htmlsanitizer 0.2.0

A fast, allowlist-based HTML sanitizer
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240

use std::collections::HashMap;

/// A single HTML tag with its allowed attributes.
#[derive(Debug, Clone)]
pub struct Tag {
    /// Tag name (must be lowercase).
    pub name: String,
    /// Allowed non-URL attributes (must be lowercase).
    pub attr: Vec<String>,
    /// Allowed URL-related attributes (must be lowercase).
    pub url_attr: Vec<String>,
}

impl Tag {
    pub fn new(name: &str, attr: &[&str], url_attr: &[&str]) -> Self {
        Self {
            name: name.to_string(),
            attr: attr.iter().map(|s| s.to_string()).collect(),
            url_attr: url_attr.iter().map(|s| s.to_string()).collect(),
        }
    }

    /// Check whether an attribute exists on this tag. Returns `(exists, is_url_attr)`.
    pub fn attr_exists(&self, name: &[u8]) -> (bool, bool) {
        let name = std::str::from_utf8(name).unwrap_or("");
        for a in &self.url_attr {
            if a == name {
                return (true, true);
            }
        }
        for a in &self.attr {
            if a == name {
                return (true, false);
            }
        }
        (false, false)
    }
}

/// Specifies all allowed HTML tags and attributes for the sanitizer.
#[derive(Debug, Clone)]
pub struct AllowList {
    /// Allowed tags.
    pub tags: Vec<Tag>,
    /// Globally allowed attributes (e.g. `class`, `id`).
    pub global_attr: Vec<String>,
    /// Non-HTML tags like `<script>`, `<style>` whose content is not real HTML.
    pub non_html_tags: Vec<Tag>,

    tag_map: Option<HashMap<String, usize>>,
    non_html_tag_map: Option<HashMap<String, usize>>,
}

impl AllowList {
    fn build_tag_map(&mut self) {
        let mut map = HashMap::with_capacity(self.tags.len());
        for (i, tag) in self.tags.iter().enumerate() {
            map.insert(tag.name.clone(), i);
        }
        self.tag_map = Some(map);
    }

    fn build_non_html_tag_map(&mut self) {
        let mut map = HashMap::with_capacity(self.non_html_tags.len());
        for (i, tag) in self.non_html_tags.iter().enumerate() {
            map.insert(tag.name.clone(), i);
        }
        self.non_html_tag_map = Some(map);
    }

    /// Check whether a global attribute exists.
    pub fn attr_exists(&self, name: &[u8]) -> bool {
        let name = std::str::from_utf8(name).unwrap_or("");
        self.global_attr.iter().any(|a| a == name)
    }

    /// Check if a tag name is a non-HTML tag (e.g. `script`, `style`).
    /// The name must already be lowercased.
    pub fn check_non_html_tag(&mut self, name: &str) -> Option<usize> {
        if self.non_html_tag_map.is_none() {
            self.build_non_html_tag_map();
        }
        self.non_html_tag_map.as_ref().unwrap().get(name).copied()
    }

    /// Add a tag to the allow list.
    pub fn add_tag(&mut self, tag: Tag) {
        self.tags.push(tag);
        self.tag_map = None;
    }

    /// Remove all tags with the given name (must be lowercase).
    pub fn remove_tag(&mut self, name: &str) {
        self.tags.retain(|t| t.name != name);
        self.tag_map = None;
    }

    /// Find a tag by its lowercased name.
    pub fn find_tag(&mut self, name: &str) -> Option<usize> {
        if self.tag_map.is_none() {
            self.build_tag_map();
        }
        self.tag_map.as_ref().unwrap().get(name).copied()
    }
}

/// Lowercase ASCII A-Z bytes in place.
pub fn ascii_lower_in_place(p: &mut [u8]) {
    p.make_ascii_lowercase();
}

