile(`^my-element-`)) -``` - -Or add elements as a virtue of adding an attribute: -```go -// Note the recommended pattern, see the recommendation on using .Matching() below -p.AllowAttrs("nowrap").OnElements("td", "th") -``` - -Again, this also supports a regex pattern match alternative: -```go -p.AllowAttrs("nowrap").OnElementsMatching(regex.MustCompile(`^my-element-`)) -``` - -Attributes can either be added to all elements: -```go -p.AllowAttrs("dir").Matching(regexp.MustCompile("(?i)rtl|ltr")).Globally() -``` - -Or attributes can be added to specific elements: -```go -// Not the recommended pattern, see the recommendation on using .Matching() below -p.AllowAttrs("value").OnElements("li") -``` - -It is **always** recommended that an attribute be made to match a pattern. XSS in HTML attributes is very easy otherwise: -```go -// \p{L} matches unicode letters, \p{N} matches unicode numbers -p.AllowAttrs("title").Matching(regexp.MustCompile(`[\p{L}\p{N}\s\-_',:\[\]!\./\\\(\)&]*`)).Globally() -``` - -You can stop at any time and call .Sanitize(): -```go -// string htmlIn passed in from a HTTP POST -htmlOut := p.Sanitize(htmlIn) -``` - -And you can take any existing policy and extend it: -```go -p := bluemonday.UGCPolicy() -p.AllowElements("fieldset", "select", "option") -``` - -### Inline CSS - -Although it's possible to handle inline CSS using `AllowAttrs` with a `Matching` rule, writing a single monolithic regular expression to safely process all inline CSS which you wish to allow is not a trivial task. Instead of attempting to do so, you can allow the `style` attribute on whichever element(s) you desire and use style policies to control and sanitize inline styles. - -It is strongly recommended that you use `Matching` (with a suitable regular expression) -`MatchingEnum`, or `MatchingHandler` to ensure each style matches your needs, -but default handlers are supplied for most widely used styles. - -Similar to attributes, you can allow specific CSS properties to be set inline: -```go -p.AllowAttrs("style").OnElements("span", "p") -// Allow the 'color' property with valid RGB(A) hex values only (on any element allowed a 'style' attribute) -p.AllowStyles("color").Matching(regexp.MustCompile("(?i)^#([0-9a-f]{3,4}|[0-9a-f]{6}|[0-9a-f]{8})$")).Globally() -``` - -Additionally, you can allow a CSS property to be set only to an allowed value: -```go -p.AllowAttrs("style").OnElements("span", "p") -// Allow the 'text-decoration' property to be set to 'underline', 'line-through' or 'none' -// on 'span' elements only -p.AllowStyles("text-decoration").MatchingEnum("underline", "line-through", "none").OnElements("span") -``` - -Or you can specify elements based on a regex pattern match: -```go -p.AllowAttrs("style").OnElementsMatching(regex.MustCompile(`^my-element-`)) -// Allow the 'text-decoration' property to be set to 'underline', 'line-through' or 'none' -// on 'span' elements only -p.AllowStyles("text-decoration").MatchingEnum("underline", "line-through", "none").OnElementsMatching(regex.MustCompile(`^my-element-`)) -``` - -If you need more specific checking, you can create a handler that takes in a string and returns a bool to -validate the values for a given property. The string parameter has been -converted to lowercase and unicode code points have been converted. -```go -myHandler := func(value string) bool{ - // Validate your input here - return true -} -p.AllowAttrs("style").OnElements("span", "p") -// Allow the 'color' property with values validated by the handler (on any element allowed a 'style' attribute) -p.AllowStyles("color").MatchingHandler(myHandler).Globally() -``` - -### Links - -Links are difficult beasts to sanitise safely and also one of the biggest attack vectors for malicious content. - -It is possible to do this: -```go -p.AllowAttrs("href").Matching(regexp.MustCompile(`(?i)mailto|https?`)).OnElements("a") -``` - -But that will not protect you as the regular expression is insufficient in this case to have prevented a malformed value doing something unexpected. - -We provide some additional global options for safely working with links. - -`RequireParseableURLs` will ensure that URLs are parseable by Go's `net/url` package: -```go -p.RequireParseableURLs(true) -``` - -If you have enabled parseable URLs then the following option will `AllowRelativeURLs`. By default this is disabled (bluemonday is an allowlist tool... you need to explicitly tell us to permit things) and when disabled it will prevent all local and scheme relative URLs (i.e. `href="localpage.html"`, `href="../home.html"` and even `href="//www.google.com"` are relative): -```go -p.AllowRelativeURLs(true) -``` - -If you have enabled parseable URLs then you can allow the schemes (commonly called protocol when thinking of `http` and `https`) that are permitted. Bear in mind that allowing relative URLs in the above option will allow for a blank scheme: -```go -p.AllowURLSchemes("mailto", "http", "https") -``` - -Regardless of whether you have enabled parseable URLs, you can force all URLs to have a rel="nofollow" attribute. This will be added if it does not exist, but only when the `href` is valid: -```go -// This applies to "a" "area" "link" elements that have a "href" attribute -p.RequireNoFollowOnLinks(true) -``` - -Similarly, you can force all URLs to have "noreferrer" in their rel attribute. -```go -// This applies to "a" "area" "link" elements that have a "href" attribute -p.RequireNoReferrerOnLinks(true) -``` - - -We provide a convenience method that applies all of the above, but you will still need to allow the linkable elements for the URL rules to be applied to: -```go -p.AllowStandardURLs() -p.AllowAttrs("cite").OnElements("blockquote", "q") -p.AllowAttrs("href").OnElements("a", "area") -p.AllowAttrs("src").OnElements("img") -``` - -An additional complexity regarding links is the data URI as defined in [RFC2397](http://tools.ietf.org/html/rfc2397). The data URI allows for images to be served inline using this format: - -```html -<img src="data:image/webp;base64,UklGRh4AAABXRUJQVlA4TBEAAAAvAAAAAAfQ//73v/+BiOh/AAA="> -``` - -We have provided a helper to verify the mimetype followed by base64 content of data URIs links: - -```go -p.AllowDataURIImages() -``` - -That helper will enable GIF, JPEG, PNG and WEBP images. - -It should be noted that there is a potential [security](http://palizine.plynt.com/issues/2010Oct/bypass-xss-filters/) [risk](https://capec.mitre.org/data/definitions/244.html) with the use of data URI links. You should only enable data URI links if you already trust the content. - -We also have some features to help deal with user generated content: -```go -p.AddTargetBlankToFullyQualifiedLinks(true) -``` - -This will ensure that anchor `<a href="" />` links that are fully qualified (the href destination includes a host name) will get `target="_blank"` added to them. - -Additionally any link that has `target="_blank"` after the policy has been applied will also have the `rel` attribute adjusted to add `noopener`. This means a link may start like `<a href="//host/path"/>` and will end up as `<a href="//host/path" rel="noopener" target="_blank">`. It is important to note that the addition of `noopener` is a security feature and not an issue. There is an unfortunate feature to browsers that a browser window opened as a result of `target="_blank"` can still control the opener (your web page) and this protects against that. The background to this can be found here: [https://dev.to/ben/the-targetblank-vulnerability-by-example](https://dev.to/ben/the-targetblank-vulnerability-by-example) - -### Policy Building Helpers - -We also bundle some helpers to simplify policy building: -```go - -// Permits the "dir", "id", "lang", "title" attributes globally -p.AllowStandardAttributes() - -// Permits the "img" element and its standard attributes -p.AllowImages() - -// Permits ordered and unordered lists, and also definition lists -p.AllowLists() - -// Permits HTML tables and all applicable elements and non-styling attributes -p.AllowTables() -``` - -### Invalid Instructions - -The following are invalid: -```go -// This does not say where the attributes are allowed, you need to add -// .Globally() or .OnElements(...) -// This will be ignored without error. -p.AllowAttrs("value") - -// This does not say where the attributes are allowed, you need to add -// .Globally() or .OnElements(...) -// This will be ignored without error. -p.AllowAttrs( - "type", -).Matching( - regexp.MustCompile("(?i)^(circle|disc|square|a|A|i|I|1)$"), -) -``` - -Both examples exhibit the same issue, they declare attributes but do not then specify whether they are allowed globally or only on specific elements (and which elements). Attributes belong to one or more elements, and the policy needs to declare this. - -## Limitations - -We are not yet including any tools to help allow and sanitize CSS. Which means that unless you wish to do the heavy lifting in a single regular expression (inadvisable), **you should not allow the "style" attribute anywhere**. - -In the same theme, both `<script>` and `<style>` are considered harmful. These elements (and their content) will not be rendered by default, and require you to explicitly set `p.AllowUnsafe(true)`. You should be aware that allowing these elements defeats the purpose of using a HTML sanitizer as you would be explicitly allowing either JavaScript (and any plainly written XSS) and CSS (which can modify a DOM to insert JS), and additionally but limitations in this library mean it is not aware of whether HTML is validly structured and that can allow these elements to bypass some of the safety mechanisms built into the [WhatWG HTML parser standard](https://html.spec.whatwg.org/multipage/parsing.html#parsing-main-inselect). - -It is not the job of bluemonday to fix your bad HTML, it is merely the job of bluemonday to prevent malicious HTML getting through. If you have mismatched HTML elements, or non-conforming nesting of elements, those will remain. But if you have well-structured HTML bluemonday will not break it. - -## TODO - -* Investigate whether devs want to blacklist elements and attributes. This would allow devs to take an existing policy (such as the `bluemonday.UGCPolicy()` ) that encapsulates 90% of what they're looking for but does more than they need, and to remove the extra things they do not want to make it 100% what they want -* Investigate whether devs want a validating HTML mode, in which the HTML elements are not just transformed into a balanced tree (every start tag has a closing tag at the correct depth) but also that elements and character data appear only in their allowed context (i.e. that a `table` element isn't a descendent of a `caption`, that `colgroup`, `thead`, `tbody`, `tfoot` and `tr` are permitted, and that character data is not permitted) - -## Long term goals - -1. Open the code to adversarial peer review similar to the [Attack Review Ground Rules](https://code.google.com/p/owasp-java-html-sanitizer/wiki/AttackReviewGroundRules) -1. Raise funds and pay for an external security review diff --git a/vendor/github.com/microcosm-cc/bluemonday/SECURITY.md b/vendor/github.com/microcosm-cc/bluemonday/SECURITY.md deleted file mode 100644 index 682364e37..000000000 --- a/vendor/github.com/microcosm-cc/bluemonday/SECURITY.md +++ /dev/null @@ -1,13 +0,0 @@ -# Security Policy - -## Supported Versions - -Latest tag and tip are supported. - -Changes are not backported, please verify any issue against the latest tag and tip. - -## Reporting a Vulnerability - -Report vulnerabilities either via [GitHub's private reporting flow](https://github.com/microcosm-cc/bluemonday/security/advisories/new) or via email to the security@ alias of geomys.org. - -There is no bug bounty program but security issues will be taken seriously and resolved as soon as possible. diff --git a/vendor/github.com/microcosm-cc/bluemonday/css/handlers.go b/vendor/github.com/microcosm-cc/bluemonday/css/handlers.go deleted file mode 100644 index 41a00c8cb..000000000 --- a/vendor/github.com/microcosm-cc/bluemonday/css/handlers.go +++ /dev/null @@ -1,2016 +0,0 @@ -// Copyright (c) 2019, David Kitchen <david@buro9.com> -// -// All rights reserved. -// -// Redistribution and use in source and binary forms, with or without -// modification, are permitted provided that the following conditions are met: -// -// * Redistributions of source code must retain the above copyright notice, this -// list of conditions and the following disclaimer. -// -// * Redistributions in binary form must reproduce the above copyright notice, -// this list of conditions and the following disclaimer in the documentation -// and/or other materials provided with the distribution. -// -// * Neither the name of the organisation (Microcosm) nor the names of its -// contributors may be used to endorse or promote products derived from -// this software without specific prior written permission. -// -// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" -// AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -// IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE -// DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE -// FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -// DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR -// SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER -// CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, -// OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE -// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - -package css - -import ( - "regexp" - "strings" -) - -var ( - defaultStyleHandlers = map[string]func(string) bool{ - "align-content": AlignContentHandler, - "align-items": AlignItemsHandler, - "align-self": AlignSelfHandler, - "all": AllHandler, - "animation": AnimationHandler, - "animation-delay": AnimationDelayHandler, - "animation-direction": AnimationDirectionHandler, - "animation-duration": AnimationDurationHandler, - "animation-fill-mode": AnimationFillModeHandler, - "animation-iteration-count": AnimationIterationCountHandler, - "animation-name": AnimationNameHandler, - "animation-play-state": AnimationPlayStateHandler, - "animation-timing-function": TimingFunctionHandler, - "backface-visibility": BackfaceVisibilityHandler, - "background": BackgroundHandler, - "background-attachment": BackgroundAttachmentHandler, - "background-blend-mode": BackgroundBlendModeHandler, - "background-clip": BackgroundClipHandler, - "background-color": ColorHandler, - "background-image": ImageHandler, - "background-origin": BackgroundOriginHandler, - "background-position": BackgroundPositionHandler, - "background-repeat": BackgroundRepeatHandler, - "background-size": BackgroundSizeHandler, - "border": BorderHandler, - "border-bottom": BorderSideHandler, - "border-bottom-color": ColorHandler, - "border-bottom-left-radius": BorderSideRadiusHandler, - "border-bottom-right-radius": BorderSideRadiusHandler, - "border-bottom-style": BorderSideStyleHandler, - "border-bottom-width": BorderSideWidthHandler, - "border-collapse": BorderCollapseHandler, - "border-color": ColorHandler, - "border-image": BorderImageHandler, - "border-image-outset": BorderImageOutsetHandler, - "border-image-repeat": BorderImageRepeatHandler, - "border-image-slice": BorderImageSliceHandler, - "border-image-source": ImageHandler, - "border-image-width": BorderImageWidthHandler, - "border-left": BorderSideHandler, - "border-left-color": ColorHandler, - "border-left-style": BorderSideStyleHandler, - "border-left-width": BorderSideWidthHandler, - "border-radius": BorderRadiusHandler, - "border-right": BorderSideHandler, - "border-right-color": ColorHandler, - "border-right-style": BorderSideStyleHandler, - "border-right-width": BorderSideWidthHandler, - "border-spacing": BorderSpacingHandler, - "border-style": BorderStyleHandler, - "border-top": BorderSideHandler, - "border-top-color": ColorHandler, - "border-top-left-radius": BorderSideRadiusHandler, - "border-top-right-radius": BorderSideRadiusHandler, - "border-top-style": BorderSideStyleHandler, - "border-top-width": BorderSideWidthHandler, - "border-width": BorderWidthHandler, - "bottom": SideHandler, - "box-decoration-break": BoxDecorationBreakHandler, - "box-shadow": BoxShadowHandler, - "box-sizing": BoxSizingHandler, - "break-after": BreakBeforeAfterHandler, - "break-before": BreakBeforeAfterHandler, - "break-inside": BreakInsideHandler, - "caption-side": CaptionSideHandler, - "caret-color": CaretColorHandler, - "clear": ClearHandler, - "clip": ClipHandler, - "color": ColorHandler, - "column-count": ColumnCountHandler, - "column-fill": ColumnFillHandler, - "column-gap": ColumnGapHandler, - "column-rule": ColumnRuleHandler, - "column-rule-color": ColorHandler, - "column-rule-style": BorderSideStyleHandler, - "column-rule-width": ColumnRuleWidthHandler, - "column-span": ColumnSpanHandler, - "column-width": ColumnWidthHandler, - "columns": ColumnsHandler, - "cursor": CursorHandler, - "direction": DirectionHandler, - "display": DisplayHandler, - "empty-cells": EmptyCellsHandler, - "filter": FilterHandler, - "flex": FlexHandler, - "flex-basis": FlexBasisHandler, - "flex-direction": FlexDirectionHandler, - "flex-flow": FlexFlowHandler, - "flex-grow": FlexGrowHandler, - "flex-shrink": FlexGrowHandler, - "flex-wrap": FlexWrapHandler, - "float": FloatHandler, - "font": FontHandler, - "font-family": FontFamilyHandler, - "font-kerning": FontKerningHandler, - "font-language-override": FontLanguageOverrideHandler, - "font-size": FontSizeHandler, - "font-size-adjust": FontSizeAdjustHandler, - "font-stretch": FontStretchHandler, - "font-style": FontStyleHandler, - "font-synthesis": FontSynthesisHandler, - "font-variant": FontVariantHandler, - "font-variant-caps": FontVariantCapsHandler, - "font-variant-position": FontVariantPositionHandler, - "font-weight": FontWeightHandler, - "grid": GridHandler, - "grid-area": GridAreaHandler, - "grid-auto-columns": GridAutoColumnsHandler, - "grid-auto-flow": GridAutoFlowHandler, - "grid-auto-rows": GridAutoColumnsHandler, - "grid-column": GridColumnHandler, - "grid-column-end": GridAxisStartEndHandler, - "grid-column-gap": LengthHandler, - "grid-column-start": GridAxisStartEndHandler, - "grid-gap": GridGapHandler, - "grid-row": GridRowHandler, - "grid-row-end": GridAxisStartEndHandler, - "grid-row-gap": LengthHandler, - "grid-row-start": GridAxisStartEndHandler, - "grid-template": GridTemplateHandler, - "grid-template-areas": GridTemplateAreasHandler, - "grid-template-columns": GridTemplateColumnsHandler, - "grid-template-rows": GridTemplateRowsHandler, - "hanging-punctuation": HangingPunctuationHandler, - "height": HeightHandler, - "hyphens": HyphensHandler, - "image-rendering": ImageRenderingHandler, - "isolation": IsolationHandler, - "justify-content": JustifyContentHandler, - "left": SideHandler, - "letter-spacing": LetterSpacingHandler, - "line-break": LineBreakHandler, - "line-height": LineHeightHandler, - "list-style": ListStyleHandler, - "list-style-image": ImageHandler, - "list-style-position": ListStylePositionHandler, - "list-style-type": ListStyleTypeHandler, - "margin": MarginHandler, - "margin-bottom": MarginSideHandler, - "margin-left": MarginSideHandler, - "margin-right": MarginSideHandler, - "margin-top": MarginSideHandler, - "max-height": MaxHeightWidthHandler, - "max-width": MaxHeightWidthHandler, - "min-height": MinHeightWidthHandler, - "min-width": MinHeightWidthHandler, - "mix-blend-mode": MixBlendModeHandler, - "object-fit": ObjectFitHandler, - "object-position": ObjectPositionHandler, - "opacity": OpacityHandler, - "order": OrderHandler, - "orphans": OrphansHandler, - "outline": OutlineHandler, - "outline-color": ColorHandler, - "outline-offset": OutlineOffsetHandler, - "outline-style": OutlineStyleHandler, - "outline-width": OutlineWidthHandler, - "overflow": OverflowHandler, - "overflow-wrap": OverflowWrapHandler, - "overflow-x": OverflowXYHandler, - "overflow-y": OverflowXYHandler, - "padding": PaddingHandler, - "padding-bottom": PaddingSideHandler, - "padding-left": PaddingSideHandler, - "padding-right": PaddingSideHandler, - "padding-top": PaddingSideHandler, - "page-break-after": PageBreakBeforeAfterHandler, - "page-break-before": PageBreakBeforeAfterHandler, - "page-break-inside": PageBreakInsideHandler, - "perspective": PerspectiveHandler, - "perspective-origin": PerspectiveOriginHandler, - "pointer-events": PointerEventsHandler, - "position": PositionHandler, - "quotes": QuotesHandler, - "resize": ResizeHandler, - "right": SideHandler, - "scroll-behavior": ScrollBehaviorHandler, - "tab-size": TabSizeHandler, - "table-layout": TableLayoutHandler, - "text-align": TextAlignHandler, - "text-align-last": TextAlignLastHandler, - "text-combine-upright": TextCombineUprightHandler, - "text-decoration": TextDecorationHandler, - "text-decoration-color": ColorHandler, - "text-decoration-line": TextDecorationLineHandler, - "text-decoration-style": TextDecorationStyleHandler, - "text-indent": TextIndentHandler, - "text-justify": TextJustifyHandler, - "text-orientation": TextOrientationHandler, - "text-overflow": TextOverflowHandler, - "text-shadow": TextShadowHandler, - "text-transform": TextTransformHandler, - "top": SideHandler, - "transform": TransformHandler, - "transform-origin": TransformOriginHandler, - "transform-style": TransformStyleHandler, - "transition": TransitionHandler, - "transition-delay": TransitionDelayHandler, - "transition-duration": TransitionDurationHandler, - "transition-property": TransitionPropertyHandler, - "transition-timing-function": TimingFunctionHandler, - "unicode-bidi": UnicodeBidiHandler, - "user-select": UserSelectHandler, - "vertical-align": VerticalAlignHandler, - "visibility": VisiblityHandler, - "white-space": WhiteSpaceHandler, - "widows": OrphansHandler, - "width": WidthHandler, - "word-break": WordBreakHandler, - "word-spacing": WordSpacingHandler, - "word-wrap": WordWrapHandler, - "writing-mode": WritingModeHandler, - "z-index": ZIndexHandler, - } - colorValues = []string{"initial", "inherit", "aliceblue", "antiquewhite", - "aqua", "aquamarine", "azure", "beige", "bisque", "black", - "blanchedalmond", "blue", "blueviolet", "brown", "burlywood", - "cadetblue", "chartreuse", "chocolate", "coral", "cornflowerblue", - "cornsilk", "crimson", "cyan", "darkblue", "darkcyan", "darkgoldenrod", - "darkgray", "darkgrey", "darkgreen", "darkkhaki", "darkmagenta", - "darkolivegreen", "darkorange", "darkorchid", "darkred", "darksalmon", - "darkseagreen", "darkslateblue", "darkslategrey", "darkslategray", - "darkturquoise", "darkviolet", "deeppink", "deepskyblue", "dimgray", - "dimgrey", "dodgerblue", "firebrick", "floralwhite", "forestgreen", - "fuchsia", "gainsboro", "ghostwhite", "gold", "goldenrod", "gray", - "grey", "green", "greenyellow", "honeydew", "hotpink", "indianred", - "indigo", "ivory", "khaki", "lavender", "lavenderblush", - "lemonchiffon", "lightblue", "lightcoral", "lightcyan", - "lightgoldenrodyellow", "lightgray", "lightgrey", "lightgreen", - "lightpink", "lightsalmon", "lightseagreen", "lightskyblue", - "lightslategray", "lightslategrey", "lightsteeelblue", "lightyellow", - "lime", "limegreen", "linen", "magenta", "maroon", "mediumaquamarine", - "mediumblue", "mediumorchid", "mediumpurple", "mediumseagreen", - "mediumslateblue", "mediumspringgreen", "mediumturquoise", - "mediumvioletred", "midnightblue", "mintcream", "mistyrose", - "moccasin", "navajowhite", "navy", "oldlace", "olive", "olivedrab", - "orange", "orangered", "orchid", "palegoldenrod", "palegreen", - "paleturquoise", "palevioletred", "papayawhip", "peachpuff", "peru", - "pink", "plum", "powderblue", "purple", "rebeccapurple", "red", - "rosybrown", "royalblue", "saddlebrown", "salmon", "sandybrown", - "seagreen", "seashell", "sienna", "silver", "skyblue", "slateblue", - "slategray", "slategrey", "snow", "springgreen", "steelblue", "tan", - "teal", "thistle", "tomato", "turquoise", "violet", "wheat", "white", - "whitesmoke", "yellow", "yellowgreen"} - - Alpha = regexp.MustCompile(`^[a-z]+$`) - Blur = regexp.MustCompile(`^blur\([0-9]+px\)$`) - BrightnessCont = regexp.MustCompile(`^(brightness|contrast)\([0-9]+\%\)$`) - Count = regexp.MustCompile(`^[0-9]+[\.]?[0-9]*$`) - CubicBezier = regexp.MustCompile(`^cubic-bezier\(([ ]*(0(.[0-9]+)?|1(.0)?),){3}[ ]*(0(.[0-9]+)?|1)\)$`) - Digits = regexp.MustCompile(`^digits [2-4]$`) - DropShadow = regexp.MustCompile(`drop-shadow\(([-]?[0-9]+px) ([-]?[0-9]+px)( [-]?[0-9]+px)?( ([-]?[0-9]+px))?`) - Font = regexp.MustCompile(`^('[a-z \-]+'|[a-z \-]+)$`) - Grayscale = regexp.MustCompile(`^grayscale\(([0-9]{1,2}|100)%\)$`) - GridTemplateAreas = regexp.MustCompile(`^['"]?[a-z ]+['"]?$`) - HexRGB = regexp.MustCompile(`^#([0-9a-f]{3,4}|[0-9a-f]{6}|[0-9a-f]{8})$`) - HSL = regexp.MustCompile(`^hsl\([ ]*([012]?[0-9]{1,2}|3[0-5][0-9]|360),[ ]*([0-9]{0,2}|100)\%,[ ]*([0-9]{0,2}|100)\%\)$`) - HSLA = regexp.MustCompile(`^hsla\(([ ]*[012]?[0-9]{1,2}|3[0-5][0-9]|360),[ ]*([0-9]{0,2}|100)\%,[ ]*([0-9]{0,2}|100)\%,[ ]*(1|1\.0|0|(0\.[0-9]+))\)$`) - HueRotate = regexp.MustCompile(`^hue-rotate\(([12]?[0-9]{1,2}|3[0-5][0-9]|360)?\)$`) - Invert = regexp.MustCompile(`^invert\(([0-9]{1,2}|100)%\)$`) - Length = regexp.MustCompile(`^[\-]?([0-9]+|[0-9]*[\.][0-9]+)(%|cm|mm|in|px|pt|pc|em|ex|ch|rem|vw|vh|vmin|vmax|deg|rad|turn)?$`) - Matrix = regexp.MustCompile(`^matrix\(([ ]*[0-9]+[\.]?[0-9]*,){5}([ ]*[0-9]+[\.]?[0-9]*)\)$`) - Matrix3D = regexp.MustCompile(`^matrix3d\(([ ]*[0-9]+[\.]?[0-9]*,){15}([ ]*[0-9]+[\.]?[0-9]*)\)$`) - NegTime = regexp.MustCompile(`^[\-]?[0-9]+[\.]?[0-9]*(s|ms)?$`) - Numeric = regexp.MustCompile(`^[0-9]+$`) - NumericDecimal = regexp.MustCompile(`^[0-9\.]+$`) - Opactiy = regexp.MustCompile(`^opacity\(([0-9]{1,2}|100)%\)$`) - Perspective = regexp.MustCompile(`perspective\(`) - Position = regexp.MustCompile(`^[\-]*[0-9]+[cm|mm|in|px|pt|pc\%]* [[\-]*[0-9]+[cm|mm|in|px|pt|pc\%]*]*$`) - Opacity = regexp.MustCompile(`^(0[.]?[0-9]*)|(1.0)$`) - QuotedAlpha = regexp.MustCompile(`^["'][a-z]+["']$`) - Quotes = regexp.MustCompile(`^([ ]*["'][\x{0022}\x{0027}\x{2039}\x{2039}\x{203A}\x{00AB}\x{00BB}\x{2018}\x{2019}\x{201C}-\x{201E}]["'] ["'][\x{0022}\x{0027}\x{2039}\x{2039}\x{203A}\x{00AB}\x{00BB}\x{2018}\x{2019}\x{201C}-\x{201E}]["'])+$`) - Rect = regexp.MustCompile(`^rect\([0-9]+px,[ ]*[0-9]+px,[ ]*[0-9]+px,[ ]*[0-9]+px\)$`) - RGB = regexp.MustCompile(`^rgb\(([ ]*((([0-9]{1,2}|100)\%)|(([01]?[0-9]{1,2})|(2[0-4][0-9])|(25[0-5]))),){2}([ ]*((([0-9]{1,2}|100)\%)|(([01]?[0-9]{1,2})|(2[0-4][0-9])|(25[0-5]))))\)$`) - RGBA = regexp.MustCompile(`^rgba\(([ ]*((([0-9]{1,2}|100)\%)|(([01]?[0-9]{1,2})|(2[0-4][0-9])|(25[0-5]))),){3}[ ]*(1(\.0)?|0|(0\.[0-9]+))\)$`) - Rotate = regexp.MustCompile(`^rotate(x|y|z)?\(([12]?|3[0-5][0-9]|360)\)$`) - Rotate3D = regexp.MustCompile(`^rotate3d\(([ ]?(1(\.0)?|0\.[0-9]+),){3}([12]?|3[0-5][0-9]|360)\)$`) - Saturate = regexp.MustCompile(`^saturate\([0-9]+%\)$`) - Sepia = regexp.MustCompile(`^sepia\(([0-9]{1,2}|100)%\)$`) - Skew = regexp.MustCompile(`skew(x|y)?\(`) - Span = regexp.MustCompile(`^span [0-9]+$`) - Steps = regexp.MustCompile(`^steps\([ ]*[0-9]+([ ]*,[ ]*(start|end)?)\)$`) - Time = regexp.MustCompile(`^[0-9]+[\.]?[0-9]*(s|ms)?$`) - TransitionProp = regexp.MustCompile(`^([a-zA-Z]+,[ ]?)*[a-zA-Z]+$`) - TranslateScale = regexp.MustCompile(`(translate|translate3d|translatex|translatey|translatez|scale|scale3d|scalex|scaley|scalez)\(`) - URL = regexp.MustCompile(`^url\([\"\']?((https|http)[a-z0-9\.\\/_:]+[\"\']?)\)$`) - ZIndex = regexp.MustCompile(`^[\-]?[0-9]+$`) -) - -func multiSplit(value string, seps ...string) []string { - curArray := []string{value} - for _, i := range seps { - newArray := []string{} - for _, j := range curArray { - newArray = append(newArray, strings.Split(j, i)...) - } - curArray = newArray - } - return curArray -} - -func recursiveCheck(value []string, funcs []func(string) bool) bool { - for i := 0; i < len(value); i++ { - tempVal := strings.Join(value[:i+1], " ") - for _, j := range funcs { - if j(tempVal) && (len(value[i+1:]) == 0 || recursiveCheck(value[i+1:], funcs)) { - return true - } - } - } - return false -} - -func in(value []string, arr []string) bool { - for _, i := range value { - foundString := false - for _, j := range arr { - if j == i { - foundString = true - } - } - if !foundString { - return false - } - } - return true -} - -func splitValues(value string) []string { - values := strings.Split(value, ",") - newValues := []string{} - for _, strippedValue := range values { - newValues = append(newValues, strings.ToLower(strings.TrimSpace(strippedValue))) - } - return newValues -} - -func GetDefaultHandler(attr string) func(string) bool { - - if defaultStyleHandlers[attr] != nil { - return defaultStyleHandlers[attr] - } - return BaseHandler -} - -func BaseHandler(value string) bool { - return false -} - -func AlignContentHandler(value string) bool { - values := []string{"stretch", "center", "flex-start", - "flex-end", "space-between", "space-around", "initial", "inherit"} - splitVals := splitValues(value) - return in(splitVals, values) -} - -func AlignItemsHandler(value string) bool { - values := []string{"stretch", "center", "flex-start", - "flex-end", "baseline", "initial", "inherit"} - splitVals := splitValues(value) - return in(splitVals, values) -} - -func AlignSelfHandler(value string) bool { - values := []string{"auto", "stretch", "center", "flex-start", - "flex-end", "baseline", "initial", "inherit"} - splitVals := splitValues(value) - return in(splitVals, values) -} - -func AllHandler(value string) bool { - values := []string{"initial", "inherit", "unset"} - splitVals := splitValues(value) - return in(splitVals, values) -} - -func AnimationHandler(value string) bool { - values := []string{"initial", "inherit"} - if in([]string{value}, values) { - return true - } - splitVals := strings.Split(value, " ") - usedFunctions := []func(string) bool{ - AnimationNameHandler, - AnimationDurationHandler, - TimingFunctionHandler, - AnimationDelayHandler, - AnimationIterationCountHandler, - AnimationDirectionHandler, - AnimationFillModeHandler, - AnimationPlayStateHandler, - } - return recursiveCheck(splitVals, usedFunctions) -} - -func AnimationDelayHandler(value string) bool { - if NegTime.MatchString(value) { - return true - } - values := []string{"initial", "inherit"} - splitVals := splitValues(value) - return in(splitVals, values) -} - -func AnimationDirectionHandler(value string) bool { - values := []string{"normal", "reverse", "alternate", "alternate-reverse", "initial", "inherit"} - splitVals := splitValues(value) - return in(splitVals, values) -} - -func AnimationDurationHandler(value string) bool { - if Time.MatchString(value) { - return true - } - values := []string{"initial", "inherit"} - splitVals := splitValues(value) - return in(splitVals, values) -} - -func AnimationFillModeHandler(value string) bool { - values := []string{"none", "forwards", "backwards", "both", "initial", "inherit"} - splitVals := splitValues(value) - return in(splitVals, values) -} - -func AnimationIterationCountHandler(value string) bool { - if Count.MatchString(value) { - return true - } - values := []string{"infinite", "initial", "inherit"} - splitVals := splitValues(value) - return in(splitVals, values) -} - -func AnimationNameHandler(value string) bool { - return Alpha.MatchString(value) -} - -func AnimationPlayStateHandler(value string) bool { - values := []string{"paused", "running", "initial", "inherit"} - splitVals := splitValues(value) - return in(splitVals, values) -} - -func TimingFunctionHandler(value string) bool { - values := []string{"linear", "ease", "ease-in", "ease-out", "ease-in-out", "step-start", "step-end", "initial", "inherit"} - splitVals := splitValues(value) - if in(splitVals, values) { - return true - } - if CubicBezier.MatchString(value) { - return true - } - return Steps.MatchString(value) -} - -func BackfaceVisibilityHandler(value string) bool { - values := []string{"visible", "hidden", "initial", "inherit"} - splitVals := splitValues(value) - return in(splitVals, values) -} - -func BackgroundHandler(value string) bool { - values := []string{"initial", "inherit"} - if in([]string{value}, values) { - return true - } - splitVals := strings.Split(value, " ") - newSplitVals := []string{} - for _, i := range splitVals { - if len(strings.Split(i, "/")) == 2 { - newSplitVals = append(newSplitVals, strings.Split(i, "/")...) - } else { - newSplitVals = append(newSplitVals, i) - } - } - usedFunctions := []func(string) bool{ - ColorHandler, - ImageHandler, - BackgroundPositionHandler, - BackgroundSizeHandler, - BackgroundRepeatHandler, - BackgroundOriginHandler, - BackgroundClipHandler, - BackgroundAttachmentHandler, - } - return recursiveCheck(newSplitVals, usedFunctions) -} - -func BackgroundAttachmentHandler(value string) bool { - values := []string{"scroll", "fixed", "local", "initial", "inherit"} - splitVals := splitValues(value) - return in(splitVals, values) -} - -func BackgroundClipHandler(value string) bool { - values := []string{"border-box", "padding-box", "content-box", "initial", "inherit"} - splitVals := splitValues(value) - return in(splitVals, values) -} - -func BackgroundBlendModeHandler(value string) bool { - values := []string{"normal", "multiply", "screen", "overlay", "darken", - "lighten", "color-dodge", "saturation", "color", "luminosity"} - splitVals := splitValues(value) - return in(splitVals, values) -} - -func ImageHandler(value string) bool { - values := []string{"none", "initial", "inherit"} - splitVals := splitValues(value) - if in(splitVals, values) { - return true - } - return URL.MatchString(value) -} - -func BackgroundOriginHandler(value string) bool { - values := []string{"padding-box", "border-box", "content-box", "initial", "inherit"} - splitVals := splitValues(value) - return in(splitVals, values) -} - -func BackgroundPositionHandler(value string) bool { - splitVals := strings.Split(value, ";") - values := []string{"left", "left top", "left bottom", "right", "right top", "right bottom", "right center", "center top", "center center", "center bottom", "center", "top", "bottom", "initial", "inherit"} - if in(splitVals, values) { - return true - } - return Position.MatchString(value) -} - -func BackgroundRepeatHandler(value string) bool { - values := []string{"repeat", "repeat-x", "repeat-y", "no-repeat", "space", "round", "initial", "inherit"} - splitVals := splitValues(value) - return in(splitVals, values) -} - -func BackgroundSizeHandler(value string) bool { - splitVals := strings.Split(value, " ") - values := []string{"auto", "cover", "contain", "initial", "inherit"} - if in(splitVals, values) { - return true - } - if len(splitVals) > 0 && LengthHandler(splitVals[0]) { - if len(splitVals) < 2 || (len(splitVals) == 2 && LengthHandler(splitVals[1])) { - return true - } - } - return false -} - -func BorderHandler(value string) bool { - values := []string{"initial", "inherit"} - if in([]string{value}, values) { - return true - } - splitVals := multiSplit(value, " ", "/") - usedFunctions := []func(string) bool{ - BorderWidthHandler, - BorderStyleHandler, - ColorHandler, - } - return recursiveCheck(splitVals, usedFunctions) -} - -func BorderSideHandler(value string) bool { - values := []string{"initial", "inherit"} - if in([]string{value}, values) { - return true - } - splitVals := strings.Split(value, " ") - usedFunctions := []func(string) bool{ - BorderSideWidthHandler, - BorderSideStyleHandler, - ColorHandler, - } - return recursiveCheck(splitVals, usedFunctions) -} - -func BorderSideRadiusHandler(value string) bool { - splitVals := strings.Split(value, " ") - valid := true - for _, i := range splitVals { - if !LengthHandler(i) { - valid = false - break - } - } - if valid { - return true - } - splitVals = splitValues(value) - values := []string{"initial", "inherit"} - return in(splitVals, values) -} - -func BorderSideStyleHandler(value string) bool { - values := []string{"none", "hidden", "dotted", "dashed", "solid", "double", "groove", "ridge", "inset", "outset", "initial", "inherit"} - splitVals := splitValues(value) - return in(splitVals, values) -} - -func BorderSideWidthHandler(value string) bool { - if LengthHandler(value) { - return true - } - splitVals := strings.Split(value, ";") - values := []string{"medium", "thin", "thick", "initial", "inherit"} - return in(splitVals, values) -} - -func BorderCollapseHandler(value string) bool { - values := []string{"separate", "collapse", "initial", "inherit"} - splitVals := splitValues(value) - return in(splitVals, values) -} - -func BorderImageHandler(value string) bool { - values := []string{"initial", "inherit"} - if in([]string{value}, values) { - return true - } - splitVals := multiSplit(value, " ", " / ") - usedFunctions := []func(string) bool{ - ImageHandler, - BorderImageSliceHandler, - BorderImageWidthHandler, - BorderImageOutsetHandler, - BorderImageRepeatHandler, - } - return recursiveCheck(splitVals, usedFunctions) -} - -func BorderImageOutsetHandler(value string) bool { - if LengthHandler(value) { - return true - } - values := []string{"initial", "inherit"} - splitVals := splitValues(value) - return in(splitVals, values) -} - -func BorderImageRepeatHandler(value string) bool { - values := []string{"stretch", "repeat", "round", "space", "initial", "inherit"} - splitVals := splitValues(value) - return in(splitVals, values) -} - -func BorderImageSliceHandler(value string) bool { - values := []string{"fill", "initial", "inherit"} - if in([]string{value}, values) { - return true - } - splitVals := strings.Split(value, " ") - if len(splitVals) > 4 { - return false - } - usedFunctions := []func(string) bool{ - LengthHandler, - } - return recursiveCheck(splitVals, usedFunctions) -} - -func BorderImageWidthHandler(value string) bool { - if LengthHandler(value) { - return true - } - values := []string{"auto", "initial", "inherit"} - splitVals := splitValues(value) - return in(splitVals, values) -} - -func BorderRadiusHandler(value string) bool { - values := []string{"initial", "inherit"} - if in([]string{value}, values) { - return true - } - splitVals := strings.Split(value, " ") - if len(splitVals) > 4 { - return false - } - usedFunctions := []func(string) bool{ - LengthHandler, - } - return recursiveCheck(splitVals, usedFunctions) -} - -func BorderSpacingHandler(value string) bool { - values := []string{"initial", "inherit"} - if in([]string{value}, values) { - return true - } - splitVals := strings.Split(value, " ") - if len(splitVals) > 2 { - return false - } - usedFunctions := []func(string) bool{ - LengthHandler, - } - return recursiveCheck(splitVals, usedFunctions) -} - -func BorderStyleHandler(value string) bool { - values := []string{"initial", "inherit"} - if in([]string{value}, values) { - return true - } - splitVals := strings.Split(value, " ") - if len(splitVals) > 4 { - return false - } - usedFunctions := []func(string) bool{ - BorderSideStyleHandler, - } - return recursiveCheck(splitVals, usedFunctions) -} - -func BorderWidthHandler(value string) bool { - values := []string{"initial", "inherit"} - if in([]string{value}, values) { - return true - } - splitVals := strings.Split(value, " ") - if len(splitVals) > 4 { - return false - } - usedFunctions := []func(string) bool{ - BorderSideWidthHandler, - } - return recursiveCheck(splitVals, usedFunctions) -} - -func SideHandler(value string) bool { - if LengthHandler(value) { - return true - } - values := []string{"auto", "inherit", "unset"} - splitVals := splitValues(value) - return in(splitVals, values) -} - -func BoxDecorationBreakHandler(value string) bool { - values := []string{"slice", "clone", "initial", "initial", "inherit", "unset"} - splitVals := splitValues(value) - return in(splitVals, values) -} - -func BoxShadowHandler(value string) bool { - values := []string{"none", "initial", "inherit"} - if in([]string{value}, values) { - return true - } - commaSplitVals := strings.Split(value, ",") - for _, val := range commaSplitVals { - splitVals := strings.Split(val, " ") - if len(splitVals) > 6 || len(splitVals) < 2 { - return false - } - if !LengthHandler(splitVals[0]) { - return false - } - if !LengthHandler(splitVals[1]) { - return false - } - usedFunctions := []func(string) bool{ - LengthHandler, - ColorHandler, - } - if len(splitVals) > 2 && !recursiveCheck(splitVals[2:], usedFunctions) { - return false - } - } - return true -} - -func BoxSizingHandler(value string) bool { - values := []string{"slicontent-box", "border-box", "initial", "inherit"} - splitVals := splitValues(value) - return in(splitVals, values) -} - -func BreakBeforeAfterHandler(value string) bool { - values := []string{"auto", "avoid", "always", "all", "avoid-page", "page", "left", "right", "recto", "verso", "avoid-column", "column", "avoid-region", "region"} - splitVals := splitValues(value) - return in(splitVals, values) -} - -func BreakInsideHandler(value string) bool { - values := []string{"auto", "avoid", "avoid-page", "avoid-column", "avoid-region"} - splitVals := splitValues(value) - return in(splitVals, values) -} - -func CaptionSideHandler(value string) bool { - values := []string{"top", "bottom", "initial", "inherit"} - splitVals := splitValues(value) - return in(splitVals, values) -} - -func CaretColorHandler(value string) bool { - splitVals := splitValues(value) - if in(splitVals, colorValues) { - return true - } - if HexRGB.MatchString(value) { - return true - } - if RGB.MatchString(value) { - return true - } - if RGBA.MatchString(value) { - return true - } - if HSL.MatchString(value) { - return true - } - return HSLA.MatchString(value) -} - -func ClearHandler(value string) bool { - values := []string{"none", "left", "right", "both", "initial", "inherit"} - splitVals := splitValues(value) - return in(splitVals, values) -} - -func ClipHandler(value string) bool { - if Rect.MatchString(value) { - return true - } - values := []string{"auto", "initial", "inherit"} - splitVals := splitValues(value) - return in(splitVals, values) -} - -func ColorHandler(value string) bool { - splitVals := splitValues(value) - if in(splitVals, colorValues) { - return true - } - if HexRGB.MatchString(value) { - return true - } - if RGB.MatchString(value) { - return true - } - if RGBA.MatchString(value) { - return true - } - if HSL.MatchString(value) { - return true - } - return HSLA.MatchString(value) -} - -func ColumnCountHandler(value string) bool { - if Numeric.MatchString(value) { - return true - } - values := []string{"auto", "initial", "inherit"} - splitVals := splitValues(value) - return in(splitVals, values) -} - -func ColumnFillHandler(value string) bool { - values := []string{"balance", "auto", "initial", "inherit"} - splitVals := splitValues(value) - return in(splitVals, values) -} - -func ColumnGapHandler(value string) bool { - if LengthHandler(value) { - return true - } - values := []string{"normal", "initial", "inherit"} - splitVals := splitValues(value) - return in(splitVals, values) -} - -func ColumnRuleHandler(value string) bool { - values := []string{"initial", "inherit"} - if in([]string{value}, values) { - return true - } - splitVals := strings.Split(value, " ") - usedFunctions := []func(string) bool{ - ColumnRuleWidthHandler, - BorderSideStyleHandler, - ColorHandler, - } - return recursiveCheck(splitVals, usedFunctions) -} - -func ColumnRuleWidthHandler(value string) bool { - if LengthHandler(value) { - return true - } - splitVals := strings.Split(value, ";") - values := []string{"medium", "thin", "thick", "initial", "inherit"} - return in(splitVals, values) -} - -func ColumnSpanHandler(value string) bool { - values := []string{"none", "all", "initial", "inherit"} - splitVals := splitValues(value) - return in(splitVals, values) -} - -func ColumnWidthHandler(value string) bool { - if LengthHandler(value) { - return true - } - splitVals := strings.Split(value, ";") - values := []string{"auto", "initial", "inherit"} - return in(splitVals, values) -} - -func ColumnsHandler(value string) bool { - values := []string{"auto", "initial", "inherit"} - if in([]string{value}, values) { - return true - } - splitVals := strings.Split(value, " ") - usedFunctions := []func(string) bool{ - ColumnWidthHandler, - ColumnCountHandler, - } - return recursiveCheck(splitVals, usedFunctions) -} - -func CursorHandler(value string) bool { - values := []string{"alias", "all-scroll", "auto", "cell", "context-menu", "col-resize", "copy", "crosshair", "default", "e-resize", "ew-resize", "grab", "grabbing", "help", "move", "n-resize", "ne-resize", "nesw-resize", "ns-resize", "nw-resize", "nwse-resize", "no-drop", "none", "not-allowed", "pointer", "progress", "row-resize", "s-resize", "se-resize", "sw-resize", "text", "vertical-text", "w-resize", "wait", "zoom-in", "zoom-out", "initial", "inherit"} - splitVals := splitValues(value) - return in(splitVals, values) -} - -func DirectionHandler(value string) bool { - values := []string{"ltr", "rtl", "initial", "inherit"} - splitVals := splitValues(value) - return in(splitVals, values) -} - -func DisplayHandler(value string) bool { - values := []string{"inline", "block", "contents", "flex", "grid", "inline-block", "inline-flex", "inline-grid", "inline-table", "list-item", "run-in", "table", "table-caption", "table-column-group", "table-header-group", "table-footer-group", "table-row-group", "table-cell", "table-column", "table-row", "none", "initial", "inherit"} - splitVals := splitValues(value) - return in(splitVals, values) -} - -func EmptyCellsHandler(value string) bool { - values := []string{"show", "hide", "initial", "inherit"} - splitVals := splitValues(value) - return in(splitVals, values) -} - -func FilterHandler(value string) bool { - values := []string{"none", "initial", "inherit"} - splitVals := splitValues(value) - if in(splitVals, values) { - return true - } - if Blur.MatchString(value) { - return true - } - if BrightnessCont.MatchString(value) { - return true - } - if DropShadow.MatchString(value) { - return true - } - colorValue := strings.TrimSuffix(string(DropShadow.ReplaceAll([]byte(value), []byte{})), ")") - if ColorHandler(colorValue) { - return true - } - if Grayscale.MatchString(value) { - return true - } - if HueRotate.MatchString(value) { - return true - } - if Invert.MatchString(value) { - return true - } - if Opacity.MatchString(value) { - return true - } - if Saturate.MatchString(value) { - return true - } - return Sepia.MatchString(value) -} - -func FlexHandler(value string) bool { - values := []string{"auto", "initial", "initial", "inherit"} - if in([]string{value}, values) { - return true - } - splitVals := strings.Split(value, " ") - usedFunctions := []func(string) bool{ - FlexGrowHandler, - FlexBasisHandler, - } - return recursiveCheck(splitVals, usedFunctions) -} - -func FlexBasisHandler(value string) bool { - if LengthHandler(value) { - return true - } - splitVals := strings.Split(value, ";") - values := []string{"auto", "initial", "inherit"} - return in(splitVals, values) -} - -func FlexDirectionHandler(value string) bool { - values := []string{"row", "row-reverse", "column", "column-reverse", "initial", "inherit"} - splitVals := splitValues(value) - return in(splitVals, values) -} - -func FlexFlowHandler(value string) bool { - values := []string{"initial", "inherit"} - if in([]string{value}, values) { - return true - } - splitVals := strings.Split(value, " ") - usedFunctions := []func(string) bool{ - FlexDirectionHandler, - FlexWrapHandler, - } - return recursiveCheck(splitVals, usedFunctions) -} - -func FlexGrowHandler(value string) bool { - if NumericDecimal.MatchString(value) { - return true - } - splitVals := strings.Split(value, ";") - values := []string{"initial", "inherit"} - return in(splitVals, values) -} - -func FlexWrapHandler(value string) bool { - values := []string{"nowrap", "wrap", "wrap-reverse", "initial", "inherit"} - splitVals := splitValues(value) - return in(splitVals, values) -} - -func FloatHandler(value string) bool { - values := []string{"none", "left", "right", "initial", "inherit"} - splitVals := splitValues(value) - return in(splitVals, values) -} - -func FontHandler(value string) bool { - values := []string{"caption", "icon", "menu", "message-box", "small-caption", "status-bar", "initial", "inherit"} - if in([]string{value}, values) { - return true - } - splitVals := strings.Split(value, " ") - newSplitVals := []string{} - for _, i := range splitVals { - if len(strings.Split(i, "/")) == 2 { - newSplitVals = append(newSplitVals, strings.Split(i, "/")...) - } else { - newSplitVals = append(newSplitVals, i) - } - } - usedFunctions := []func(string) bool{ - FontStyleHandler, - FontVariantHandler, - FontWeightHandler, - FontSizeHandler, - FontFamilyHandler, - } - return recursiveCheck(newSplitVals, usedFunctions) -} - -func FontFamilyHandler(value string) bool { - values := []string{"initial", "inherit"} - splitVals := splitValues(value) - if in(splitVals, values) { - return true - } - for _, i := range splitVals { - i = strings.TrimSpace(i) - if Font.FindString(i) != i { - return false - } - } - return true -} - -func FontKerningHandler(value string) bool { - values := []string{"auto", "normal", "none"} - splitVals := splitValues(value) - return in(splitVals, values) -} - -func FontLanguageOverrideHandler(value string) bool { - return Alpha.MatchString(value) -} - -func FontSizeHandler(value string) bool { - if LengthHandler(value) { - return true - } - values := []string{"medium", "xx-small", "x-small", "small", "large", "x-large", "xx-large", "smaller", "larger", "initial", "inherit"} - splitVals := splitValues(value) - return in(splitVals, values) -} - -func FontSizeAdjustHandler(value string) bool { - if Count.MatchString(value) { - return true - } - values := []string{"auto", "initial", "inherit"} - splitVals := splitValues(value) - return in(splitVals, values) -} - -func FontStretchHandler(value string) bool { - values := []string{"ultra-condensed", "extra-condensed", "condensed", "semi-condensed", "normal", "semi-expanded", "expanded", "extra-expanded", "ultra-expanded", "initial", "inherit"} - splitVals := splitValues(value) - return in(splitVals, values) -} - -func FontStyleHandler(value string) bool { - values := []string{"normal", "italic", "oblique", "initial", "inherit"} - splitVals := splitValues(value) - return in(splitVals, values) -} - -func FontSynthesisHandler(value string) bool { - values := []string{"none", "style", "weight"} - splitVals := splitValues(value) - return in(splitVals, values) -} - -func FontVariantCapsHandler(value string) bool { - values := []string{"normal", "small-caps", "all-small-caps", "petite-caps", "all-petite-caps", "unicase", "titling-caps"} - splitVals := splitValues(value) - return in(splitVals, values) -} - -func FontVariantHandler(value string) bool { - values := []string{"normal", "small-caps", "initial", "inherit"} - splitVals := splitValues(value) - return in(splitVals, values) -} - -func FontVariantPositionHandler(value string) bool { - values := []string{"normal", "sub", "super"} - splitVals := splitValues(value) - return in(splitVals, values) -} - -func FontWeightHandler(value string) bool { - values := []string{"normal", "bold", "bolder", "lighter", "100", "200", "300", "400", "500", "600", "700", "800", "900", "initial", "inherit"} - splitVals := splitValues(value) - return in(splitVals, values) -} - -func GridHandler(value string) bool { - values := []string{"none", "initial", "inherit"} - if in([]string{value}, values) { - return true - } - splitVals := strings.Split(value, " ") - newSplitVals := []string{} - for _, i := range splitVals { - if i != "/" { - newSplitVals = append(newSplitVals, i) - } - } - usedFunctions := []func(string) bool{ - GridTemplateRowsHandler, - GridTemplateColumnsHandler, - GridTemplateAreasHandler, - GridAutoColumnsHandler, - GridAutoFlowHandler, - } - return recursiveCheck(newSplitVals, usedFunctions) -} - -func GridAreaHandler(value string) bool { - values := []string{"none", "initial", "inherit"} - if in([]string{value}, values) { - return true - } - splitVals := strings.Split(value, " / ") - usedFunctions := []func(string) bool{ - GridAxisStartEndHandler, - } - return recursiveCheck(splitVals, usedFunctions) -} - -func GridAutoColumnsHandler(value string) bool { - if LengthHandler(value) { - return true - } - values := []string{"auto", "max-content", "min-content", "initial", "inherit"} - splitVals := splitValues(value) - return in(splitVals, values) -} - -func GridAutoFlowHandler(value string) bool { - values := []string{"row", "column", "dense", "row dense", "column dense"} - splitVals := splitValues(value) - return in(splitVals, values) -} - -func GridColumnHandler(value string) bool { - values := []string{"none", "initial", "inherit"} - if in([]string{value}, values) { - return true - } - splitVals := strings.Split(value, " / ") - if len(splitVals) > 2 { - return false - } - usedFunctions := []func(string) bool{ - GridAxisStartEndHandler, - } - return recursiveCheck(splitVals, usedFunctions) -} - -func GridColumnGapHandler(value string) bool { - return LengthHandler(value) -} - -func LengthHandler(value string) bool { - return Length.MatchString(value) -} - -func LineBreakHandler(value string) bool { - values := []string{"auto", "loose", "normal", "strict"} - splitVals := splitValues(value) - return in(splitVals, values) -} - -func GridAxisStartEndHandler(value string) bool { - if Numeric.MatchString(value) { - return true - } - if Span.MatchString(value) { - return true - } - values := []string{"auto"} - splitVals := splitValues(value) - return in(splitVals, values) -} - -func GridGapHandler(value string) bool { - splitVals := strings.Split(value, " ") - if len(splitVals) > 2 { - return false - } - usedFunctions := []func(string) bool{ - GridColumnGapHandler, - } - return recursiveCheck(splitVals, usedFunctions) -} - -func GridRowHandler(value string) bool { - splitVals := strings.Split(value, " / ") - if len(splitVals) > 2 { - return false - } - usedFunctions := []func(string) bool{ - GridAxisStartEndHandler, - } - return recursiveCheck(splitVals, usedFunctions) -} - -func GridTemplateHandler(value string) bool { - values := []string{"none", "initial", "inherit"} - if in([]string{value}, values) { - return true - } - splitVals := strings.Split(value, " / ") - if len(splitVals) > 2 { - return false - } - usedFunctions := []func(string) bool{ - GridTemplateColumnsHandler, - GridTemplateRowsHandler, - } - return recursiveCheck(splitVals, usedFunctions) -} - -func GridTemplateAreasHandler(value string) bool { - values := []string{"none"} - if in([]string{value}, values) { - return true - } - return GridTemplateAreas.MatchString(value) -} - -func GridTemplateColumnsHandler(value string) bool { - splitVals := strings.Split(value, " ") - values := []string{"none", "auto", "max-content", "min-content", "initial", "inherit"} - for _, val := range splitVals { - if LengthHandler(val) { - continue - } - valArr := []string{val} - if !in(valArr, values) { - return false - } - } - return true -} - -func GridTemplateRowsHandler(value string) bool { - splitVals := strings.Split(value, " ") - values := []string{"none", "auto", "max-content", "min-content"} - for _, val := range splitVals { - if LengthHandler(val) { - continue - } - valArr := []string{val} - if !in(valArr, values) { - return false - } - } - return true -} - -func HangingPunctuationHandler(value string) bool { - values := []string{"none", "first", "last", "allow-end", "force-end", "initial", "inherit"} - splitVals := splitValues(value) - return in(splitVals, values) -} - -func HeightHandler(value string) bool { - if LengthHandler(value) { - return true - } - values := []string{"auto", "initial", "inherit"} - splitVals := splitValues(value) - return in(splitVals, values) -} - -func HyphensHandler(value string) bool { - values := []string{"none", "manual", "auto", "initial", "inherit"} - splitVals := splitValues(value) - return in(splitVals, values) -} - -func ImageRenderingHandler(value string) bool { - values := []string{"auto", "smooth", "high-quality", "crisp-edges", "pixelated"} - splitVals := splitValues(value) - return in(splitVals, values) -} - -func IsolationHandler(value string) bool { - values := []string{"auto", "isolate", "initial", "inherit"} - splitVals := splitValues(value) - return in(splitVals, values) -} - -func JustifyContentHandler(value string) bool { - values := []string{"flex-start", "flex-end", "center", "space-between", "space-around", "initial", "inherit"} - splitVals := splitValues(value) - return in(splitVals, values) -} - -func LetterSpacingHandler(value string) bool { - if LengthHandler(value) { - return true - } - values := []string{"normal", "initial", "inherit"} - splitVals := splitValues(value) - return in(splitVals, values) -} - -func LineHeightHandler(value string) bool { - if LengthHandler(value) { - return true - } - values := []string{"normal", "initial", "inherit"} - splitVals := splitValues(value) - return in(splitVals, values) -} - -func ListStyleHandler(value string) bool { - values := []string{"initial", "inherit"} - if in([]string{value}, values) { - return true - } - splitVals := strings.Split(value, " ") - usedFunctions := []func(string) bool{ - ListStyleTypeHandler, - ListStylePositionHandler, - ImageHandler, - } - return recursiveCheck(splitVals, usedFunctions) -} - -func ListStylePositionHandler(value string) bool { - values := []string{"inside", "outside", "initial", "inherit"} - splitVals := splitValues(value) - return in(splitVals, values) -} - -func ListStyleTypeHandler(value string) bool { - values := []string{"disc", "armenian", "circle", "cjk-ideographic", "decimal", "decimal-leading-zero", "georgian", "hebrew", "hiragana", "hiragana-iroha", "katakana", "katakana-iroha", "lower-alpha", "lower-greek", "lower-latin", "lower-roman", "none", "square", "upper-alpha", "upper-greek", "upper-latin", "upper-roman", "initial", "inherit"} - splitVals := splitValues(value) - return in(splitVals, values) -} - -func MarginHandler(value string) bool { - values := []string{"auto", "initial", "inherit"} - if in([]string{value}, values) { - return true - } - splitVals := strings.Split(value, " ") - usedFunctions := []func(string) bool{ - MarginSideHandler, - } - return recursiveCheck(splitVals, usedFunctions) -} - -func MarginSideHandler(value string) bool { - if LengthHandler(value) { - return true - } - values := []string{"auto", "initial", "inherit"} - splitVals := splitValues(value) - return in(splitVals, values) -} - -func MaxHeightWidthHandler(value string) bool { - if LengthHandler(value) { - return true - } - values := []string{"none", "initial", "inherit"} - splitVals := splitValues(value) - return in(splitVals, values) -} - -func MinHeightWidthHandler(value string) bool { - if LengthHandler(value) { - return true - } - values := []string{"initial", "inherit"} - splitVals := splitValues(value) - return in(splitVals, values) -} - -func MixBlendModeHandler(value string) bool { - values := []string{"normal", "multiply", "screen", "overlay", "darken", "lighten", "color-dodge", "color-burn", "difference", "exclusion", "hue", "saturation", "color", "luminosity"} - splitVals := splitValues(value) - return in(splitVals, values) -} - -func ObjectFitHandler(value string) bool { - values := []string{"fill", "contain", "cover", "none", "scale-down", "initial", "inherit"} - splitVals := splitValues(value) - return in(splitVals, values) -} - -func ObjectPositionHandler(value string) bool { - values := []string{"initial", "inherit"} - if in([]string{value}, values) { - return true - } - splitVals := strings.Split(value, " ") - if len(splitVals) > 2 { - return false - } - usedFunctions := []func(string) bool{ - LengthHandler, - } - return recursiveCheck(splitVals, usedFunctions) -} - -func OpacityHandler(value string) bool { - if Opacity.MatchString(value) { - return true - } - values := []string{"initial", "inherit"} - splitVals := splitValues(value) - return in(splitVals, values) -} - -func OrderHandler(value string) bool { - if Numeric.MatchString(value) { - return true - } - values := []string{"initial", "inherit"} - splitVals := splitValues(value) - return in(splitVals, values) -} - -func OutlineHandler(value string) bool { - values := []string{"initial", "inherit"} - if in([]string{value}, values) { - return true - } - splitVals := strings.Split(value, " ") - usedFunctions := []func(string) bool{ - ColorHandler, - OutlineWidthHandler, - OutlineStyleHandler, - } - return recursiveCheck(splitVals, usedFunctions) -} - -func OutlineOffsetHandler(value string) bool { - if LengthHandler(value) { - return true - } - values := []string{"initial", "inherit"} - splitVals := splitValues(value) - return in(splitVals, values) -} - -func OutlineStyleHandler(value string) bool { - values := []string{"none", "hidden", "dotted", "dashed", "solid", "double", "groove", "ridge", "inset", "outset", "initial", "inherit"} - splitVals := splitValues(value) - return in(splitVals, values) -} - -func OutlineWidthHandler(value string) bool { - if LengthHandler(value) { - return true - } - values := []string{"medium", "thin", "thick", "initial", "inherit"} - splitVals := splitValues(value) - return in(splitVals, values) -} - -func OverflowHandler(value string) bool { - values := []string{"visible", "hidden", "scroll", "auto", "initial", "inherit"} - splitVals := splitValues(value) - return in(splitVals, values) -} - -func OverflowXYHandler(value string) bool { - values := []string{"visible", "hidden", "scroll", "auto", "initial", "inherit"} - splitVals := splitValues(value) - return in(splitVals, values) -} - -func OverflowWrapHandler(value string) bool { - values := []string{"normal", "break-word", "anywhere"} - splitVals := splitValues(value) - return in(splitVals, values) -} - -func OrphansHandler(value string) bool { - return Numeric.MatchString(value) -} - -func PaddingHandler(value string) bool { - values := []string{"initial", "inherit"} - if in([]string{value}, values) { - return true - } - splitVals := strings.Split(value, " ") - if len(splitVals) > 4 { - return false - } - usedFunctions := []func(string) bool{ - PaddingSideHandler, - } - return recursiveCheck(splitVals, usedFunctions) -} - -func PaddingSideHandler(value string) bool { - if LengthHandler(value) { - return true - } - values := []string{"initial", "inherit"} - splitVals := splitValues(value) - return in(splitVals, values) -} - -func PageBreakBeforeAfterHandler(value string) bool { - values := []string{"auto", "always", "avoid", "left", "right", "initial", "inherit"} - splitVals := splitValues(value) - return in(splitVals, values) -} - -func PageBreakInsideHandler(value string) bool { - values := []string{"auto", "avoid", "initial", "inherit"} - splitVals := splitValues(value) - return in(splitVals, values) -} - -func PerspectiveHandler(value string) bool { - if LengthHandler(value) { - return true - } - values := []string{"none", "initial", "inherit"} - splitVals := splitValues(value) - return in(splitVals, values) -} - -func PerspectiveOriginHandler(value string) bool { - values := []string{"initial", "inherit"} - if in([]string{value}, values) { - return true - } - splitVals := strings.Split(value, " ") - xValues := []string{"left", "center", "right"} - yValues := []string{"top", "center", "bottom"} - if len(splitVals) > 1 { - if !in([]string{splitVals[0]}, xValues) && !LengthHandler(splitVals[0]) { - return false - } - return in([]string{splitVals[1]}, yValues) || LengthHandler(splitVals[1]) - } else if len(splitVals) == 1 { - return in(splitVals, xValues) || in(splitVals, yValues) || LengthHandler(splitVals[0]) - } - return false -} - -func PointerEventsHandler(value string) bool { - values := []string{"auto", "none", "initial", "inherit"} - splitVals := splitValues(value) - return in(splitVals, values) -} - -func PositionHandler(value string) bool { - values := []string{"static", "absolute", "fixed", "relative", "sticky", "initial", "inherit"} - splitVals := splitValues(value) - return in(splitVals, values) -} - -func QuotesHandler(value string) bool { - values := []string{"none", "initial", "inherit"} - splitVals := splitValues(value) - if in(splitVals, values) { - return true - } - return Quotes.MatchString(value) -} - -func ResizeHandler(value string) bool { - values := []string{"none", "both", "horizontal", "vertical", "initial", "inherit"} - splitVals := splitValues(value) - return in(splitVals, values) -} - -func ScrollBehaviorHandler(value string) bool { - values := []string{"auto", "smooth", "initial", "inherit"} - splitVals := splitValues(value) - return in(splitVals, values) -} - -func TabSizeHandler(value string) bool { - if LengthHandler(value) { - return true - } - values := []string{"initial", "inherit"} - splitVals := splitValues(value) - return in(splitVals, values) -} - -func TableLayoutHandler(value string) bool { - values := []string{"auto", "fixed", "initial", "inherit"} - splitVals := splitValues(value) - return in(splitVals, values) -} - -func TextAlignHandler(value string) bool { - values := []string{"left", "right", "center", "justify", "initial", "inherit"} - splitVals := splitValues(value) - return in(splitVals, values) -} - -func TextAlignLastHandler(value string) bool { - values := []string{"auto", "left", "right", "center", "justify", "start", "end", "initial", "inherit"} - splitVals := splitValues(value) - return in(splitVals, values) -} - -func TextCombineUprightHandler(value string) bool { - values := []string{"none", "all"} - splitVals := splitValues(value) - if in(splitVals, values) { - return true - } - return Digits.MatchString(value) -} - -func TextDecorationHandler(value string) bool { - values := []string{"initial", "inherit"} - if in([]string{value}, values) { - return true - } - splitVals := strings.Split(value, " ") - usedFunctions := []func(string) bool{ - TextDecorationStyleHandler, - ColorHandler, - TextDecorationLineHandler, - } - return recursiveCheck(splitVals, usedFunctions) -} - -func TextDecorationLineHandler(value string) bool { - values := []string{"none", "underline", "overline", "line-through", "initial", "inherit"} - splitVals := strings.Split(value, " ") - return in(splitVals, values) -} - -func TextDecorationStyleHandler(value string) bool { - values := []string{"solid", "double", "dotted", "dashed", "wavy", "initial", "inherit"} - splitVals := splitValues(value) - return in(splitVals, values) -} - -func TextIndentHandler(value string) bool { - if LengthHandler(value) { - return true - } - values := []string{"initial", "inherit"} - splitVals := splitValues(value) - return in(splitVals, values) -} - -func TextJustifyHandler(value string) bool { - values := []string{"auto", "inter-word", "inter-character", "none", "initial", "inherit"} - splitVals := splitValues(value) - return in(splitVals, values) -} - -func TextOverflowHandler(value string) bool { - if QuotedAlpha.MatchString(value) { - return true - } - values := []string{"clip", "ellipsis", "initial", "inherit"} - splitVals := splitValues(value) - return in(splitVals, values) -} - -func TextOrientationHandler(value string) bool { - values := []string{"mixed", "upright", "sideways", "sideways-right"} - splitVals := splitValues(value) - return in(splitVals, values) -} - -func TextShadowHandler(value string) bool { - values := []string{"none", "initial", "inherit"} - if in([]string{value}, values) { - return true - } - commaSplitVals := strings.Split(value, ",") - for _, val := range commaSplitVals { - splitVals := strings.Split(val, " ") - if len(splitVals) > 6 || len(splitVals) < 2 { - return false - } - if !LengthHandler(splitVals[0]) { - return false - } - if !LengthHandler(splitVals[1]) { - return false - } - usedFunctions := []func(string) bool{ - LengthHandler, - ColorHandler, - } - if len(splitVals) > 2 && !recursiveCheck(splitVals[2:], usedFunctions) { - return false - } - } - return true -} - -func TextTransformHandler(value string) bool { - values := []string{"none", "capitalize", "uppercase", "lowercase", "initial", "inherit"} - splitVals := splitValues(value) - return in(splitVals, values) -} - -func TransformHandler(value string) bool { - values := []string{"none", "initial", "inherit"} - if in([]string{value}, values) { - return true - } - if Matrix.MatchString(value) { - return true - } - if Matrix3D.MatchString(value) { - return true - } - subValue := string(TranslateScale.ReplaceAll([]byte(value), []byte{})) - trimValue := strings.Split(strings.TrimSuffix(subValue, ")"), ",") - valid := true - for _, i := range trimValue { - if !LengthHandler(strings.TrimSpace(i)) { - valid = false - break - } - } - if valid && trimValue != nil { - return true - } - if Rotate.MatchString(value) { - return true - } - if Rotate3D.MatchString(value) { - return true - } - subValue = string(Skew.ReplaceAll([]byte(value), []byte{})) - subValue = strings.TrimSuffix(subValue, ")") - trimValue = strings.Split(subValue, ",") - valid = true - for _, i := range trimValue { - if !LengthHandler(strings.TrimSpace(i)) { - valid = false - break - } - } - if valid { - return true - } - subValue = string(Perspective.ReplaceAll([]byte(value), []byte{})) - subValue = strings.TrimSuffix(subValue, ")") - return LengthHandler(subValue) -} - -func TransformOriginHandler(value string) bool { - values := []string{"initial", "inherit"} - if in([]string{value}, values) { - return true - } - splitVals := strings.Split(value, " ") - xValues := []string{"left", "center", "right"} - yValues := []string{"top", "center", "bottom"} - if len(splitVals) > 2 { - if !in([]string{splitVals[0]}, xValues) && !LengthHandler(splitVals[0]) { - return false - } - if !in([]string{splitVals[1]}, yValues) && !LengthHandler(splitVals[1]) { - return false - } - return LengthHandler(splitVals[2]) - } else if len(splitVals) > 1 { - if !in([]string{splitVals[0]}, xValues) && !LengthHandler(splitVals[0]) { - return false - } - return in([]string{splitVals[1]}, yValues) || LengthHandler(splitVals[1]) - } else if len(splitVals) == 1 { - return in(splitVals, xValues) || in(splitVals, yValues) || LengthHandler(splitVals[0]) - } - return false -} - -func TransformStyleHandler(value string) bool { - values := []string{"flat", "preserve-3d", "initial", "inherit"} - splitVals := splitValues(value) - return in(splitVals, values) -} - -func TransitionHandler(value string) bool { - values := []string{"initial", "inherit"} - if in([]string{value}, values) { - return true - } - splitVals := strings.Split(value, " ") - usedFunctions := []func(string) bool{ - TransitionPropertyHandler, - TransitionDurationHandler, - TimingFunctionHandler, - TransitionDelayHandler, - ColorHandler, - } - return recursiveCheck(splitVals, usedFunctions) -} - -func TransitionDelayHandler(value string) bool { - if Time.MatchString(value) { - return true - } - values := []string{"initial", "inherit"} - splitVals := splitValues(value) - return in(splitVals, values) -} - -func TransitionDurationHandler(value string) bool { - if Time.MatchString(value) { - return true - } - values := []string{"initial", "inherit"} - splitVals := splitValues(value) - return in(splitVals, values) -} - -func TransitionPropertyHandler(value string) bool { - if TransitionProp.MatchString(value) { - return true - } - values := []string{"none", "all", "initial", "inherit"} - splitVals := splitValues(value) - return in(splitVals, values) -} - -func UnicodeBidiHandler(value string) bool { - values := []string{"normal", "embed", "bidi-override", "isolate", "isolate-override", "plaintext", "initial", "inherit"} - splitVals := splitValues(value) - return in(splitVals, values) -} - -func UserSelectHandler(value string) bool { - values := []string{"auto", "none", "text", "all"} - splitVals := splitValues(value) - return in(splitVals, values) -} - -func VerticalAlignHandler(value string) bool { - if LengthHandler(value) { - return true - } - values := []string{"baseline", "sub", "super", "top", "text-top", "middle", "bottom", "text-bottom", "initial", "inherit"} - splitVals := splitValues(value) - return in(splitVals, values) -} - -func VisiblityHandler(value string) bool { - values := []string{"visible", "hidden", "collapse", "initial", "inherit"} - splitVals := splitValues(value) - return in(splitVals, values) -} - -func WhiteSpaceHandler(value string) bool { - values := []string{"normal", "nowrap", "pre", "pre-line", "pre-wrap", "initial", "inherit"} - splitVals := splitValues(value) - return in(splitVals, values) -} - -func WidthHandler(value string) bool { - if LengthHandler(value) { - return true - } - values := []string{"auto", "initial", "inherit"} - splitVals := splitValues(value) - return in(splitVals, values) -} - -func WordSpacingHandler(value string) bool { - if LengthHandler(value) { - return true - } - values := []string{"normal", "initial", "inherit"} - splitVals := splitValues(value) - return in(splitVals, values) -} - -func WordBreakHandler(value string) bool { - values := []string{"normal", "break-all", "keep-all", "break-word", "initial", "inherit"} - splitVals := splitValues(value) - return in(splitVals, values) -} - -func WordWrapHandler(value string) bool { - values := []string{"normal", "break-word", "initial", "inherit"} - splitVals := splitValues(value) - return in(splitVals, values) -} - -func WritingModeHandler(value string) bool { - values := []string{"horizontal-tb", "vertical-rl", "vertical-lr"} - splitVals := splitValues(value) - return in(splitVals, values) -} - -func ZIndexHandler(value string) bool { - if ZIndex.MatchString(value) { - return true - } - values := []string{"auto", "initial", "inherit"} - splitVals := splitValues(value) - return in(splitVals, values) -} diff --git a/vendor/github.com/microcosm-cc/bluemonday/doc.go b/vendor/github.com/microcosm-cc/bluemonday/doc.go deleted file mode 100644 index d95e8a9d2..000000000 --- a/vendor/github.com/microcosm-cc/bluemonday/doc.go +++ /dev/null @@ -1,104 +0,0 @@ -// Copyright (c) 2014, David Kitchen <david@buro9.com> -// -// All rights reserved. -// -// Redistribution and use in source and binary forms, with or without -// modification, are permitted provided that the following conditions are met: -// -// * Redistributions of source code must retain the above copyright notice, this -// list of conditions and the following disclaimer. -// -// * Redistributions in binary form must reproduce the above copyright notice, -// this list of conditions and the following disclaimer in the documentation -// and/or other materials provided with the distribution. -// -// * Neither the name of the organisation (Microcosm) nor the names of its -// contributors may be used to endorse or promote products derived from -// this software without specific prior written permission. -// -// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" -// AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -// IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE -// DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE -// FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -// DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR -// SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER -// CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, -// OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE -// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - -/* -Package bluemonday provides a way of describing an allowlist of HTML elements -and attributes as a policy, and for that policy to be applied to untrusted -strings from users that may contain markup. All elements and attributes not on -the allowlist will be stripped. - -The default bluemonday.UGCPolicy().Sanitize() turns this: - - Hello <STYLE>.XSS{background-image:url("javascript:alert('XSS')");}</STYLE><A CLASS=XSS></A>World - -Into the more harmless: - - Hello World - -And it turns this: - - <a href="javascript:alert('XSS1')" onmouseover="alert('XSS2')">XSS<a> - -Into this: - - XSS - -Whilst still allowing this: - - <a href="http://www.google.com/"> - <img src="https://ssl.gstatic.com/accounts/ui/logo_2x.png"/> - </a> - -To pass through mostly unaltered (it gained a rel="nofollow"): - - <a href="http://www.google.com/" rel="nofollow"> - <img src="https://ssl.gstatic.com/accounts/ui/logo_2x.png"/> - </a> - -The primary purpose of bluemonday is to take potentially unsafe user generated -content (from things like Markdown, HTML WYSIWYG tools, etc) and make it safe -for you to put on your website. - -It protects sites against XSS (http://en.wikipedia.org/wiki/Cross-site_scripting) -and other malicious content that a user interface may deliver. There are many -vectors for an XSS attack (https://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet) -and the safest thing to do is to sanitize user input against a known safe list -of HTML elements and attributes. - -Note: You should always run bluemonday after any other processing. - -If you use blackfriday (https://github.com/russross/blackfriday) or -Pandoc (http://johnmacfarlane.net/pandoc/) then bluemonday should be run after -these steps. This ensures that no insecure HTML is introduced later in your -process. - -bluemonday is heavily inspired by both the OWASP Java HTML Sanitizer -(https://code.google.com/p/owasp-java-html-sanitizer/) and the HTML Purifier -(http://htmlpurifier.org/). - -We ship two default policies, one is bluemonday.StrictPolicy() and can be -thought of as equivalent to stripping all HTML elements and their attributes as -it has nothing on its allowlist. - -The other is bluemonday.UGCPolicy() and allows a broad selection of HTML -elements and attributes that are safe for user generated content. Note that -this policy does not allow iframes, object, embed, styles, script, etc. - -The essence of building a policy is to determine which HTML elements and -attributes are considered safe for your scenario. OWASP provide an XSS -prevention cheat sheet ( https://www.google.com/search?q=xss+prevention+cheat+sheet ) -to help explain the risks, but essentially: - - 1. Avoid allowing anything other than plain HTML elements - 2. Avoid allowing `script`, `style`, `iframe`, `object`, `embed`, `base` - elements - 3. Avoid allowing anything other than plain HTML elements with simple - values that you can match to a regexp -*/ -package bluemonday diff --git a/vendor/github.com/microcosm-cc/bluemonday/helpers.go b/vendor/github.com/microcosm-cc/bluemonday/helpers.go deleted file mode 100644 index aa0b7b92d..000000000 --- a/vendor/github.com/microcosm-cc/bluemonday/helpers.go +++ /dev/null @@ -1,300 +0,0 @@ -// Copyright (c) 2014, David Kitchen <david@buro9.com> -// -// All rights reserved. -// -// Redistribution and use in source and binary forms, with or without -// modification, are permitted provided that the following conditions are met: -// -// * Redistributions of source code must retain the above copyright notice, this -// list of conditions and the following disclaimer. -// -// * Redistributions in binary form must reproduce the above copyright notice, -// this list of conditions and the following disclaimer in the documentation -// and/or other materials provided with the distribution. -// -// * Neither the name of the organisation (Microcosm) nor the names of its -// contributors may be used to endorse or promote products derived from -// this software without specific prior written permission. -// -// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" -// AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -// IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE -// DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE -// FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -// DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR -// SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER -// CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, -// OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE -// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - -package bluemonday - -import ( - "encoding/base64" - "net/url" - "regexp" -) - -// A selection of regular expressions that can be used as .Matching() rules on -// HTML attributes. -var ( - // CellAlign handles the `align` attribute - // https://developer.mozilla.org/en-US/docs/Web/HTML/Element/td#attr-align - CellAlign = regexp.MustCompile(`(?i)^(center|justify|left|right|char)$`) - - // CellVerticalAlign handles the `valign` attribute - // https://developer.mozilla.org/en-US/docs/Web/HTML/Element/td#attr-valign - CellVerticalAlign = regexp.MustCompile(`(?i)^(baseline|bottom|middle|top)$`) - - // Direction handles the `dir` attribute - // https://developer.mozilla.org/en-US/docs/Web/HTML/Element/bdo#attr-dir - Direction = regexp.MustCompile(`(?i)^(rtl|ltr)$`) - - // ImageAlign handles the `align` attribute on the `image` tag - // http://www.w3.org/MarkUp/Test/Img/imgtest.html - ImageAlign = regexp.MustCompile( - `(?i)^(left|right|top|texttop|middle|absmiddle|baseline|bottom|absbottom)$`, - ) - - // Integer describes whole positive integers (including 0) used in places - // like td.colspan - // https://developer.mozilla.org/en-US/docs/Web/HTML/Element/td#attr-colspan - Integer = regexp.MustCompile(`^[0-9]+$`) - - // ISO8601 according to the W3 group is only a subset of the ISO8601 - // standard: http://www.w3.org/TR/NOTE-datetime - // - // Used in places like time.datetime - // https://developer.mozilla.org/en-US/docs/Web/HTML/Element/time#attr-datetime - // - // Matches patterns: - // Year: - // YYYY (eg 1997) - // Year and month: - // YYYY-MM (eg 1997-07) - // Complete date: - // YYYY-MM-DD (eg 1997-07-16) - // Complete date plus hours and minutes: - // YYYY-MM-DDThh:mmTZD (eg 1997-07-16T19:20+01:00) - // Complete date plus hours, minutes and seconds: - // YYYY-MM-DDThh:mm:ssTZD (eg 1997-07-16T19:20:30+01:00) - // Complete date plus hours, minutes, seconds and a decimal fraction of a - // second - // YYYY-MM-DDThh:mm:ss.sTZD (eg 1997-07-16T19:20:30.45+01:00) - ISO8601 = regexp.MustCompile( - `^[0-9]{4}(-[0-9]{2}(-[0-9]{2}([ T][0-9]{2}(:[0-9]{2}){1,2}(.