fionera
/
transfer.sh
forked from kiska/transfer.sh
1
0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
195 Commits
9 Branches
34 MiB
 
 
 
Tree: 6d68ad982f
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '6d68ad982f'
${ noResults }
transfer.sh/transfersh-server/vendor/github.com/kennygrant/sanitize/sanitize.go

385 lines
10 KiB
Raw Blame History 

  1. // Package sanitize provides functions for sanitizing text.

  2. package sanitize

  3. 

  4. import (

  5. 	"bytes"

  6. 	"html"

  7. 	"html/template"

  8. 	"io"

  9. 	"path"

  10. 	"regexp"

  11. 	"strings"

  12. 

  13. 	parser "golang.org/x/net/html"

  14. )

  15. 

  16. var (

  17. 	ignoreTags = []string{"title", "script", "style", "iframe", "frame", "frameset", "noframes", "noembed", "embed", "applet", "object", "base"}

  18. 

  19. 	defaultTags = []string{"h1", "h2", "h3", "h4", "h5", "h6", "div", "span", "hr", "p", "br", "b", "i", "strong", "em", "ol", "ul", "li", "a", "img", "pre", "code", "blockquote"}

  20. 

  21. 	defaultAttributes = []string{"id", "class", "src", "href", "title", "alt", "name", "rel"}

  22. )

  23. 

  24. // HTMLAllowing sanitizes html, allowing some tags.

  25. // Arrays of allowed tags and allowed attributes may optionally be passed as the second and third arguments.

  26. func HTMLAllowing(s string, args ...[]string) (string, error) {

  27. 

  28. 	allowedTags := defaultTags

  29. 	if len(args) > 0 {

  30. 		allowedTags = args[0]

  31. 	}

  32. 	allowedAttributes := defaultAttributes

  33. 	if len(args) > 1 {

  34. 		allowedAttributes = args[1]

  35. 	}

  36. 

  37. 	// Parse the html

  38. 	tokenizer := parser.NewTokenizer(strings.NewReader(s))

  39. 

  40. 	buffer := bytes.NewBufferString("")

  41. 	ignore := ""

  42. 

  43. 	for {

  44. 		tokenType := tokenizer.Next()

  45. 		token := tokenizer.Token()

  46. 

  47. 		switch tokenType {

  48. 

  49. 		case parser.ErrorToken:

  50. 			err := tokenizer.Err()

  51. 			if err == io.EOF {

  52. 				return buffer.String(), nil

  53. 			}

  54. 			return "", err

  55. 

  56. 		case parser.StartTagToken:

  57. 

  58. 			if len(ignore) == 0 && includes(allowedTags, token.Data) {

  59. 				token.Attr = cleanAttributes(token.Attr, allowedAttributes)

  60. 				buffer.WriteString(token.String())

  61. 			} else if includes(ignoreTags, token.Data) {

  62. 				ignore = token.Data

  63. 			}

  64. 

  65. 		case parser.SelfClosingTagToken:

  66. 

  67. 			if len(ignore) == 0 && includes(allowedTags, token.Data) {

  68. 				token.Attr = cleanAttributes(token.Attr, allowedAttributes)

  69. 				buffer.WriteString(token.String())

  70. 			} else if token.Data == ignore {

  71. 				ignore = ""

  72. 			}

  73. 

  74. 		case parser.EndTagToken:

  75. 			if len(ignore) == 0 && includes(allowedTags, token.Data) {

  76. 				token.Attr = []parser.Attribute{}

  77. 				buffer.WriteString(token.String())

  78. 			} else if token.Data == ignore {

  79. 				ignore = ""

  80. 			}

  81. 

  82. 		case parser.TextToken:

  83. 			// We allow text content through, unless ignoring this entire tag and its contents (including other tags)

  84. 			if ignore == "" {

  85. 				buffer.WriteString(token.String())

  86. 			}

  87. 		case parser.CommentToken:

  88. 			// We ignore comments by default

  89. 		case parser.DoctypeToken:

  90. 			// We ignore doctypes by default - html5 does not require them and this is intended for sanitizing snippets of text

  91. 		default:

  92. 			// We ignore unknown token types by default

  93. 

