BubbleBath

bubble_bath

Struct BubbleBath 

Source 
pub struct BubbleBath<'a> {
    pub allowed_generic_attributes: HashSet<&'a str>,
    pub allowed_tags: HashSet<&'a str>,
    pub allowed_tag_attributes: HashMap<&'a str, HashSet<&'a str>>,
    pub allowed_url_schemes: HashSet<&'a str>,
    pub clean_url_attributes: HashMap<&'a str, HashSet<&'a str>>,
    pub memory_settings: MemorySettings,
    pub preserve_escaped: bool,
    pub remove_content_tags: HashSet<&'a str>,
    pub set_tag_attributes: HashMap<&'a str, HashMap<&'a str, &'a str>>,
}
Expand description

HTML sanitizer

bubble-bath is allow-list based, meaning all tags are by default cleaned.

BubbleBath::default provides a safe default

§Implementation details

  • We use lol_html as our underlying HTML processor
  • Only absolute URLs (i.e. URLs with a scheme) are allowed. Relative links are discarded

Fields§

§allowed_generic_attributes: HashSet<&'a str>

Attributes you want to keep on all tags

§allowed_tags: HashSet<&'a str>

Tags you want to keep

§allowed_tag_attributes: HashMap<&'a str, HashSet<&'a str>>

Attributes you want to keep on a per-tag basis

§allowed_url_schemes: HashSet<&'a str>

Schemes you want to allow on URLs in anchor tags

§clean_url_attributes: HashMap<&'a str, HashSet<&'a str>>

Clean certain attributes on tags as if they are URLs

§memory_settings: MemorySettings

Memory settings for the underlying HTML transformer

§preserve_escaped: bool

Instead of removing tags (and potentially their content), escape the HTML instead and output them as raw text

§remove_content_tags: HashSet<&'a str>

Tags of which you want to remove the tag and the content of

By default bubble-bath preserves the content of tags

Note: Remember to put <script> and <style> tags in here (unless you 100% know what you are doing) since they are really damn evil!

§set_tag_attributes: HashMap<&'a str, HashMap<&'a str, &'a str>>

Attributes you want to set on a per-tag basis

Implementations§

Source§

impl BubbleBath<'_>

Source

pub fn clean_streaming<'a, I, S>(&self, input: I, sink: S) -> Result<(), Error>
where I: Iterator<Item = &'a [u8]>, S: FnMut(&[u8]),

Clean HTML in a streaming fashion

§Errors
  • The HTML rewriter ran out of memory
  • The HTML parser ran into an ambiguous state (in this case you should just discard the text instead of trying to fix it)
  • The name of an attribute you put into the set_tag_attributes hashmap is invalid
Source

pub fn clean(&self, content: &str) -> Result<String, Error>

Clean the provided HTML content

§Errors
  • The output of the HTML transformer was not valid UTF-8

Check Self::clean_streaming for additional errors

Trait Implementations§

Source§

impl Default for BubbleBath<'static>

Source§

fn default() -> Self

Returns the “default value” for a type. Read more

Auto Trait Implementations§

§

impl<'a> Freeze for BubbleBath<'a>

§

impl<'a> RefUnwindSafe for BubbleBath<'a>

§

impl<'a> Send for BubbleBath<'a>

§

impl<'a> Sync for BubbleBath<'a>

§

impl<'a> Unpin for BubbleBath<'a>

§

impl<'a> UnwindSafe for BubbleBath<'a>

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.