[0-9]{1,6})` + - `?Z?([\+-][0-9]{2}:[0-9]{2})?)?)?)?$`, - ) - - // ListType encapsulates the common value as well as the latest spec - // values for lists - // https://developer.mozilla.org/en-US/docs/Web/HTML/Element/ol#attr-type - ListType = regexp.MustCompile(`(?i)^(circle|disc|square|a|A|i|I|1)$`) - - // SpaceSeparatedTokens is used in places like `a.rel` and the common attribute - // `class` which both contain space delimited lists of data tokens - // http://www.w3.org/TR/html-markup/datatypes.html#common.data.tokens-def - // Regexp: \p{L} matches unicode letters, \p{N} matches unicode numbers - SpaceSeparatedTokens = regexp.MustCompile(`^([\s\p{L}\p{N}_-]+)$`) - - // Number is a double value used on HTML5 meter and progress elements - // http://www.whatwg.org/specs/web-apps/current-work/multipage/the-button-element.html#the-meter-element - Number = regexp.MustCompile(`^[-+]?[0-9]*\.?[0-9]+([eE][-+]?[0-9]+)?$`) - - // NumberOrPercent is used predominantly as units of measurement in width - // and height attributes - // https://developer.mozilla.org/en-US/docs/Web/HTML/Element/img#attr-height - NumberOrPercent = regexp.MustCompile(`^[0-9]+[%]?$`) - - // Paragraph of text in an attribute such as *.'title', img.alt, etc - // https://developer.mozilla.org/en-US/docs/Web/HTML/Global_attributes#attr-title - // Note that we are not allowing chars that could close tags like '>' - Paragraph = regexp.MustCompile(`^[\p{L}\p{N}\s\-_',\[\]!\./\\\(\)]*$`) - - // dataURIImagePrefix is used by AllowDataURIImages to define the acceptable - // prefix of data URIs that contain common web image formats. - // - // This is not exported as it's not useful by itself, and only has value - // within the AllowDataURIImages func - dataURIImagePrefix = regexp.MustCompile( - `^image/(gif|jpeg|png|svg\+xml|webp);base64,`, - ) -) - -// AllowStandardURLs is a convenience function that will enable rel="nofollow" -// on "a", "area" and "link" (if you have allowed those elements) and will -// ensure that the URL values are parseable and either relative or belong to the -// "mailto", "http", or "https" schemes -func (p *Policy) AllowStandardURLs() { - // URLs must be parseable by net/url.Parse() - p.RequireParseableURLs(true) - - // !url.IsAbs() is permitted - p.AllowRelativeURLs(true) - - // Most common URL schemes only - p.AllowURLSchemes("mailto", "http", "https") - - // For linking elements we will add rel="nofollow" if it does not already exist - // This applies to "a" "area" "link" - p.RequireNoFollowOnLinks(true) -} - -// AllowStandardAttributes will enable "id", "title" and the language specific -// attributes "dir" and "lang" on all elements that are allowed -func (p *Policy) AllowStandardAttributes() { - // "dir" "lang" are permitted as both language attributes affect charsets - // and direction of text. - p.AllowAttrs("dir").Matching(Direction).Globally() - p.AllowAttrs( - "lang", - ).Matching(regexp.MustCompile(`[a-zA-Z]{2,20}`)).Globally() - - // "id" is permitted. This is pretty much as some HTML elements require this - // to work well ("dfn" is an example of a "id" being value) - // This does create a risk that JavaScript and CSS within your web page - // might identify the wrong elements. Ensure that you select things - // accurately - p.AllowAttrs("id").Matching( - regexp.MustCompile(`[a-zA-Z0-9\:\-_\.]+`), - ).Globally() - - // "title" is permitted as it improves accessibility. - p.AllowAttrs("title").Matching(Paragraph).Globally() -} - -// AllowStyling presently enables the class attribute globally. -// -// Note: When bluemonday ships a CSS parser and we can safely sanitise that, -// this will also allow sanitized styling of elements via the style attribute. -func (p *Policy) AllowStyling() { - - // "class" is permitted globally - p.AllowAttrs("class").Matching(SpaceSeparatedTokens).Globally() -} - -// AllowImages enables the img element and some popular attributes. It will also -// ensure that URL values are parseable. This helper does not enable data URI -// images, for that you should also use the AllowDataURIImages() helper. -func (p *Policy) AllowImages() { - - // "img" is permitted - p.AllowAttrs("align").Matching(ImageAlign).OnElements("img") - p.AllowAttrs("alt").Matching(Paragraph).OnElements("img") - p.AllowAttrs("height", "width").Matching(NumberOrPercent).OnElements("img") - - // Standard URLs enabled - p.AllowStandardURLs() - p.AllowAttrs("src").OnElements("img") -} - -// AllowDataURIImages permits the use of inline images defined in RFC2397 -// http://tools.ietf.org/html/rfc2397 -// http://en.wikipedia.org/wiki/Data_URI_scheme -// -// Images must have a mimetype matching: -// -// image/gif -// image/jpeg -// image/png -// image/webp -// -// NOTE: There is a potential security risk to allowing data URIs and you should -// only permit them on content you already trust. -// http://palizine.plynt.com/issues/2010Oct/bypass-xss-filters/ -// https://capec.mitre.org/data/definitions/244.html -func (p *Policy) AllowDataURIImages() { - - // URLs must be parseable by net/url.Parse() - p.RequireParseableURLs(true) - - // Supply a function to validate images contained within data URI - p.AllowURLSchemeWithCustomPolicy( - "data", - func(url *url.URL) (allowUrl bool) { - if url.RawQuery != "" || url.Fragment != "" { - return false - } - - matched := dataURIImagePrefix.FindString(url.Opaque) - if matched == "" { - return false - } - - _, err := base64.StdEncoding.DecodeString(url.Opaque[len(matched):]) - return err == nil - }, - ) -} - -// AllowLists will enabled ordered and unordered lists, as well as definition -// lists -func (p *Policy) AllowLists() { - // "ol" "ul" are permitted - p.AllowAttrs("type").Matching(ListType).OnElements("ol", "ul") - - // "li" is permitted - p.AllowAttrs("type").Matching(ListType).OnElements("li") - p.AllowAttrs("value").Matching(Integer).OnElements("li") - - // "dl" "dt" "dd" are permitted - p.AllowElements("dl", "dt", "dd") -} - -// AllowTables will enable a rich set of elements and attributes to describe -// HTML tables -func (p *Policy) AllowTables() { - - // "table" is permitted - p.AllowAttrs("height", "width").Matching(NumberOrPercent).OnElements("table") - p.AllowAttrs("summary").Matching(Paragraph).OnElements("table") - - // "caption" is permitted - p.AllowElements("caption") - - // "col" "colgroup" are permitted - p.AllowAttrs("align").Matching(CellAlign).OnElements("col", "colgroup") - p.AllowAttrs("height", "width").Matching( - NumberOrPercent, - ).OnElements("col", "colgroup") - p.AllowAttrs("span").Matching(Integer).OnElements("colgroup", "col") - p.AllowAttrs("valign").Matching( - CellVerticalAlign, - ).OnElements("col", "colgroup") - - // "thead" "tr" are permitted - p.AllowAttrs("align").Matching(CellAlign).OnElements("thead", "tr") - p.AllowAttrs("valign").Matching(CellVerticalAlign).OnElements("thead", "tr") - - // "td" "th" are permitted - p.AllowAttrs("abbr").Matching(Paragraph).OnElements("td", "th") - p.AllowAttrs("align").Matching(CellAlign).OnElements("td", "th") - p.AllowAttrs("colspan", "rowspan").Matching(Integer).OnElements("td", "th") - p.AllowAttrs("headers").Matching( - SpaceSeparatedTokens, - ).OnElements("td", "th") - p.AllowAttrs("height", "width").Matching( - NumberOrPercent, - ).OnElements("td", "th") - p.AllowAttrs( - "scope", - ).Matching( - regexp.MustCompile(`(?i)(?:row|col)(?:group)?`), - ).OnElements("td", "th") - p.AllowAttrs("valign").Matching(CellVerticalAlign).OnElements("td", "th") - p.AllowAttrs("nowrap").Matching( - regexp.MustCompile(`(?i)|nowrap`), - ).OnElements("td", "th") - - // "tbody" "tfoot" - p.AllowAttrs("align").Matching(CellAlign).OnElements("tbody", "tfoot") - p.AllowAttrs("valign").Matching( - CellVerticalAlign, - ).OnElements("tbody", "tfoot") -} - -func (p *Policy) AllowIFrames(vals ...SandboxValue) { - p.AllowAttrs("sandbox").OnElements("iframe") - - p.RequireSandboxOnIFrame(vals...) -} diff --git a/vendor/github.com/microcosm-cc/bluemonday/policies.go b/vendor/github.com/microcosm-cc/bluemonday/policies.go deleted file mode 100644 index 570bba886..000000000 --- a/vendor/github.com/microcosm-cc/bluemonday/policies.go +++ /dev/null @@ -1,253 +0,0 @@ -// Copyright (c) 2014, David Kitchen <david@buro9.com> -// -// All rights reserved. -// -// Redistribution and use in source and binary forms, with or without -// modification, are permitted provided that the following conditions are met: -// -// * Redistributions of source code must retain the above copyright notice, this -// list of conditions and the following disclaimer. -// -// * Redistributions in binary form must reproduce the above copyright notice, -// this list of conditions and the following disclaimer in the documentation -// and/or other materials provided with the distribution. -// -// * Neither the name of the organisation (Microcosm) nor the names of its -// contributors may be used to endorse or promote products derived from -// this software without specific prior written permission. -// -// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" -// AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -// IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE -// DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE -// FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -// DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR -// SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER -// CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, -// OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE -// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - -package bluemonday - -import ( - "regexp" -) - -// StrictPolicy returns an empty policy, which will effectively strip all HTML -// elements and their attributes from a document. -func StrictPolicy() *Policy { - return NewPolicy() -} - -// StripTagsPolicy is DEPRECATED. Use StrictPolicy instead. -func StripTagsPolicy() *Policy { - return StrictPolicy() -} - -// UGCPolicy returns a policy aimed at user generated content that is a result -// of HTML WYSIWYG tools and Markdown conversions. -// -// This is expected to be a fairly rich document where as much markup as -// possible should be retained. Markdown permits raw HTML so we are basically -// providing a policy to sanitise HTML5 documents safely but with the -// least intrusion on the formatting expectations of the user. -func UGCPolicy() *Policy { - - p := NewPolicy() - - /////////////////////// - // Global attributes // - /////////////////////// - - // "class" is not permitted as we are not allowing users to style their own - // content - - p.AllowStandardAttributes() - - ////////////////////////////// - // Global URL format policy // - ////////////////////////////// - - p.AllowStandardURLs() - - //////////////////////////////// - // Declarations and structure // - //////////////////////////////// - - // "xml" "xslt" "DOCTYPE" "html" "head" are not permitted as we are - // expecting user generated content to be a fragment of HTML and not a full - // document. - - ////////////////////////// - // Sectioning root tags // - ////////////////////////// - - // "article" and "aside" are permitted and takes no attributes - p.AllowElements("article", "aside") - - // "body" is not permitted as we are expecting user generated content to be a fragment - // of HTML and not a full document. - - // "details" is permitted, including the "open" attribute which can either - // be blank or the value "open". - p.AllowAttrs( - "open", - ).Matching(regexp.MustCompile(`(?i)^(|open)$`)).OnElements("details") - - // "fieldset" is not permitted as we are not allowing forms to be created. - - // "figure" is permitted and takes no attributes - p.AllowElements("figure") - - // "nav" is not permitted as it is assumed that the site (and not the user) - // has defined navigation elements - - // "section" is permitted and takes no attributes - p.AllowElements("section") - - // "summary" is permitted and takes no attributes - p.AllowElements("summary") - - ////////////////////////// - // Headings and footers // - ////////////////////////// - - // "footer" is not permitted as we expect user content to be a fragment and - // not structural to this extent - - // "h1" through "h6" are permitted and take no attributes - p.AllowElements("h1", "h2", "h3", "h4", "h5", "h6") - - // "header" is not permitted as we expect user content to be a fragment and - // not structural to this extent - - // "hgroup" is permitted and takes no attributes - p.AllowElements("hgroup") - - ///////////////////////////////////// - // Content grouping and separating // - ///////////////////////////////////// - - // "blockquote" is permitted, including the "cite" attribute which must be - // a standard URL. - p.AllowAttrs("cite").OnElements("blockquote") - - // "br" "div" "hr" "p" "span" "wbr" are permitted and take no attributes - p.AllowElements("br", "div", "hr", "p", "span", "wbr") - - /////////// - // Links // - /////////// - - // "a" is permitted - p.AllowAttrs("href").OnElements("a") - - // "area" is permitted along with the attributes that map image maps work - p.AllowAttrs("name").Matching( - regexp.MustCompile(`^([\p{L}\p{N}_-]+)$`), - ).OnElements("map") - p.AllowAttrs("alt").Matching(Paragraph).OnElements("area") - p.AllowAttrs("coords").Matching( - regexp.MustCompile(`^([0-9]+,)+[0-9]+$`), - ).OnElements("area") - p.AllowAttrs("href").OnElements("area") - p.AllowAttrs("rel").Matching(SpaceSeparatedTokens).OnElements("area") - p.AllowAttrs("shape").Matching( - regexp.MustCompile(`(?i)^(default|circle|rect|poly)$`), - ).OnElements("area") - p.AllowAttrs("usemap").Matching( - regexp.MustCompile(`(?i)^#[\p{L}\p{N}_-]+$`), - ).OnElements("img") - - // "link" is not permitted - - ///////////////////// - // Phrase elements // - ///////////////////// - - // The following are all inline phrasing elements - p.AllowElements("abbr", "acronym", "cite", "code", "dfn", "em", - "figcaption", "mark", "s", "samp", "strong", "sub", "sup", "var") - - // "q" is permitted and "cite" is a URL and handled by URL policies - p.AllowAttrs("cite").OnElements("q") - - // "time" is permitted - p.AllowAttrs("datetime").Matching(ISO8601).OnElements("time") - - //////////////////// - // Style elements // - //////////////////// - - // block and inline elements that impart no semantic meaning but style the - // document - p.AllowElements("b", "i", "pre", "small", "strike", "tt", "u") - - // "style" is not permitted as we are not yet sanitising CSS and it is an - // XSS attack vector - - ////////////////////// - // HTML5 Formatting // - ////////////////////// - - // "bdi" "bdo" are permitted - p.AllowAttrs("dir").Matching(Direction).OnElements("bdi", "bdo") - - // "rp" "rt" "ruby" are permitted - p.AllowElements("rp", "rt", "ruby") - - /////////////////////////// - // HTML5 Change tracking // - /////////////////////////// - - // "del" "ins" are permitted - p.AllowAttrs("cite").Matching(Paragraph).OnElements("del", "ins") - p.AllowAttrs("datetime").Matching(ISO8601).OnElements("del", "ins") - - /////////// - // Lists // - /////////// - - p.AllowLists() - - //////////// - // Tables // - //////////// - - p.AllowTables() - - /////////// - // Forms // - /////////// - - // By and large, forms are not permitted. However there are some form - // elements that can be used to present data, and we do permit those - // - // "button" "fieldset" "input" "keygen" "label" "output" "select" "datalist" - // "textarea" "optgroup" "option" are all not permitted - - // "meter" is permitted - p.AllowAttrs( - "value", - "min", - "max", - "low", - "high", - "optimum", - ).Matching(Number).OnElements("meter") - - // "progress" is permitted - p.AllowAttrs("value", "max").Matching(Number).OnElements("progress") - - ////////////////////// - // Embedded content // - ////////////////////// - - // Vast majority not permitted - // "audio" "canvas" "embed" "iframe" "object" "param" "source" "svg" "track" - // "video" are all not permitted - - p.AllowImages() - - return p -} diff --git a/vendor/github.com/microcosm-cc/bluemonday/policy.go b/vendor/github.com/microcosm-cc/bluemonday/policy.go deleted file mode 100644 index b4f09879a..000000000 --- a/vendor/github.com/microcosm-cc/bluemonday/policy.go +++ /dev/null @@ -1,990 +0,0 @@ -// Copyright (c) 2014, David Kitchen <david@buro9.com> -// -// All rights reserved. -// -// Redistribution and use in source and binary forms, with or without -// modification, are permitted provided that the following conditions are met: -// -// * Redistributions of source code must retain the above copyright notice, this -// list of conditions and the following disclaimer. -// -// * Redistributions in binary form must reproduce the above copyright notice, -// this list of conditions and the following disclaimer in the documentation -// and/or other materials provided with the distribution. -// -// * Neither the name of the organisation (Microcosm) nor the names of its -// contributors may be used to endorse or promote products derived from -// this software without specific prior written permission. -// -// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" -// AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -// IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE -// DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE -// FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -// DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR -// SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER -// CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, -// OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE -// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - -package bluemonday - -//TODO sgutzwiller create map of styles to default handlers -//TODO sgutzwiller create handlers for various attributes -import ( - "net/url" - "regexp" - "strings" - - "github.com/microcosm-cc/bluemonday/css" -) - -// Policy encapsulates the allowlist of HTML elements and attributes that will -// be applied to the sanitised HTML. -// -// You should use bluemonday.NewPolicy() to create a blank policy as the -// unexported fields contain maps that need to be initialized. -type Policy struct { - - // Declares whether the maps have been initialized, used as a cheap check to - // ensure that those using Policy{} directly won't cause nil pointer - // exceptions - initialized bool - - // If true then we add spaces when stripping tags, specifically the closing - // tag is replaced by a space character. - addSpaces bool - - // When true, add rel="nofollow" to HTML a, area, and link tags - requireNoFollow bool - - // When true, add rel="nofollow" to HTML a, area, and link tags - // Will add for href="http://foo" - // Will skip for href="/foo" or href="foo" - requireNoFollowFullyQualifiedLinks bool - - // When true, add rel="noreferrer" to HTML a, area, and link tags - requireNoReferrer bool - - // When true, add rel="noreferrer" to HTML a, area, and link tags - // Will add for href="http://foo" - // Will skip for href="/foo" or href="foo" - requireNoReferrerFullyQualifiedLinks bool - - // When true, add crossorigin="anonymous" to HTML audio, img, link, script, and video tags - requireCrossOriginAnonymous bool - - // When true, add and filter sandbox attribute on iframe tags - requireSandboxOnIFrame map[string]bool - - // When true add target="_blank" to fully qualified links - // Will add for href="http://foo" - // Will skip for href="/foo" or href="foo" - addTargetBlankToFullyQualifiedLinks bool - - // When true, URLs must be parseable by "net/url" url.Parse() - requireParseableURLs bool - - // When true, u, _ := url.Parse("url"); !u.IsAbs() is permitted - allowRelativeURLs bool - - // When true, allow data attributes. - allowDataAttributes bool - - // When true, allow comments. - allowComments bool - - // map[htmlElementName]map[htmlAttributeName][]attrPolicy - elsAndAttrs map[string]map[string][]attrPolicy - - // elsMatchingAndAttrs stores regex based element matches along with attributes - elsMatchingAndAttrs map[*regexp.Regexp]map[string][]attrPolicy - - // map[htmlAttributeName][]attrPolicy - globalAttrs map[string][]attrPolicy - - // map[htmlElementName]map[cssPropertyName][]stylePolicy - elsAndStyles map[string]map[string][]stylePolicy - - // map[regex]map[cssPropertyName][]stylePolicy - elsMatchingAndStyles map[*regexp.Regexp]map[string][]stylePolicy - - // map[cssPropertyName][]stylePolicy - globalStyles map[string][]stylePolicy - - // If urlPolicy is nil, all URLs with matching schema are allowed. - // Otherwise, only the URLs with matching schema and urlPolicy(url) - // returning true are allowed. - allowURLSchemes map[string][]urlPolicy - - // These regexps are used to match allowed URL schemes, for example - // if one would want to allow all URL schemes, they would add `.