  94. 		}

  95. 

  96. 	}

  97. 

  98. }

  99. 

  100. // HTML strips html tags, replace common entities, and escapes <>&;'" in the result.

  101. // Note the returned text may contain entities as it is escaped by HTMLEscapeString, and most entities are not translated.

  102. func HTML(s string) string {

  103. 

  104. 	output := ""

  105. 

  106. 	// Shortcut strings with no tags in them

  107. 	if !strings.ContainsAny(s, "<>") {

  108. 		output = s

  109. 	} else {

  110. 

  111. 		// First remove line breaks etc as these have no meaning outside html tags (except pre)

  112. 		// this means pre sections will lose formatting... but will result in less uninentional paras.

  113. 		s = strings.Replace(s, "\n", "", -1)

  114. 

  115. 		// Then replace line breaks with newlines, to preserve that formatting

  116. 		s = strings.Replace(s, "</p>", "\n", -1)

  117. 		s = strings.Replace(s, "<br>", "\n", -1)

  118. 		s = strings.Replace(s, "</br>", "\n", -1)

  119. 		s = strings.Replace(s, "<br/>", "\n", -1)

  120. 

  121. 		// Walk through the string removing all tags

  122. 		b := bytes.NewBufferString("")

  123. 		inTag := false

  124. 		for _, r := range s {

  125. 			switch r {

  126. 			case '<':

  127. 				inTag = true

  128. 			case '>':

  129. 				inTag = false

  130. 			default:

  131. 				if !inTag {

  132. 					b.WriteRune(r)

  133. 				}

  134. 			}

  135. 		}

  136. 		output = b.String()

  137. 	}

  138. 

  139. 	// Remove a few common harmless entities, to arrive at something more like plain text

  140. 	output = strings.Replace(output, "&#8216;", "'", -1)

  141. 	output = strings.Replace(output, "&#8217;", "'", -1)

  142. 	output = strings.Replace(output, "&#8220;", "\"", -1)

  143. 	output = strings.Replace(output, "&#8221;", "\"", -1)

  144. 	output = strings.Replace(output, "&nbsp;", " ", -1)

  145. 	output = strings.Replace(output, "&quot;", "\"", -1)

  146. 	output = strings.Replace(output, "&apos;", "'", -1)

  147. 

  148. 	// Translate some entities into their plain text equivalent (for example accents, if encoded as entities)

  149. 	output = html.UnescapeString(output)

  150. 

  151. 	// In case we have missed any tags above, escape the text - removes <, >, &, ' and ".

  152. 	output = template.HTMLEscapeString(output)

  153. 

  154. 	// After processing, remove some harmless entities &, ' and " which are encoded by HTMLEscapeString

  155. 	output = strings.Replace(output, "&#34;", "\"", -1)

  156. 	output = strings.Replace(output, "&#39;", "'", -1)

  157. 	output = strings.Replace(output, "&amp; ", "& ", -1)     // NB space after

  158. 	output = strings.Replace(output, "&amp;amp; ", "& ", -1) // NB space after

  159. 

  160. 	return output

  161. }

  162. 

  163. // We are very restrictive as this is intended for ascii url slugs

  164. var illegalPath = regexp.MustCompile(`[^[:alnum:]\~\-\./]`)

  165. 

  166. // Path makes a string safe to use as an url path.

  167. func Path(s string) string {

  168. 	// Start with lowercase string

  169. 	filePath := strings.ToLower(s)

  170. 	filePath = strings.Replace(filePath, "..", "", -1)

  171. 	filePath = path.Clean(filePath)

  172. 

  173. 	// Remove illegal characters for paths, flattening accents and replacing some common separators with -

  174. 	filePath = cleanString(filePath, illegalPath)

  175. 

