p2yq6ufca
/
monkeyking
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'eec5d427a4'
${ noResults }
monkeyking/IPython/html/static/base/js/security.js

84 lines
2.6 KiB
Raw Blame History

//----------------------------------------------------------------------------
// Copyright (C) 2014 The IPython Development Team
//
// Distributed under the terms of the BSD License. The full license is in
// the file COPYING, distributed as part of this software.
//----------------------------------------------------------------------------
//============================================================================
// Utilities
//============================================================================
IPython.namespace('IPython.security');
IPython.security = (function (IPython) {
"use strict";
var utils = IPython.utils;
var noop = function (x) { return x; };
var cmp_tree = function (a, b) {
// compare two HTML trees
// only checks the tag structure is preserved,
// not any attributes or contents
if (a.length !== b.length) {
return false;
}
for (var i = a.length - 1; i >= 0; i--) {
if (a[i].tagName && b[i].tagName && a[i].tagName.toLowerCase() != b[i].tagName.toLowerCase()) {
return false;
}
}
var ac = a.children();
var bc = b.children();
if (ac.length === 0 && bc.length === 0) {
return true;
}
return cmp_tree(ac, bc);
};
var sanitize = function (html, log) {
// sanitize HTML
// returns a struct of
// {
// src: original_html,
// sanitized: the_sanitized_html,
// safe: bool // false if the sanitizer made any changes
// }
var result = {
src : html,
safe : true
};
var record_messages = function (msg, opts) {
console.log("HTML Sanitizer", msg, opts);
result.safe = false;
};
result.sanitized = window.html_sanitize(html, noop, noop, record_messages);
// caja can strip whole elements without logging,
// so double-check that node structure didn't change
if (result.safe) {
result.safe = cmp_tree($(result.sanitized), $(result.src));
}
return result;
};
var sanitize_html = function (html) {
// shorthand for str-to-str conversion, dropping the struct
return sanitize(html).sanitized;
};
var is_safe = function (html) {
// just return bool for whether an HTML string is safe
return sanitize(html).safe;
};
return {
is_safe: is_safe,
sanitize: sanitize,
sanitize_html: sanitize_html
};
}(IPython));
Reference in new issue View Git Blame Copy Permalink