+`. - // However pay attention as this can lead to XSS being rendered thus - // defeating the purpose of using a HTML sanitizer. - // The regexps are only considered if a schema was not explicitly - // handled by `AllowURLSchemes` or `AllowURLSchemeWithCustomPolicy`. - allowURLSchemeRegexps []*regexp.Regexp - - // If srcRewriter is not nil, it is used to rewrite the src attribute - // of tags that download resources, such as <img> and <script>. - // It requires that the URL is parsable by "net/url" url.Parse(). - srcRewriter urlRewriter - - // If an element has had all attributes removed as a result of a policy - // being applied, then the element would be removed from the output. - // - // However some elements are valid and have strong layout meaning without - // any attributes, i.e. <table>. To prevent those being removed we maintain - // a list of elements that are allowed to have no attributes and that will - // be maintained in the output HTML. - setOfElementsAllowedWithoutAttrs map[string]struct{} - - // If an element has had all attributes removed as a result of a policy - // being applied, then the element would be removed from the output. - // - // However some elements are valid and have strong layout meaning without - // any attributes, i.e. <table>. - // - // In this case, any element matching a regular expression will be accepted without - // attributes added. - setOfElementsMatchingAllowedWithoutAttrs []*regexp.Regexp - - setOfElementsToSkipContent map[string]struct{} - - // Permits fundamentally unsafe elements. - // - // If false (default) then elements such as `style` and `script` will not be - // permitted even if declared in a policy. These elements when combined with - // untrusted input cannot be safely handled by bluemonday at this point in - // time. - // - // If true then `style` and `script` would be permitted by bluemonday if a - // policy declares them. However this is not recommended under any circumstance - // and can lead to XSS being rendered thus defeating the purpose of using a - // HTML sanitizer. - allowUnsafe bool -} - -type attrPolicy struct { - - // optional pattern to match, when not nil the regexp needs to match - // otherwise the attribute is removed - regexp *regexp.Regexp -} - -type stylePolicy struct { - // handler to validate - handler func(string) bool - - // optional pattern to match, when not nil the regexp needs to match - // otherwise the property is removed - regexp *regexp.Regexp - - // optional list of allowed property values, for properties which - // have a defined list of allowed values; property will be removed - // if the value is not allowed - enum []string -} - -type attrPolicyBuilder struct { - p *Policy - - attrNames []string - regexp *regexp.Regexp - allowEmpty bool -} - -type stylePolicyBuilder struct { - p *Policy - - propertyNames []string - regexp *regexp.Regexp - enum []string - handler func(string) bool -} - -type urlPolicy func(url *url.URL) (allowUrl bool) - -type urlRewriter func(*url.URL) - -type SandboxValue int64 - -const ( - SandboxAllowDownloads SandboxValue = iota - SandboxAllowDownloadsWithoutUserActivation - SandboxAllowForms - SandboxAllowModals - SandboxAllowOrientationLock - SandboxAllowPointerLock - SandboxAllowPopups - SandboxAllowPopupsToEscapeSandbox - SandboxAllowPresentation - SandboxAllowSameOrigin - SandboxAllowScripts - SandboxAllowStorageAccessByUserActivation - SandboxAllowTopNavigation - SandboxAllowTopNavigationByUserActivation -) - -// init initializes the maps if this has not been done already -func (p *Policy) init() { - if !p.initialized { - p.elsAndAttrs = make(map[string]map[string][]attrPolicy) - p.elsMatchingAndAttrs = make(map[*regexp.Regexp]map[string][]attrPolicy) - p.globalAttrs = make(map[string][]attrPolicy) - p.elsAndStyles = make(map[string]map[string][]stylePolicy) - p.elsMatchingAndStyles = make(map[*regexp.Regexp]map[string][]stylePolicy) - p.globalStyles = make(map[string][]stylePolicy) - p.allowURLSchemes = make(map[string][]urlPolicy) - p.allowURLSchemeRegexps = make([]*regexp.Regexp, 0) - p.setOfElementsAllowedWithoutAttrs = make(map[string]struct{}) - p.setOfElementsToSkipContent = make(map[string]struct{}) - p.initialized = true - } -} - -// NewPolicy returns a blank policy with nothing allowed or permitted. This -// is the recommended way to start building a policy and you should now use -// AllowAttrs() and/or AllowElements() to construct the allowlist of HTML -// elements and attributes. -func NewPolicy() *Policy { - - p := Policy{} - - p.addDefaultElementsWithoutAttrs() - p.addDefaultSkipElementContent() - - return &p -} - -// AllowAttrs takes a range of HTML attribute names and returns an -// attribute policy builder that allows you to specify the pattern and scope of -// the allowed attribute. -// -// The attribute policy is only added to the core policy when either Globally() -// or OnElements(...) are called. -func (p *Policy) AllowAttrs(attrNames ...string) *attrPolicyBuilder { - - p.init() - - abp := attrPolicyBuilder{ - p: p, - allowEmpty: false, - } - - for _, attrName := range attrNames { - abp.attrNames = append(abp.attrNames, strings.ToLower(attrName)) - } - - return &abp -} - -// AllowDataAttributes permits all data attributes. We can't specify the name -// of each attribute exactly as they are customized. -// -// NOTE: These values are not sanitized and applications that evaluate or process -// them without checking and verification of the input may be at risk if this option -// is enabled. This is a 'caveat emptor' option and the person enabling this option -// needs to fully understand the potential impact with regards to whatever application -// will be consuming the sanitized HTML afterwards, i.e. if you know you put a link in a -// data attribute and use that to automatically load some new window then you're giving -// the author of a HTML fragment the means to open a malicious destination automatically. -// Use with care! -func (p *Policy) AllowDataAttributes() { - p.allowDataAttributes = true -} - -// AllowComments allows comments. -// -// Please note that only one type of comment will be allowed by this, this is the -// the standard HTML comment <!-- --> which includes the use of that to permit -// conditionals as per https://docs.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/ms537512(v=vs.85)?redirectedfrom=MSDN -// -// What is not permitted are CDATA XML comments, as the x/net/html package we depend -// on does not handle this fully and we are not choosing to take on that work: -// https://pkg.go.dev/golang.org/x/net/html#Tokenizer.AllowCDATA . If the x/net/html -// package changes this then these will be considered, otherwise if you AllowComments -// but provide a CDATA comment, then as per the documentation in x/net/html this will -// be treated as a plain HTML comment. -func (p *Policy) AllowComments() { - p.allowComments = true -} - -// AllowNoAttrs says that attributes on element are optional. -// -// The attribute policy is only added to the core policy when OnElements(...) -// are called. -func (p *Policy) AllowNoAttrs() *attrPolicyBuilder { - - p.init() - - abp := attrPolicyBuilder{ - p: p, - allowEmpty: true, - } - return &abp -} - -// AllowNoAttrs says that attributes on element are optional. -// -// The attribute policy is only added to the core policy when OnElements(...) -// are called. -func (abp *attrPolicyBuilder) AllowNoAttrs() *attrPolicyBuilder { - - abp.allowEmpty = true - - return abp -} - -// Matching allows a regular expression to be applied to a nascent attribute -// policy, and returns the attribute policy. -func (abp *attrPolicyBuilder) Matching(regex *regexp.Regexp) *attrPolicyBuilder { - - abp.regexp = regex - - return abp -} - -// OnElements will bind an attribute policy to a given range of HTML elements -// and return the updated policy -func (abp *attrPolicyBuilder) OnElements(elements ...string) *Policy { - - for _, element := range elements { - element = strings.ToLower(element) - - for _, attr := range abp.attrNames { - - if _, ok := abp.p.elsAndAttrs[element]; !ok { - abp.p.elsAndAttrs[element] = make(map[string][]attrPolicy) - } - - ap := attrPolicy{} - if abp.regexp != nil { - ap.regexp = abp.regexp - } - - abp.p.elsAndAttrs[element][attr] = append(abp.p.elsAndAttrs[element][attr], ap) - } - - if abp.allowEmpty { - abp.p.setOfElementsAllowedWithoutAttrs[element] = struct{}{} - - if _, ok := abp.p.elsAndAttrs[element]; !ok { - abp.p.elsAndAttrs[element] = make(map[string][]attrPolicy) - } - } - } - - return abp.p -} - -// OnElementsMatching will bind an attribute policy to all elements matching a given regex -// and return the updated policy -func (abp *attrPolicyBuilder) OnElementsMatching(regex *regexp.Regexp) *Policy { - for _, attr := range abp.attrNames { - if _, ok := abp.p.elsMatchingAndAttrs[regex]; !ok { - abp.p.elsMatchingAndAttrs[regex] = make(map[string][]attrPolicy) - } - ap := attrPolicy{} - if abp.regexp != nil { - ap.regexp = abp.regexp - } - abp.p.elsMatchingAndAttrs[regex][attr] = append(abp.p.elsMatchingAndAttrs[regex][attr], ap) - } - - if abp.allowEmpty { - abp.p.setOfElementsMatchingAllowedWithoutAttrs = append(abp.p.setOfElementsMatchingAllowedWithoutAttrs, regex) - if _, ok := abp.p.elsMatchingAndAttrs[regex]; !ok { - abp.p.elsMatchingAndAttrs[regex] = make(map[string][]attrPolicy) - } - } - - return abp.p -} - -// Globally will bind an attribute policy to all HTML elements and return the -// updated policy -func (abp *attrPolicyBuilder) Globally() *Policy { - - for _, attr := range abp.attrNames { - if _, ok := abp.p.globalAttrs[attr]; !ok { - abp.p.globalAttrs[attr] = []attrPolicy{} - } - - ap := attrPolicy{} - if abp.regexp != nil { - ap.regexp = abp.regexp - } - - abp.p.globalAttrs[attr] = append(abp.p.globalAttrs[attr], ap) - } - - return abp.p -} - -// AllowStyles takes a range of CSS property names and returns a -// style policy builder that allows you to specify the pattern and scope of -// the allowed property. -// -// The style policy is only added to the core policy when either Globally() -// or OnElements(...) are called. -func (p *Policy) AllowStyles(propertyNames ...string) *stylePolicyBuilder { - - p.init() - - abp := stylePolicyBuilder{ - p: p, - } - - for _, propertyName := range propertyNames { - abp.propertyNames = append(abp.propertyNames, strings.ToLower(propertyName)) - } - - return &abp -} - -// Matching allows a regular expression to be applied to a nascent style -// policy, and returns the style policy. -func (spb *stylePolicyBuilder) Matching(regex *regexp.Regexp) *stylePolicyBuilder { - - spb.regexp = regex - - return spb -} - -// MatchingEnum allows a list of allowed values to be applied to a nascent style -// policy, and returns the style policy. -func (spb *stylePolicyBuilder) MatchingEnum(enum ...string) *stylePolicyBuilder { - - spb.enum = enum - - return spb -} - -// MatchingHandler allows a handler to be applied to a nascent style -// policy, and returns the style policy. -func (spb *stylePolicyBuilder) MatchingHandler(handler func(string) bool) *stylePolicyBuilder { - - spb.handler = handler - - return spb -} - -// OnElements will bind a style policy to a given range of HTML elements -// and return the updated policy -func (spb *stylePolicyBuilder) OnElements(elements ...string) *Policy { - - for _, element := range elements { - element = strings.ToLower(element) - - for _, attr := range spb.propertyNames { - - if _, ok := spb.p.elsAndStyles[element]; !ok { - spb.p.elsAndStyles[element] = make(map[string][]stylePolicy) - } - - sp := stylePolicy{} - if spb.handler != nil { - sp.handler = spb.handler - } else if len(spb.enum) > 0 { - sp.enum = spb.enum - } else if spb.regexp != nil { - sp.regexp = spb.regexp - } else { - sp.handler = css.GetDefaultHandler(attr) - } - spb.p.elsAndStyles[element][attr] = append(spb.p.elsAndStyles[element][attr], sp) - } - } - - return spb.p -} - -// OnElementsMatching will bind a style policy to any HTML elements matching the pattern -// and return the updated policy -func (spb *stylePolicyBuilder) OnElementsMatching(regex *regexp.Regexp) *Policy { - - for _, attr := range spb.propertyNames { - - if _, ok := spb.p.elsMatchingAndStyles[regex]; !ok { - spb.p.elsMatchingAndStyles[regex] = make(map[string][]stylePolicy) - } - - sp := stylePolicy{} - if spb.handler != nil { - sp.handler = spb.handler - } else if len(spb.enum) > 0 { - sp.enum = spb.enum - } else if spb.regexp != nil { - sp.regexp = spb.regexp - } else { - sp.handler = css.GetDefaultHandler(attr) - } - spb.p.elsMatchingAndStyles[regex][attr] = append(spb.p.elsMatchingAndStyles[regex][attr], sp) - } - - return spb.p -} - -// Globally will bind a style policy to all HTML elements and return the -// updated policy -func (spb *stylePolicyBuilder) Globally() *Policy { - - for _, attr := range spb.propertyNames { - if _, ok := spb.p.globalStyles[attr]; !ok { - spb.p.globalStyles[attr] = []stylePolicy{} - } - - // Use only one strategy for validating styles, fallback to default - sp := stylePolicy{} - if spb.handler != nil { - sp.handler = spb.handler - } else if len(spb.enum) > 0 { - sp.enum = spb.enum - } else if spb.regexp != nil { - sp.regexp = spb.regexp - } else { - sp.handler = css.GetDefaultHandler(attr) - } - spb.p.globalStyles[attr] = append(spb.p.globalStyles[attr], sp) - } - - return spb.p -} - -// AllowElements will append HTML elements to the allowlist without applying an -// attribute policy to those elements (the elements are permitted -// sans-attributes) -func (p *Policy) AllowElements(names ...string) *Policy { - p.init() - - for _, element := range names { - element = strings.ToLower(element) - - if _, ok := p.elsAndAttrs[element]; !ok { - p.elsAndAttrs[element] = make(map[string][]attrPolicy) - } - } - - return p -} - -// AllowElementsMatching will append HTML elements to the allowlist if they -// match a regexp. -func (p *Policy) AllowElementsMatching(regex *regexp.Regexp) *Policy { - p.init() - if _, ok := p.elsMatchingAndAttrs[regex]; !ok { - p.elsMatchingAndAttrs[regex] = make(map[string][]attrPolicy) - } - return p -} - -// AllowURLSchemesMatching will append URL schemes to the allowlist if they -// match a regexp. -func (p *Policy) AllowURLSchemesMatching(r *regexp.Regexp) *Policy { - p.allowURLSchemeRegexps = append(p.allowURLSchemeRegexps, r) - return p -} - -// RewriteSrc will rewrite the src attribute of a resource downloading tag -// (e.g. <img>, <script>, <iframe>) using the provided function. -// -// Typically the use case here is that if the content that we're sanitizing -// is untrusted then the content that is inlined is also untrusted. -// To prevent serving this content on the same domain as the content appears -// on it is good practise to proxy the content through an additional domain -// name as this will force the web client to consider the inline content as -// third party to the main content, thus providing browser isolation around -// the inline content. -// -// An example of this is a web mail provider like fastmail.com , when an -// email (user generated content) is displayed, the email text is shown on -// fastmail.com but the inline attachments and content are rendered from -// fastmailusercontent.com . This proxying of the external content on a -// domain that is different to the content domain forces the browser domain -// security model to kick in. Note that this only applies to differences -// below the suffix (as per the publix suffix list). -// -// This is a good practise to adopt as it prevents the content from being -// able to set cookies on the main domain and thus prevents the content on -// the main domain from being able to read those cookies. -func (p *Policy) RewriteSrc(fn urlRewriter) *Policy { - p.srcRewriter = fn - return p -} - -// RequireNoFollowOnLinks will result in all a, area, link tags having a -// rel="nofollow"added to them if one does not already exist -// -// Note: This requires p.RequireParseableURLs(true) and will enable it. -func (p *Policy) RequireNoFollowOnLinks(require bool) *Policy { - - p.requireNoFollow = require - p.requireParseableURLs = true - - return p -} - -// RequireNoFollowOnFullyQualifiedLinks will result in all a, area, and link -// tags that point to a non-local destination (i.e. starts with a protocol and -// has a host) having a rel="nofollow" added to them if one does not already -// exist -// -// Note: This requires p.RequireParseableURLs(true) and will enable it. -func (p *Policy) RequireNoFollowOnFullyQualifiedLinks(require bool) *Policy { - - p.requireNoFollowFullyQualifiedLinks = require - p.requireParseableURLs = true - - return p -} - -// RequireNoReferrerOnLinks will result in all a, area, and link tags having a -// rel="noreferrrer" added to them if one does not already exist -// -// Note: This requires p.RequireParseableURLs(true) and will enable it. -func (p *Policy) RequireNoReferrerOnLinks(require bool) *Policy { - - p.requireNoReferrer = require - p.requireParseableURLs = true - - return p -} - -// RequireNoReferrerOnFullyQualifiedLinks will result in all a, area, and link -// tags that point to a non-local destination (i.e. starts with a protocol and -// has a host) having a rel="noreferrer" added to them if one does not already -// exist -// -// Note: This requires p.RequireParseableURLs(true) and will enable it. -func (p *Policy) RequireNoReferrerOnFullyQualifiedLinks(require bool) *Policy { - - p.requireNoReferrerFullyQualifiedLinks = require - p.requireParseableURLs = true - - return p -} - -// RequireCrossOriginAnonymous will result in all audio, img, link, script, and -// video tags having a crossorigin="anonymous" added to them if one does not -// already exist -func (p *Policy) RequireCrossOriginAnonymous(require bool) *Policy { - - p.requireCrossOriginAnonymous = require - - return p -} - -// AddTargetBlankToFullyQualifiedLinks will result in all a, area and link tags -// that point to a non-local destination (i.e. starts with a protocol and has a -// host) having a target="_blank" added to them if one does not already exist -// -// Note: This requires p.RequireParseableURLs(true) and will enable it. -func (p *Policy) AddTargetBlankToFullyQualifiedLinks(require bool) *Policy { - - p.addTargetBlankToFullyQualifiedLinks = require - p.requireParseableURLs = true - - return p -} - -// RequireParseableURLs will result in all URLs requiring that they be parseable -// by "net/url" url.Parse() -// This applies to: -// - a.href -// - area.href -// - blockquote.cite -// - img.src -// - link.href -// - script.src -func (p *Policy) RequireParseableURLs(require bool) *Policy { - - p.requireParseableURLs = require - - return p -} - -// AllowRelativeURLs enables RequireParseableURLs and then permits URLs that -// are parseable, have no schema information and url.IsAbs() returns false -// This permits local URLs -func (p *Policy) AllowRelativeURLs(require bool) *Policy { - - p.RequireParseableURLs(true) - p.allowRelativeURLs = require - - return p -} - -// AllowURLSchemes will append URL schemes to the allowlist -// Example: p.AllowURLSchemes("mailto", "http", "https") -func (p *Policy) AllowURLSchemes(schemes ...string) *Policy { - p.init() - - p.RequireParseableURLs(true) - - for _, scheme := range schemes { - scheme = strings.ToLower(scheme) - - // Allow all URLs with matching scheme. - p.allowURLSchemes[scheme] = nil - } - - return p -} - -// AllowURLSchemeWithCustomPolicy will append URL schemes with -// a custom URL policy to the allowlist. -// Only the URLs with matching schema and urlPolicy(url) -// returning true will be allowed. -func (p *Policy) AllowURLSchemeWithCustomPolicy( - scheme string, - urlPolicy func(url *url.URL) (allowUrl bool), -) *Policy { - - p.init() - - p.RequireParseableURLs(true) - - scheme = strings.ToLower(scheme) - - p.allowURLSchemes[scheme] = append(p.allowURLSchemes[scheme], urlPolicy) - - return p -} - -// RequireSandboxOnIFrame will result in all iframe tags having a sandbox="" tag -// Any sandbox values not specified here will be filtered from the generated HTML -func (p *Policy) RequireSandboxOnIFrame(vals ...SandboxValue) { - p.requireSandboxOnIFrame = make(map[string]bool) - - for _, val := range vals { - switch SandboxValue(val) { - case SandboxAllowDownloads: - p.requireSandboxOnIFrame["allow-downloads"] = true - - case SandboxAllowDownloadsWithoutUserActivation: - p.requireSandboxOnIFrame["allow-downloads-without-user-activation"] = true - - case SandboxAllowForms: - p.requireSandboxOnIFrame["allow-forms"] = true - - case SandboxAllowModals: - p.requireSandboxOnIFrame["allow-modals"] = true - - case SandboxAllowOrientationLock: - p.requireSandboxOnIFrame["allow-orientation-lock"] = true - - case SandboxAllowPointerLock: - p.requireSandboxOnIFrame["allow-pointer-lock"] = true - - case SandboxAllowPopups: - p.requireSandboxOnIFrame["allow-popups"] = true - - case SandboxAllowPopupsToEscapeSandbox: - p.requireSandboxOnIFrame["allow-popups-to-escape-sandbox"] = true - - case SandboxAllowPresentation: - p.requireSandboxOnIFrame["allow-presentation"] = true - - case SandboxAllowSameOrigin: - p.requireSandboxOnIFrame["allow-same-origin"] = true - - case SandboxAllowScripts: - p.requireSandboxOnIFrame["allow-scripts"] = true - - case SandboxAllowStorageAccessByUserActivation: - p.requireSandboxOnIFrame["allow-storage-access-by-user-activation"] = true - - case SandboxAllowTopNavigation: - p.requireSandboxOnIFrame["allow-top-navigation"] = true - - case SandboxAllowTopNavigationByUserActivation: - p.requireSandboxOnIFrame["allow-top-navigation-by-user-activation"] = true - } - } -} - -// AddSpaceWhenStrippingTag states whether to add a single space " " when -// removing tags that are not allowed by the policy. -// -// This is useful if you expect to strip tags in dense markup and may lose the -// value of whitespace. -// -// For example: "<p>Hello</p><p>World</p>"" would be sanitized to "HelloWorld" -// with the default value of false, but you may wish to sanitize this to -// " Hello World " by setting AddSpaceWhenStrippingTag to true as this would -// retain the intent of the text. -func (p *Policy) AddSpaceWhenStrippingTag(allow bool) *Policy { - - p.addSpaces = allow - - return p -} - -// SkipElementsContent adds the HTML elements whose tags is needed to be removed -// with its content. -func (p *Policy) SkipElementsContent(names ...string) *Policy { - - p.init() - - for _, element := range names { - element = strings.ToLower(element) - - if _, ok := p.setOfElementsToSkipContent[element]; !ok { - p.setOfElementsToSkipContent[element] = struct{}{} - } - } - - return p -} - -// AllowElementsContent marks the HTML elements whose content should be -// retained after removing the tag. -func (p *Policy) AllowElementsContent(names ...string) *Policy { - - p.init() - - for _, element := range names { - delete(p.setOfElementsToSkipContent, strings.ToLower(element)) - } - - return p -} - -// AllowUnsafe permits fundamentally unsafe elements. -// -// If false (default) then elements such as `style` and `script` will not be -// permitted even if declared in a policy. These elements when combined with -// untrusted input cannot be safely handled by bluemonday at this point in -// time. -// -// If true then `style` and `script` would be permitted by bluemonday if a -// policy declares them. However this is not recommended under any circumstance -// and can lead to XSS being rendered thus defeating the purpose of using a -// HTML sanitizer. -func (p *Policy) AllowUnsafe(allowUnsafe bool) *Policy { - p.init() - p.allowUnsafe = allowUnsafe - return p -} - -// addDefaultElementsWithoutAttrs adds the HTML elements that we know are valid -// without any attributes to an internal map. -// i.e. we know that <table> is valid, but <bdo> isn't valid as the "dir" attr -// is mandatory -func (p *Policy) addDefaultElementsWithoutAttrs() { - p.init() - - p.setOfElementsAllowedWithoutAttrs["abbr"] = struct{}{} - p.setOfElementsAllowedWithoutAttrs["acronym"] = struct{}{} - p.setOfElementsAllowedWithoutAttrs["address"] = struct{}{} - p.setOfElementsAllowedWithoutAttrs["article"] = struct{}{} - p.setOfElementsAllowedWithoutAttrs["aside"] = struct{}{} - p.setOfElementsAllowedWithoutAttrs["audio"] = struct{}{} - p.setOfElementsAllowedWithoutAttrs["b"] = struct{}{} - p.setOfElementsAllowedWithoutAttrs["bdi"] = struct{}{} - p.setOfElementsAllowedWithoutAttrs["blockquote"] = struct{}{} - p.setOfElementsAllowedWithoutAttrs["body"] = struct{}{} - p.setOfElementsAllowedWithoutAttrs["br"] = struct{}{} - p.setOfElementsAllowedWithoutAttrs["button"] = struct{}{} - p.setOfElementsAllowedWithoutAttrs["canvas"] = struct{}{} - p.setOfElementsAllowedWithoutAttrs["caption"] = struct{}{} - p.setOfElementsAllowedWithoutAttrs["center"] = struct{}{} - p.setOfElementsAllowedWithoutAttrs["cite"] = struct{}{} - p.setOfElementsAllowedWithoutAttrs["code"] = struct{}{} - p.setOfElementsAllowedWithoutAttrs["col"] = struct{}{} - p.setOfElementsAllowedWithoutAttrs["colgroup"] = struct{}{} - p.setOfElementsAllowedWithoutAttrs["datalist"] = struct{}{} - p.setOfElementsAllowedWithoutAttrs["dd"] = struct{}{} - p.setOfElementsAllowedWithoutAttrs["del"] = struct{}{} - p.setOfElementsAllowedWithoutAttrs["details"] = struct{}{} - p.setOfElementsAllowedWithoutAttrs["dfn"] = struct{}{} - p.setOfElementsAllowedWithoutAttrs["div"] = struct{}{} - p.setOfElementsAllowedWithoutAttrs["dl"] = struct{}{} - p.setOfElementsAllowedWithoutAttrs["dt"] = struct{}{} - p.setOfElementsAllowedWithoutAttrs["em"] = struct{}{} - p.setOfElementsAllowedWithoutAttrs["fieldset"] = struct{}{} - p.setOfElementsAllowedWithoutAttrs["figcaption"] = struct{}{} - p.setOfElementsAllowedWithoutAttrs["figure"] = struct{}{} - p.setOfElementsAllowedWithoutAttrs["footer"] = struct{}{} - p.setOfElementsAllowedWithoutAttrs["h1"] = struct{}{} - p.setOfElementsAllowedWithoutAttrs["h2"] = struct{}{} - p.setOfElementsAllowedWithoutAttrs["h3"] = struct{}{} - p.setOfElementsAllowedWithoutAttrs["h4"] = struct{}{} - p.setOfElementsAllowedWithoutAttrs["h5"] = struct{}{} - p.setOfElementsAllowedWithoutAttrs["h6"] = struct{}{} - p.setOfElementsAllowedWithoutAttrs["head"] = struct{}{} - p.setOfElementsAllowedWithoutAttrs["header"] = struct{}{} - p.setOfElementsAllowedWithoutAttrs["hgroup"] = struct{}{} - p.setOfElementsAllowedWithoutAttrs["hr"] = struct{}{} - p.setOfElementsAllowedWithoutAttrs["html"] = struct{}{} - p.setOfElementsAllowedWithoutAttrs["i"] = struct{}{} - p.setOfElementsAllowedWithoutAttrs["ins"] = struct{}{} - p.setOfElementsAllowedWithoutAttrs["kbd"] = struct{}{} - p.setOfElementsAllowedWithoutAttrs["li"] = struct{}{} - p.setOfElementsAllowedWithoutAttrs["mark"] = struct{}{} - p.setOfElementsAllowedWithoutAttrs["marquee"] = struct{}{} - p.setOfElementsAllowedWithoutAttrs["nav"] = struct{}{} - p.setOfElementsAllowedWithoutAttrs["ol"] = struct{}{} - p.setOfElementsAllowedWithoutAttrs["optgroup"] = struct{}{} - p.setOfElementsAllowedWithoutAttrs["option"] = struct{}{} - p.setOfElementsAllowedWithoutAttrs["p"] = struct{}{} - p.setOfElementsAllowedWithoutAttrs["picture"] = struct{}{} - p.setOfElementsAllowedWithoutAttrs["pre"] = struct{}{} - p.setOfElementsAllowedWithoutAttrs["q"] = struct{}{} - p.setOfElementsAllowedWithoutAttrs["rp"] = struct{}{} - p.setOfElementsAllowedWithoutAttrs["rt"] = struct{}{} - p.setOfElementsAllowedWithoutAttrs["ruby"] = struct{}{} - p.setOfElementsAllowedWithoutAttrs["s"] = struct{}{} - p.setOfElementsAllowedWithoutAttrs["samp"] = struct{}{} - p.setOfElementsAllowedWithoutAttrs["script"] = struct{}{} - p.setOfElementsAllowedWithoutAttrs["section"] = struct{}{} - p.setOfElementsAllowedWithoutAttrs["select"] = struct{}{} - p.setOfElementsAllowedWithoutAttrs["small"] = struct{}{} - p.setOfElementsAllowedWithoutAttrs["span"] = struct{}{} - p.setOfElementsAllowedWithoutAttrs["strike"] = struct{}{} - p.setOfElementsAllowedWithoutAttrs["strong"] = struct{}{} - p.setOfElementsAllowedWithoutAttrs["style"] = struct{}{} - p.setOfElementsAllowedWithoutAttrs["sub"] = struct{}{} - p.setOfElementsAllowedWithoutAttrs["summary"] = struct{}{} - p.setOfElementsAllowedWithoutAttrs["sup"] = struct{}{} - p.setOfElementsAllowedWithoutAttrs["svg"] = struct{}{} - p.setOfElementsAllowedWithoutAttrs["table"] = struct{}{} - p.setOfElementsAllowedWithoutAttrs["tbody"] = struct{}{} - p.setOfElementsAllowedWithoutAttrs["td"] = struct{}{} - p.setOfElementsAllowedWithoutAttrs["textarea"] = struct{}{} - p.setOfElementsAllowedWithoutAttrs["tfoot"] = struct{}{} - p.setOfElementsAllowedWithoutAttrs["th"] = struct{}{} - p.setOfElementsAllowedWithoutAttrs["thead"] = struct{}{} - p.setOfElementsAllowedWithoutAttrs["title"] = struct{}{} - p.setOfElementsAllowedWithoutAttrs["time"] = struct{}{} - p.setOfElementsAllowedWithoutAttrs["tr"] = struct{}{} - p.setOfElementsAllowedWithoutAttrs["tt"] = struct{}{} - p.setOfElementsAllowedWithoutAttrs["u"] = struct{}{} - p.setOfElementsAllowedWithoutAttrs["ul"] = struct{}{} - p.setOfElementsAllowedWithoutAttrs["var"] = struct{}{} - p.setOfElementsAllowedWithoutAttrs["video"] = struct{}{} - p.setOfElementsAllowedWithoutAttrs["wbr"] = struct{}{} - -} - -// addDefaultSkipElementContent adds the HTML elements that we should skip -// rendering the character content of, if the element itself is not allowed. -// This is all character data that the end user would not normally see. -// i.e. if we exclude a <script> tag then we shouldn't render the JavaScript or -// anything else until we encounter the closing </script> tag. -func (p *Policy) addDefaultSkipElementContent() { - p.init() - - p.setOfElementsToSkipContent["frame"] = struct{}{} - p.setOfElementsToSkipContent["frameset"] = struct{}{} - p.setOfElementsToSkipContent["iframe"] = struct{}{} - p.setOfElementsToSkipContent["noembed"] = struct{}{} - p.setOfElementsToSkipContent["noframes"] = struct{}{} - p.setOfElementsToSkipContent["noscript"] = struct{}{} - p.setOfElementsToSkipContent["nostyle"] = struct{}{} - p.setOfElementsToSkipContent["object"] = struct{}{} - p.setOfElementsToSkipContent["script"] = struct{}{} - p.setOfElementsToSkipContent["style"] = struct{}{} - p.setOfElementsToSkipContent["title"] = struct{}{} -} diff --git a/vendor/github.com/microcosm-cc/bluemonday/sanitize.go b/vendor/github.com/microcosm-cc/bluemonday/sanitize.go deleted file mode 100644 index 47c31f7da..000000000 --- a/vendor/github.com/microcosm-cc/bluemonday/sanitize.go +++ /dev/null @@ -1,1096 +0,0 @@ -// Copyright (c) 2014, David Kitchen <david@buro9.com> -// -// All rights reserved. -// -// Redistribution and use in source and binary forms, with or without -// modification, are permitted provided that the following conditions are met: -// -// * Redistributions of source code must retain the above copyright notice, this -// list of conditions and the following disclaimer. -// -// * Redistributions in binary form must reproduce the above copyright notice, -// this list of conditions and the following disclaimer in the documentation -// and/or other materials provided with the distribution. -// -// * Neither the name of the organisation (Microcosm) nor the names of its -// contributors may be used to endorse or promote products derived from -// this software without specific prior written permission. -// -// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" -// AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -// IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE -// DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE -// FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -// DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR -// SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER -// CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, -// OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE -// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - -package bluemonday - -import ( - "bytes" - "fmt" - "io" - "net/url" - "regexp" - "strconv" - "strings" - - "golang.org/x/net/html" - - "github.com/aymerick/douceur/parser" -) - -var ( - dataAttribute = regexp.MustCompile("^data-.+") - dataAttributeXMLPrefix = regexp.MustCompile("^xml.+") - dataAttributeInvalidChars = regexp.MustCompile("[A-Z;]+") - cssUnicodeChar = regexp.MustCompile(`\\[0-9a-f]{1,6} ?`) - dataURIbase64Prefix = regexp.MustCompile(`^data:[^,]*;base64,`) -) - -// Sanitize takes a string that contains a HTML fragment or document and applies -// the given policy allowlist. -// -// It returns a HTML string that has been sanitized by the policy or an empty -// string if an error has occurred (most likely as a consequence of extremely -// malformed input) -func (p *Policy) Sanitize(s string) string { - if strings.TrimSpace(s) == "" { - return s - } - - return p.sanitizeWithBuff(strings.NewReader(s)).String() -} - -// SanitizeBytes takes a []byte that contains a HTML fragment or document and applies -// the given policy allowlist. -// -// It returns a []byte containing the HTML that has been sanitized by the policy -// or an empty []byte if an error has occurred (most likely as a consequence of -// extremely malformed input) -func (p *Policy) SanitizeBytes(b []byte) []byte { - if len(bytes.TrimSpace(b)) == 0 { - return b - } - - return p.sanitizeWithBuff(bytes.NewReader(b)).Bytes() -} - -// SanitizeReader takes an io.Reader that contains a HTML fragment or document -// and applies the given policy allowlist. -// -// It returns a bytes.Buffer containing the HTML that has been sanitized by the -// policy. Errors during sanitization will merely return an empty result. -func (p *Policy) SanitizeReader(r io.Reader) *bytes.Buffer { - return p.sanitizeWithBuff(r) -} - -// SanitizeReaderToWriter takes an io.Reader that contains a HTML fragment or document -// and applies the given policy allowlist and writes to the provided writer returning -// an error if there is one. -func (p *Policy) SanitizeReaderToWriter(r io.Reader, w io.Writer) error { - return p.sanitize(r, w) -} - -// Query represents a single part of the query string, a query param -type Query struct { - Key string - Value string - HasValue bool -} - -func parseQuery(query string) (values []Query, err error) { - // This is essentially a copy of parseQuery from - // https://golang.org/src/net/url/url.go but adjusted to build our values - // based on our type, which we need to preserve the ordering of the query - // string - for query != "" { - key := query - if i := strings.IndexAny(key, "&;"); i >= 0 { - key, query = key[:i], key[i+1:] - } else { - query = "" - } - if key == "" { - continue - } - value := "" - hasValue := false - if i := strings.Index(key, "="); i >= 0 { - key, value = key[:i], key[i+1:] - hasValue = true - } - key, err1 := url.QueryUnescape(key) - if err1 != nil { - if err == nil { - err = err1 - } - continue - } - value, err1 = url.QueryUnescape(value) - if err1 != nil { - if err == nil { - err = err1 - } - continue - } - values = append(values, Query{ - Key: key, - Value: value, - HasValue: hasValue, - }) - } - return values, err -} - -func encodeQueries(queries []Query) string { - var buff bytes.Buffer - for i, query := range queries { - buff.WriteString(url.QueryEscape(query.Key)) - if query.HasValue { - buff.WriteString("=") - buff.WriteString(url.QueryEscape(query.Value)) - } - if i < len(queries)-1 { - buff.WriteString("&") - } - } - return buff.String() -} - -func sanitizedURL(val string) (string, error) { - u, err := url.Parse(val) - if err != nil { - return "", err - } - - // we use parseQuery but not u.Query to keep the order not change because - // url.Values is a map which has a random order. - queryValues, err := parseQuery(u.RawQuery) - if err != nil { - return "", err - } - // sanitize the url query params - for i, query := range queryValues { - queryValues[i].Key = html.EscapeString(query.Key) - } - u.RawQuery = encodeQueries(queryValues) - // u.String() will also sanitize host/scheme/user/pass - return u.String(), nil -} - -// Performs the actual sanitization process. -func (p *Policy) sanitizeWithBuff(r io.Reader) *bytes.Buffer { - var buff bytes.Buffer - if err := p.sanitize(r, &buff); err != nil { - return &bytes.Buffer{} - } - return &buff -} - -type asStringWriter struct { - io.Writer -} - -func (a *asStringWriter) WriteString(s string) (int, error) { - return a.Write([]byte(s)) -} - -func (p *Policy) sanitize(r io.Reader, w io.Writer) error { - // It is possible that the developer has created the policy via: - // p := bluemonday.Policy{} - // rather than: - // p := bluemonday.NewPolicy() - // If this is the case, and if they haven't yet triggered an action that - // would initialize the maps, then we need to do that. - p.init() - - buff, ok := w.