  176. 	// NB this may be of length 0, caller must check

  177. 	return filePath

  178. }

  179. 

  180. // Remove all other unrecognised characters apart from

  181. var illegalName = regexp.MustCompile(`[^[:alnum:]-.]`)

  182. 

  183. // Name makes a string safe to use in a file name by first finding the path basename, then replacing non-ascii characters.

  184. func Name(s string) string {

  185. 	// Start with lowercase string

  186. 	fileName := strings.ToLower(s)

  187. 	fileName = path.Clean(path.Base(fileName))

  188. 

  189. 	// Remove illegal characters for names, replacing some common separators with -

  190. 	fileName = cleanString(fileName, illegalName)

  191. 

  192. 	// NB this may be of length 0, caller must check

  193. 	return fileName

  194. }

  195. 

  196. // Replace these separators with -

  197. var baseNameSeparators = regexp.MustCompile(`[./]`)

  198. 

  199. // BaseName makes a string safe to use in a file name, producing a sanitized basename replacing . or / with -.

  200. // No attempt is made to normalise a path or normalise case.

  201. func BaseName(s string) string {

  202. 

  203. 	// Replace certain joining characters with a dash

  204. 	baseName := baseNameSeparators.ReplaceAllString(s, "-")

  205. 

  206. 	// Remove illegal characters for names, replacing some common separators with -

  207. 	baseName = cleanString(baseName, illegalName)

  208. 

  209. 	// NB this may be of length 0, caller must check

  210. 	return baseName

  211. }

  212. 

  213. // A very limited list of transliterations to catch common european names translated to urls.

  214. // This set could be expanded with at least caps and many more characters.

  215. var transliterations = map[rune]string{

  216. 	'À': "A",

  217. 	'Á': "A",

  218. 	'Â': "A",

  219. 	'Ã': "A",

  220. 	'Ä': "A",

  221. 	'Å': "AA",

  222. 	'Æ': "AE",

  223. 	'Ç': "C",

  224. 	'È': "E",

  225. 	'É': "E",

  226. 	'Ê': "E",

  227. 	'Ë': "E",

  228. 	'Ì': "I",

  229. 	'Í': "I",

  230. 	'Î': "I",

  231. 	'Ï': "I",

  232. 	'Ð': "D",

  233. 	'Ł': "L",

  234. 	'Ñ': "N",

  235. 	'Ò': "O",

  236. 	'Ó': "O",

  237. 	'Ô': "O",

  238. 	'Õ': "O",

  239. 	'Ö': "O",

  240. 	'Ø': "OE",

  241. 	'Ù': "U",

  242. 	'Ú': "U",

  243. 	'Ü': "U",

  244. 	'Û': "U",

  245. 	'Ý': "Y",

  246. 	'Þ': "Th",

  247. 	'ß': "ss",

  248. 	'à': "a",

  249. 	'á': "a",

  250. 	'â': "a",

  251. 	'ã': "a",

  252. 	'ä': "a",

  253. 	'å': "aa",

  254. 	'æ': "ae",

  255. 	'ç': "c",

  256. 	'è': "e",

  257. 	'é': "e",

  258. 	'ê': "e",

  259. 	'ë': "e",

  260. 	'ì': "i",

  261. 	'í': "i",

  262. 	'î': "i",

  263. 	'ï': "i",

  264. 	'ð': "d",

  265. 	'ł': "l",

  266. 	'ñ': "n",

  267. 	'ń': "n",

  268. 	'ò': "o",

  269. 	'ó': "o",

  270. 	'ô': "o",

  271. 	'õ': "o",

  272. 	'ō': "o",

  273. 	'ö': "o",

  274. 	'ø': "oe",

  275. 	'ś': "s",

  276. 	'ù': "u",

  277. 	'ú': "u",

  278. 	'û': "u",

  279. 	'ū': "u",

  280. 	'ü': "u",

  281. 	'ý': "y",

  282. 	'þ': "th",

  283. 	'ÿ': "y",

  284. 	'ż': "z",

  285. 	'Œ': "OE",

  286. 	'œ': "oe",

  287. }

  288. 