/// Create the default allow list matching the Go `DefaultAllowList`.
pub fn default_allow_list() -> AllowList {
    AllowList {
        tags: vec![
            Tag::new("address", &[], &[]),
            Tag::new("article", &[], &[]),
            Tag::new("aside", &[], &[]),
            Tag::new("footer", &[], &[]),
            Tag::new("header", &[], &[]),
            Tag::new("h1", &[], &[]),
            Tag::new("h2", &[], &[]),
            Tag::new("h3", &[], &[]),
            Tag::new("h4", &[], &[]),
            Tag::new("h5", &[], &[]),
            Tag::new("h6", &[], &[]),
            Tag::new("hgroup", &[], &[]),
            Tag::new("main", &[], &[]),
            Tag::new("nav", &[], &[]),
            Tag::new("section", &[], &[]),
            Tag::new("blockquote", &[], &["cite"]),
            Tag::new("dd", &[], &[]),
            Tag::new("div", &[], &[]),
            Tag::new("dl", &[], &[]),
            Tag::new("dt", &[], &[]),
            Tag::new("figcaption", &[], &[]),
            Tag::new("figure", &[], &[]),
            Tag::new("hr", &[], &[]),
            Tag::new("li", &[], &[]),
            Tag::new("ol", &[], &[]),
            Tag::new("p", &[], &[]),
            Tag::new("pre", &[], &[]),
            Tag::new("ul", &[], &[]),
            Tag::new("a", &["rel", "target", "referrerpolicy"], &["href"]),
            Tag::new("abbr", &["title"], &[]),
            Tag::new("b", &[], &[]),
            Tag::new("bdi", &[], &[]),
            Tag::new("bdo", &[], &[]),
            Tag::new("br", &[], &[]),
            Tag::new("cite", &[], &[]),
            Tag::new("code", &[], &[]),
            Tag::new("data", &["value"], &[]),
            Tag::new("em", &[], &[]),
            Tag::new("i", &[], &[]),
            Tag::new("kbd", &[], &[]),
            Tag::new("mark", &[], &[]),
            Tag::new("q", &[], &["cite"]),
            Tag::new("s", &[], &[]),
            Tag::new("small", &[], &[]),
            Tag::new("span", &[], &[]),
            Tag::new("strong", &[], &[]),
            Tag::new("sub", &[], &[]),
            Tag::new("sup", &[], &[]),
            Tag::new("time", &["datetime"], &[]),
            Tag::new("u", &[], &[]),
            Tag::new(
                "area",
                &["alt", "coords", "shape", "target", "rel", "referrerpolicy"],
                &["href"],
            ),
            Tag::new(
                "audio",
                &[
                    "autoplay",
                    "controls",
                    "crossorigin",
                    "duration",
                    "loop",
                    "muted",
                    "preload",
                ],
                &["src"],
            ),
            Tag::new(
                "img",
                &[
                    "alt",
                    "crossorigin",
                    "height",
                    "width",
                    "loading",
                    "referrerpolicy",
                ],
                &["src"],
            ),
            Tag::new("map", &["name"], &[]),
            Tag::new("track", &["default", "kind", "label", "srclang"], &["src"]),
            Tag::new(
                "video",
                &[
                    "autoplay",
                    "buffered",
                    "controls",
                    "crossorigin",
                    "duration",
                    "loop",
                    "muted",
                    "preload",
                    "height",
                    "width",
                ],
                &["src", "poster"],
            ),
            Tag::new("picture", &[], &[]),
            Tag::new("source", &["type"], &["src"]),
            Tag::new("del", &[], &[]),
            Tag::new("ins", &[], &[]),
            Tag::new("caption", &[], &[]),
            Tag::new("col", &["span"], &[]),
            Tag::new("colgroup", &[], &[]),
            Tag::new("table", &[], &[]),
            Tag::new("tbody", &[], &[]),
            Tag::new("td", &["colspan", "rowspan"], &[]),
            Tag::new("tfoot", &[], &[]),
            Tag::new("th", &["colspan", "rowspan", "scope"], &[]),
            Tag::new("thead", &[], &[]),
            Tag::new("tr", &[], &[]),
            Tag::new("details", &["open"], &[]),
            Tag::new("summary", &[], &[]),
        ],
        global_attr: vec!["class".to_string(), "id".to_string()],
        non_html_tags: vec![
            Tag::new("script", &[], &[]),
            Tag::new("style", &[], &[]),
            Tag::new("object", &[], &[]),
        ],
        tag_map: None,
        non_html_tag_map: None,
    }
}