(stringWriterWriter) - if !ok { - buff = &asStringWriter{w} - } - - var ( - skipElementContent bool - skippingElementsCount int64 - skipClosingTag bool - closingTagToSkipStack []string - mostRecentlyStartedToken string - ) - - tokenizer := html.NewTokenizer(r) - for { - if tokenizer.Next() == html.ErrorToken { - err := tokenizer.Err() - if err == io.EOF { - // End of input means end of processing - return nil - } - - // Raw tokenizer error - return err - } - - token := tokenizer.Token() - switch token.Type { - case html.DoctypeToken: - - // DocType is not handled as there is no safe parsing mechanism - // provided by golang.org/x/net/html for the content, and this can - // be misused to insert HTML tags that are not then sanitized - // - // One might wish to recursively sanitize here using the same policy - // but I will need to do some further testing before considering - // this. - - case html.CommentToken: - - // Comments are ignored by default - if p.allowComments { - // But if allowed then write the comment out as-is - buff.WriteString(token.String()) - } - - case html.StartTagToken: - - mostRecentlyStartedToken = normaliseElementName(token.Data) - - switch normaliseElementName(token.Data) { - case `script`: - if !p.allowUnsafe { - continue - } - case `style`: - if !p.allowUnsafe { - continue - } - } - - aps, ok := p.elsAndAttrs[token.Data] - if !ok { - aa, matched := p.matchRegex(token.Data) - if !matched { - if _, ok := p.setOfElementsToSkipContent[token.Data]; ok { - skipElementContent = true - skippingElementsCount++ - } - if p.addSpaces { - if _, err := buff.WriteString(" "); err != nil { - return err - } - } - break - } - aps = aa - } - if len(token.Attr) != 0 { - token.Attr = p.sanitizeAttrs(token.Data, token.Attr, aps) - } - - if len(token.Attr) == 0 { - if !p.allowNoAttrs(token.Data) { - skipClosingTag = true - closingTagToSkipStack = append(closingTagToSkipStack, token.Data) - if p.addSpaces { - if _, err := buff.WriteString(" "); err != nil { - return err - } - } - break - } - } - - if !skipElementContent { - if _, err := buff.WriteString(token.String()); err != nil { - return err - } - } - - case html.EndTagToken: - - if mostRecentlyStartedToken == normaliseElementName(token.Data) { - mostRecentlyStartedToken = "" - } - - switch normaliseElementName(token.Data) { - case `script`: - if !p.allowUnsafe { - continue - } - case `style`: - if !p.allowUnsafe { - continue - } - } - - if skipClosingTag && closingTagToSkipStack[len(closingTagToSkipStack)-1] == token.Data { - closingTagToSkipStack = closingTagToSkipStack[:len(closingTagToSkipStack)-1] - if len(closingTagToSkipStack) == 0 { - skipClosingTag = false - } - if p.addSpaces { - if _, err := buff.WriteString(" "); err != nil { - return err - } - } - break - } - if _, ok := p.elsAndAttrs[token.Data]; !ok { - match := false - for regex := range p.elsMatchingAndAttrs { - if regex.MatchString(token.Data) { - skipElementContent = false - match = true - break - } - } - if _, ok := p.setOfElementsToSkipContent[token.Data]; ok && !match { - skippingElementsCount-- - if skippingElementsCount == 0 { - skipElementContent = false - } - } - if !match { - if p.addSpaces { - if _, err := buff.WriteString(" "); err != nil { - return err - } - } - break - } - } - - if !skipElementContent { - if _, err := buff.WriteString(token.String()); err != nil { - return err - } - } - - case html.SelfClosingTagToken: - - switch normaliseElementName(token.Data) { - case `script`: - if !p.allowUnsafe { - continue - } - case `style`: - if !p.allowUnsafe { - continue - } - } - - aps, ok := p.elsAndAttrs[token.Data] - if !ok { - aa, matched := p.matchRegex(token.Data) - if !matched { - if p.addSpaces && !matched { - if _, err := buff.WriteString(" "); err != nil { - return err - } - } - break - } - aps = aa - } - - if len(token.Attr) != 0 { - token.Attr = p.sanitizeAttrs(token.Data, token.Attr, aps) - } - - if len(token.Attr) == 0 && !p.allowNoAttrs(token.Data) { - if p.addSpaces { - if _, err := buff.WriteString(" "); err != nil { - return err - } - } - break - } - if !skipElementContent { - if _, err := buff.WriteString(token.String()); err != nil { - return err - } - } - - case html.TextToken: - - if !skipElementContent { - switch mostRecentlyStartedToken { - case `script`: - // not encouraged, but if a policy allows JavaScript we - // should not HTML escape it as that would break the output - // - // requires p.AllowUnsafe() - if p.allowUnsafe { - if _, err := buff.WriteString(token.Data); err != nil { - return err - } - } - case "style": - // not encouraged, but if a policy allows CSS styles we - // should not HTML escape it as that would break the output - // - // requires p.AllowUnsafe() - if p.allowUnsafe { - if _, err := buff.WriteString(token.Data); err != nil { - return err - } - } - default: - // HTML escape the text - if _, err := buff.WriteString(token.String()); err != nil { - return err - } - } - } - - default: - // A token that didn't exist in the html package when we wrote this - return fmt.Errorf("unknown token: %v", token) - } - } -} - -// sanitizeAttrs takes a set of element attribute policies and the global -// attribute policies and applies them to the []html.Attribute returning a set -// of html.Attributes that match the policies -func (p *Policy) sanitizeAttrs( - elementName string, - attrs []html.Attribute, - aps map[string][]attrPolicy, -) []html.Attribute { - - if len(attrs) == 0 { - return attrs - } - - hasStylePolicies := false - sps, elementHasStylePolicies := p.elsAndStyles[elementName] - if len(p.globalStyles) > 0 || (elementHasStylePolicies && len(sps) > 0) { - hasStylePolicies = true - } - // no specific element policy found, look for a pattern match - if !hasStylePolicies { - for k, v := range p.elsMatchingAndStyles { - if k.MatchString(elementName) { - if len(v) > 0 { - hasStylePolicies = true - break - } - } - } - } - - // Builds a new attribute slice based on the whether the attribute has been - // allowed explicitly or globally. - cleanAttrs := []html.Attribute{} -attrsLoop: - for _, htmlAttr := range attrs { - if p.allowDataAttributes { - // If we see a data attribute, let it through. - if isDataAttribute(htmlAttr.Key) { - cleanAttrs = append(cleanAttrs, htmlAttr) - continue - } - } - // Is this a "style" attribute, and if so, do we need to sanitize it? - if htmlAttr.Key == "style" && hasStylePolicies { - htmlAttr = p.sanitizeStyles(htmlAttr, elementName) - if htmlAttr.Val == "" { - // We've sanitized away any and all styles; don't bother to - // output the style attribute (even if it's allowed) - continue - } else { - cleanAttrs = append(cleanAttrs, htmlAttr) - continue - } - } - - // Is there an element specific attribute policy that applies? - if apl, ok := aps[htmlAttr.Key]; ok { - for _, ap := range apl { - if ap.regexp != nil { - if ap.regexp.MatchString(htmlAttr.Val) { - cleanAttrs = append(cleanAttrs, htmlAttr) - continue attrsLoop - } - } else { - cleanAttrs = append(cleanAttrs, htmlAttr) - continue attrsLoop - } - } - } - - // Is there a global attribute policy that applies? - if apl, ok := p.globalAttrs[htmlAttr.Key]; ok { - for _, ap := range apl { - if ap.regexp != nil { - if ap.regexp.MatchString(htmlAttr.Val) { - cleanAttrs = append(cleanAttrs, htmlAttr) - continue attrsLoop - } - } else { - cleanAttrs = append(cleanAttrs, htmlAttr) - continue attrsLoop - } - } - } - } - - if len(cleanAttrs) == 0 { - // If nothing was allowed, let's get out of here - return cleanAttrs - } - // cleanAttrs now contains the attributes that are permitted - - if linkable(elementName) { - if p.requireParseableURLs { - // Ensure URLs are parseable: - // - a.href - // - area.href - // - link.href - // - blockquote.cite - // - q.cite - // - img.src - // - script.src - tmpAttrs := []html.Attribute{} - for _, htmlAttr := range cleanAttrs { - switch elementName { - case "a", "area", "base", "link": - if htmlAttr.Key == "href" { - if u, ok := p.validURL(htmlAttr.Val); ok { - htmlAttr.Val = u - tmpAttrs = append(tmpAttrs, htmlAttr) - } - break - } - tmpAttrs = append(tmpAttrs, htmlAttr) - case "blockquote", "del", "ins", "q": - if htmlAttr.Key == "cite" { - if u, ok := p.validURL(htmlAttr.Val); ok { - htmlAttr.Val = u - tmpAttrs = append(tmpAttrs, htmlAttr) - } - break - } - tmpAttrs = append(tmpAttrs, htmlAttr) - case "audio", "embed", "iframe", "img", "script", "source", "track", "video": - if htmlAttr.Key == "src" { - if u, ok := p.validURL(htmlAttr.Val); ok { - if p.srcRewriter != nil { - parsedURL, err := url.Parse(u) - if err != nil { - fmt.Println(err) - } - p.srcRewriter(parsedURL) - u = parsedURL.String() - } - htmlAttr.Val = u - tmpAttrs = append(tmpAttrs, htmlAttr) - } - break - } - tmpAttrs = append(tmpAttrs, htmlAttr) - default: - tmpAttrs = append(tmpAttrs, htmlAttr) - } - } - cleanAttrs = tmpAttrs - } - - if (p.requireNoFollow || - p.requireNoFollowFullyQualifiedLinks || - p.requireNoReferrer || - p.requireNoReferrerFullyQualifiedLinks || - p.addTargetBlankToFullyQualifiedLinks) && - len(cleanAttrs) > 0 { - - // Add rel="nofollow" if a "href" exists - switch elementName { - case "a", "area", "base", "link": - var hrefFound bool - var externalLink bool - for _, htmlAttr := range cleanAttrs { - if htmlAttr.Key == "href" { - hrefFound = true - - u, err := url.Parse(htmlAttr.Val) - if err != nil { - continue - } - if u.Host != "" { - externalLink = true - } - - continue - } - } - - if hrefFound { - var ( - noFollowFound bool - noReferrerFound bool - targetBlankFound bool - ) - - addNoFollow := (p.requireNoFollow || - externalLink && p.requireNoFollowFullyQualifiedLinks) - - addNoReferrer := (p.requireNoReferrer || - externalLink && p.requireNoReferrerFullyQualifiedLinks) - - addTargetBlank := (externalLink && - p.addTargetBlankToFullyQualifiedLinks) - - tmpAttrs := []html.Attribute{} - for _, htmlAttr := range cleanAttrs { - - var appended bool - if htmlAttr.Key == "rel" && (addNoFollow || addNoReferrer) { - - if addNoFollow && !strings.Contains(htmlAttr.Val, "nofollow") { - htmlAttr.Val += " nofollow" - } - if addNoReferrer && !strings.Contains(htmlAttr.Val, "noreferrer") { - htmlAttr.Val += " noreferrer" - } - noFollowFound = addNoFollow - noReferrerFound = addNoReferrer - tmpAttrs = append(tmpAttrs, htmlAttr) - appended = true - } - - if elementName == "a" && htmlAttr.Key == "target" { - if htmlAttr.Val == "_blank" { - targetBlankFound = true - } - if addTargetBlank && !targetBlankFound { - htmlAttr.Val = "_blank" - targetBlankFound = true - tmpAttrs = append(tmpAttrs, htmlAttr) - appended = true - } - } - - if !appended { - tmpAttrs = append(tmpAttrs, htmlAttr) - } - } - if noFollowFound || noReferrerFound || targetBlankFound { - cleanAttrs = tmpAttrs - } - - if (addNoFollow && !noFollowFound) || (addNoReferrer && !noReferrerFound) { - rel := html.Attribute{} - rel.Key = "rel" - if addNoFollow { - rel.Val = "nofollow" - } - if addNoReferrer { - if rel.Val != "" { - rel.Val += " " - } - rel.Val += "noreferrer" - } - cleanAttrs = append(cleanAttrs, rel) - } - - if elementName == "a" && addTargetBlank && !targetBlankFound { - rel := html.Attribute{} - rel.Key = "target" - rel.Val = "_blank" - targetBlankFound = true - cleanAttrs = append(cleanAttrs, rel) - } - - if targetBlankFound { - // target="_blank" has a security risk that allows the - // opened window/tab to issue JavaScript calls against - // window.opener, which in effect allow the destination - // of the link to control the source: - // https://dev.to/ben/the-targetblank-vulnerability-by-example - // - // To mitigate this risk, we need to add a specific rel - // attribute if it is not already present. - // rel="noopener" - // - // Unfortunately this is processing the rel twice (we - // already looked at it earlier ^^) as we cannot be sure - // of the ordering of the href and rel, and whether we - // have fully satisfied that we need to do this. This - // double processing only happens *if* target="_blank" - // is true. - var noOpenerAdded bool - tmpAttrs := []html.Attribute{} - for _, htmlAttr := range cleanAttrs { - var appended bool - if htmlAttr.Key == "rel" { - if strings.Contains(htmlAttr.Val, "noopener") { - noOpenerAdded = true - tmpAttrs = append(tmpAttrs, htmlAttr) - } else { - htmlAttr.Val += " noopener" - noOpenerAdded = true - tmpAttrs = append(tmpAttrs, htmlAttr) - } - - appended = true - } - if !appended { - tmpAttrs = append(tmpAttrs, htmlAttr) - } - } - if noOpenerAdded { - cleanAttrs = tmpAttrs - } else { - // rel attr was not found, or else noopener would - // have been added already - rel := html.Attribute{} - rel.Key = "rel" - rel.Val = "noopener" - cleanAttrs = append(cleanAttrs, rel) - } - - } - } - default: - } - } - } - - if p.requireCrossOriginAnonymous && len(cleanAttrs) > 0 { - switch elementName { - case "audio", "img", "link", "script", "video": - var crossOriginFound bool - for i, htmlAttr := range cleanAttrs { - if htmlAttr.Key == "crossorigin" { - crossOriginFound = true - cleanAttrs[i].Val = "anonymous" - } - } - - if !crossOriginFound { - crossOrigin := html.Attribute{} - crossOrigin.Key = "crossorigin" - crossOrigin.Val = "anonymous" - cleanAttrs = append(cleanAttrs, crossOrigin) - } - } - } - - if p.requireSandboxOnIFrame != nil && elementName == "iframe" { - var sandboxFound bool - for i, htmlAttr := range cleanAttrs { - if htmlAttr.Key == "sandbox" { - sandboxFound = true - var cleanVals []string - cleanValsSet := make(map[string]bool) - for _, val := range strings.Fields(htmlAttr.Val) { - if p.requireSandboxOnIFrame[val] { - if !cleanValsSet[val] { - cleanVals = append(cleanVals, val) - cleanValsSet[val] = true - } - } - } - cleanAttrs[i].Val = strings.Join(cleanVals, " ") - } - } - - if !sandboxFound { - sandbox := html.Attribute{} - sandbox.Key = "sandbox" - sandbox.Val = "" - cleanAttrs = append(cleanAttrs, sandbox) - } - } - - return cleanAttrs -} - -func (p *Policy) sanitizeStyles(attr html.Attribute, elementName string) html.Attribute { - sps := p.elsAndStyles[elementName] - if len(sps) == 0 { - sps = map[string][]stylePolicy{} - // check for any matching elements, if we don't already have a policy found - // if multiple matches are found they will be overwritten, it's best - // to not have overlapping matchers - for regex, policies := range p.elsMatchingAndStyles { - if regex.MatchString(elementName) { - for k, v := range policies { - sps[k] = append(sps[k], v...) - } - } - } - } - - //Add semi-colon to end to fix parsing issue - attr.Val = strings.TrimRight(attr.Val, " ") - if len(attr.Val) > 0 && attr.Val[len(attr.Val)-1] != ';' { - attr.Val = attr.Val + ";" - } - decs, err := parser.ParseDeclarations(attr.Val) - if err != nil { - attr.Val = "" - return attr - } - clean := []string{} - prefixes := []string{"-webkit-", "-moz-", "-ms-", "-o-", "mso-", "-xv-", "-atsc-", "-wap-", "-khtml-", "prince-", "-ah-", "-hp-", "-ro-", "-rim-", "-tc-"} - -decLoop: - for _, dec := range decs { - tempProperty := strings.ToLower(dec.Property) - tempValue := removeUnicode(strings.ToLower(dec.Value)) - for _, i := range prefixes { - tempProperty = strings.TrimPrefix(tempProperty, i) - } - if spl, ok := sps[tempProperty]; ok { - for _, sp := range spl { - if sp.handler != nil { - if sp.handler(tempValue) { - clean = append(clean, dec.Property+": "+dec.Value) - continue decLoop - } - } else if len(sp.enum) > 0 { - if stringInSlice(tempValue, sp.enum) { - clean = append(clean, dec.Property+": "+dec.Value) - continue decLoop - } - } else if sp.regexp != nil { - if sp.regexp.MatchString(tempValue) { - clean = append(clean, dec.Property+": "+dec.Value) - continue decLoop - } - } - } - } - if spl, ok := p.globalStyles[tempProperty]; ok { - for _, sp := range spl { - if sp.handler != nil { - if sp.handler(tempValue) { - clean = append(clean, dec.Property+": "+dec.Value) - continue decLoop - } - } else if len(sp.enum) > 0 { - if stringInSlice(tempValue, sp.enum) { - clean = append(clean, dec.Property+": "+dec.Value) - continue decLoop - } - } else if sp.regexp != nil { - if sp.regexp.MatchString(tempValue) { - clean = append(clean, dec.Property+": "+dec.Value) - continue decLoop - } - } - } - } - } - if len(clean) > 0 { - attr.Val = strings.Join(clean, "; ") - } else { - attr.Val = "" - } - return attr -} - -func (p *Policy) allowNoAttrs(elementName string) bool { - _, ok := p.setOfElementsAllowedWithoutAttrs[elementName] - if !ok { - for _, r := range p.setOfElementsMatchingAllowedWithoutAttrs { - if r.MatchString(elementName) { - ok = true - break - } - } - } - return ok -} - -func (p *Policy) validURL(rawurl string) (string, bool) { - if p.requireParseableURLs { - // URLs are valid if when space is trimmed the URL is valid - rawurl = strings.TrimSpace(rawurl) - - // URLs cannot contain whitespace, unless it is a data-uri - if strings.Contains(rawurl, " ") || - strings.Contains(rawurl, "\t") || - strings.Contains(rawurl, "\n") { - if !strings.HasPrefix(rawurl, `data:`) { - return "", false - } - - // Remove \r and \n from base64 encoded data to pass url.Parse. - matched := dataURIbase64Prefix.FindString(rawurl) - if matched != "" { - rawurl = matched + strings.Replace( - strings.Replace( - rawurl[len(matched):], - "\r", - "", - -1, - ), - "\n", - "", - -1, - ) - } - } - - // URLs are valid if they parse - u, err := url.Parse(rawurl) - if err != nil { - return "", false - } - - if u.Scheme != "" { - urlPolicies, ok := p.allowURLSchemes[u.Scheme] - if !ok { - for _, r := range p.allowURLSchemeRegexps { - if r.MatchString(u.Scheme) { - return u.String(), true - } - } - - return "", false - } - - if len(urlPolicies) == 0 { - return u.String(), true - } - - for _, urlPolicy := range urlPolicies { - if urlPolicy(u) { - return u.String(), true - } - } - - return "", false - } - - if p.allowRelativeURLs { - if u.String() != "" { - return u.String(), true - } - } - - return "", false - } - - return rawurl, true -} - -func linkable(elementName string) bool { - switch elementName { - case "a", "area", "base", "link": - // elements that allow .href - return true - case "blockquote", "del", "ins", "q": - // elements that allow .cite - return true - case "audio", "embed", "iframe", "img", "input", "script", "track", "video": - // elements that allow .src - return true - default: - return false - } -} - -// stringInSlice returns true if needle exists in haystack -func stringInSlice(needle string, haystack []string) bool { - for _, straw := range haystack { - if strings.EqualFold(straw, needle) { - return true - } - } - return false -} - -func isDataAttribute(val string) bool { - if !dataAttribute.MatchString(val) { - return false - } - rest := strings.Split(val, "data-") - if len(rest) == 1 { - return false - } - // data-xml* is invalid. - if dataAttributeXMLPrefix.MatchString(rest[1]) { - return false - } - // no uppercase or semi-colons allowed. - if dataAttributeInvalidChars.MatchString(rest[1]) { - return false - } - return true -} - -func removeUnicode(value string) string { - substitutedValue := value - currentLoc := cssUnicodeChar.FindStringIndex(substitutedValue) - for currentLoc != nil { - - character := substitutedValue[currentLoc[0]+1 : currentLoc[1]] - character = strings.TrimSpace(character) - if len(character) < 4 { - character = strings.Repeat("0", 4-len(character)) + character - } else { - for len(character) > 4 { - if character[0] != '0' { - character = "" - break - } else { - character = character[1:] - } - } - } - character = "\\u" + character - translatedChar, err := strconv.Unquote(`"` + character + `"`) - translatedChar = strings.TrimSpace(translatedChar) - if err != nil { - return "" - } - substitutedValue = substitutedValue[0:currentLoc[0]] + translatedChar + substitutedValue[currentLoc[1]:] - currentLoc = cssUnicodeChar.FindStringIndex(substitutedValue) - } - return substitutedValue -} - -func (p *Policy) matchRegex(elementName string) (map[string][]attrPolicy, bool) { - aps := make(map[string][]attrPolicy, 0) - matched := false - for regex, attrs := range p.elsMatchingAndAttrs { - if regex.MatchString(elementName) { - matched = true - for k, v := range attrs { - aps[k] = append(aps[k], v...) - } - } - } - return aps, matched -} - -// normaliseElementName takes a HTML element like <script> which is user input -// and returns a lower case version of it that is immune to UTF-8 to ASCII -// conversion tricks (like the use of upper case cyrillic i scrÄ°pt which a -// strings.ToLower would convert to script). Instead this func will preserve -// all non-ASCII as their escaped equivalent, i.e. \u0130 which reveals the -// characters when lower cased -func normaliseElementName(str string) string { - // that useful QuoteToASCII put quote marks at the start and end - // so those are trimmed off - return strings.TrimSuffix( - strings.TrimPrefix( - strings.ToLower( - strconv.QuoteToASCII(str), - ), - `"`), - `"`, - ) -} - -type stringWriterWriter interface { - io.Writer - io.StringWriter -} |