  289. // Accents replaces a set of accented characters with ascii equivalents.

  290. func Accents(s string) string {

  291. 	// Replace some common accent characters

  292. 	b := bytes.NewBufferString("")

  293. 	for _, c := range s {

  294. 		// Check transliterations first

  295. 		if val, ok := transliterations[c]; ok {

  296. 			b.WriteString(val)

  297. 		} else {

  298. 			b.WriteRune(c)

  299. 		}

  300. 	}

  301. 	return b.String()

  302. }

  303. 

  304. var (

  305. 	// If the attribute contains data: or javascript: anywhere, ignore it

  306. 	// we don't allow this in attributes as it is so frequently used for xss

  307. 	// NB we allow spaces in the value, and lowercase.

  308. 	illegalAttr = regexp.MustCompile(`(d\s*a\s*t\s*a|j\s*a\s*v\s*a\s*s\s*c\s*r\s*i\s*p\s*t\s*)\s*:`)

  309. 

  310. 	// We are far more restrictive with href attributes.

  311. 	legalHrefAttr = regexp.MustCompile(`\A[/#][^/\\]?|mailto://|http://|https://`)

  312. )

  313. 

  314. // cleanAttributes returns an array of attributes after removing malicious ones.

  315. func cleanAttributes(a []parser.Attribute, allowed []string) []parser.Attribute {

  316. 	if len(a) == 0 {

  317. 		return a

  318. 	}

  319. 

  320. 	var cleaned []parser.Attribute

  321. 	for _, attr := range a {

  322. 		if includes(allowed, attr.Key) {

  323. 

  324. 			val := strings.ToLower(attr.Val)

  325. 

  326. 			// Check for illegal attribute values

  327. 			if illegalAttr.FindString(val) != "" {

  328. 				attr.Val = ""

  329. 			}

  330. 

  331. 			// Check for legal href values - / mailto:// http:// or https://

  332. 			if attr.Key == "href" {

  333. 				if legalHrefAttr.FindString(val) == "" {

  334. 					attr.Val = ""

  335. 				}

  336. 			}

  337. 

  338. 			// If we still have an attribute, append it to the array

  339. 			if attr.Val != "" {

  340. 				cleaned = append(cleaned, attr)

  341. 			}

  342. 		}

  343. 	}

  344. 	return cleaned

  345. }

  346. 

  347. // A list of characters we consider separators in normal strings and replace with our canonical separator - rather than removing.

  348. var (

  349. 	separators = regexp.MustCompile(`[ &_=+:]`)

  350. 

  351. 	dashes = regexp.MustCompile(`[\-]+`)

  352. )

  353. 

  354. // cleanString replaces separators with - and removes characters listed in the regexp provided from string.

  355. // Accents, spaces, and all characters not in A-Za-z0-9 are replaced.

  356. func cleanString(s string, r *regexp.Regexp) string {

  357. 

  358. 	// Remove any trailing space to avoid ending on -

  359. 	s = strings.Trim(s, " ")

  360. 

  361. 	// Flatten accents first so that if we remove non-ascii we still get a legible name

  362. 	s = Accents(s)

  363. 

  364. 	// Replace certain joining characters with a dash

  365. 	s = separators.ReplaceAllString(s, "-")

  366. 

  367. 	// Remove all other unrecognised characters - NB we do allow any printable characters

  368. 	s = r.ReplaceAllString(s, "")

  369. 

  370. 	// Remove any multiple dashes caused by replacements above

  371. 	s = dashes.ReplaceAllString(s, "-")

  372. 

  373. 	return s

  374. }

  375. 

  376. // includes checks for inclusion of a string in a []string.

  377. func includes(a []string, s string) bool {

  378. 	for _, as := range a {

  379. 		if as == s {

  380. 			return true

  381. 		}

  382. 	}

  383. 	return false

  384. }