U Uc/ @sddlmZddlZddlmZddlmZddlmZddl m Z ddl m Z ddl mZdd lmZd d d d ddddddddg ZddgdgdgdZgZdddgZGdddeZddZGd d!d!e jZdS)")unicode_literalsN)unescape)html5lib) namespaces) sanitizer)HTMLSerializer) force_unicode)alphabetize_attributesaabbracronymb blockquotecodeemiliolstrongulhreftitle)r r r httphttpsmailtoc@s0eZdZdZeeeedddfddZddZ dS) CleaneraCleaner for cleaning HTML fragments of malicious content This cleaner is a security-focused function whose sole purpose is to remove malicious content from a string such that it can be displayed as content in a web page. This cleaner is not designed to use to transform content to be used in non-web-page contexts. To use:: from bleach.sanitizer import Cleaner cleaner = Cleaner() for text in all_the_yucky_things: sanitized = cleaner.clean(text) FTNcCs^||_||_||_||_||_||_|p*g|_tjdd|_ t d|_ t ddddd|_ dS)a Initializes a Cleaner :arg list tags: allowed list of tags; defaults to ``bleach.sanitizer.ALLOWED_TAGS`` :arg dict attributes: allowed attributes; can be a callable, list or dict; defaults to ``bleach.sanitizer.ALLOWED_ATTRIBUTES`` :arg list styles: allowed list of css styles; defaults to ``bleach.sanitizer.ALLOWED_STYLES`` :arg list protocols: allowed list of protocols for links; defaults to ``bleach.sanitizer.ALLOWED_PROTOCOLS`` :arg bool strip: whether or not to strip disallowed elements :arg bool strip_comments: whether or not to strip HTML comments :arg list filters: list of html5lib Filter classes to pass streamed content through .. seealso:: http://html5lib.readthedocs.io/en/latest/movingparts.html#filters .. Warning:: Using filters changes the output of ``bleach.Cleaner.clean``. Make sure the way the filters change the output are secure. F)namespaceHTMLElementsetreealways)quote_attr_valuesomit_optional_tagssanitizealphabetical_attributesN)tags attributesstyles protocolsstripstrip_commentsfiltersr HTMLParserparser getTreeWalkerwalkerr serializer)selfr#r$r%r&r'r(r)r0H/tmp/pip-unpacked-wheel-g8kmtpbc/tensorboard/_vendor/bleach/sanitizer.py__init__Ds  zCleaner.__init__c Csh|sdSt|}|j|}t|||j|j|j|j|j |j gd}|j D]}||d}qL|j |S)zCleans text and returns sanitized result as unicode :arg str text: text to be cleaned :returns: sanitized text as unicode )sourcer$strip_disallowed_elementsstrip_html_commentsallowed_elementsallowed_css_propertiesallowed_protocolsallowed_svg_properties)r4)rr+ parseFragmentBleachSanitizerFilterr-r$r'r(r#r%r&r)r.render)r/textdomfilteredZ filter_classr0r0r1cleanxs"   z Cleaner.clean) __name__ __module__ __qualname____doc__ ALLOWED_TAGSALLOWED_ATTRIBUTESALLOWED_STYLESALLOWED_PROTOCOLSr2rAr0r0r0r1r/s 4rcsLtr Sttr&fdd}|Sttr@fdd}|StddS)a0Generates attribute filter function for the given attributes value The attributes value can take one of several shapes. This returns a filter function appropriate to the attributes value. One nice thing about this is that there's less if/then shenanigans in the ``allow_token`` method. cs`|kr0|}t|r$||||S||kr0dSdkr\d}t|rT||||S||kSdS)NT*F)callable)tagattrvalueZattr_valr$r0r1 _attr_filters  z.attribute_filter_factory.._attr_filtercs|kS)Nr0)rLrMrNrOr0r1rPsz3attributes needs to be a callable, a list or a dictN)rK isinstancedictlist ValueError)r$rPr0rOr1attribute_filter_factorys    rUcs@eZdZdZeddffdd ZddZdd Zd d ZZ S) r<zmhtml5lib Filter that sanitizes text This filter can be used anywhere html5lib filters can be used. FTc s*t||_||_||_tt|j|f|S)aCreates a BleachSanitizerFilter instance :arg Treewalker source: stream :arg list tags: allowed list of tags; defaults to ``bleach.sanitizer.ALLOWED_TAGS`` :arg dict attributes: allowed attributes; can be a callable, list or dict; defaults to ``bleach.sanitizer.ALLOWED_ATTRIBUTES`` :arg list styles: allowed list of css styles; defaults to ``bleach.sanitizer.ALLOWED_STYLES`` :arg list protocols: allowed list of protocols for links; defaults to ``bleach.sanitizer.ALLOWED_PROTOCOLS`` :arg bool strip_disallowed_elements: whether or not to strip disallowed elements :arg bool strip_html_comments: whether or not to strip HTML comments )rU attr_filterr5r6superr<r2)r/r4r$r5r6kwargs __class__r0r1r2s zBleachSanitizerFilter.__init__cCsp|d}|dkrT|d|jkr(||S|jr0qld|krHt|d|d<||Sn|dkrh|jsl|Sn|SdS)a~Sanitize a token either by HTML-encoding or dropping. Unlike sanitizer.Filter, allowed_attributes can be a dict of {'tag': ['attribute', 'pairs'], 'tag': callable}. Here callable is a function with two arguments of attribute name and value. It should return true of false. Also gives the option to strip tags instead of encoding. type)StartTagEndTagEmptyTagnamedataCommentN)r7 allow_tokenr5r Zdisallowed_tokenr6)r/token token_typer0r0r1sanitize_tokens   z$BleachSanitizerFilter.sanitize_tokenc Csd|kri}|dD]\}}|\}}||d||s>q||jkrtddt|}|dd}td|r| dd|j krq||j krtd d t|}| }|sqn|}d |df|j kr|d td dffkrtd|rq|dkr||}|||<qt||d<|S)z-Handles the case where we're allowing the tagr`r_u [`- - \s]+r3u�z^[a-z0-9][-+.a-z0-9]*::rzurl\s*\(\s*[^#\s][^)]+?\) N)Nrxlinkrz ^\s*[^#\s])Nstyle)itemsrVZattr_val_is_uriresubrlowerreplacematchsplitr9Zsvg_attr_val_allows_refr'Zsvg_allow_local_hrefrsearch sanitize_cssr ) r/rcattrsZnamespaced_nameval namespacer_Z val_unescapednew_valr0r0r1rb sF          z!BleachSanitizerFilter.allow_tokencCstdd|}|d}td}|D]}||s*dSq*td|sPdSg}td|D]X\}}|snq`||jkr||d|dq`||j kr`||d|dq`d |S) zSanitizes css in style tagszurl\s*\(\s*[^\s)]+?\s*\)\s*rg;zI^([-/:,#%.'"\sa-zA-Z0-9!]|\w-\w|'[\s\w]+'\s*|"[\s\w]+"|\([\d,%\.\s]+\))*$r3z ^\s*([-\w]+\s*:[^:;]*(;\s*|$))*$z([-\w]+)\s*:\s*([^:;]*)z: ) rkcompilerlrprofindallrmr8appendr:join)r/ripartsZgauntletpartrAproprNr0r0r1rrPs&   z"BleachSanitizerFilter.sanitize_css) rBrCrDrErGr2rerbrr __classcell__r0r0rYr1r<s "Cr<) __future__rrkxml.sax.saxutilsrZtensorboard._vendorrZ&tensorboard._vendor.html5lib.constantsrZ$tensorboard._vendor.html5lib.filtersrZ'tensorboard._vendor.html5lib.serializerrZ#tensorboard._vendor.bleach.encodingrZ tensorboard._vendor.bleach.utilsr rFrGrHrIobjectrrUFilterr<r0r0r0r1s<         m)