o 7?e/@sddlmZddlZddlmZddlmZddlmZddl m Z ddl m Z ddl mZdd lmZgd Zd d gd gd gd ZgZgdZGdddeZddZGddde jZdS))unicode_literalsN)unescape)html5lib) namespaces) sanitizer)HTMLSerializer) force_unicode)alphabetize_attributes) aabbracronymbZ blockquotecodeZemiZliolstrongZulhreftitle)r r r )httphttpsmailtoc@s0eZdZdZeeeedddfddZddZ dS) CleaneraCleaner for cleaning HTML fragments of malicious content This cleaner is a security-focused function whose sole purpose is to remove malicious content from a string such that it can be displayed as content in a web page. This cleaner is not designed to use to transform content to be used in non-web-page contexts. To use:: from bleach.sanitizer import Cleaner cleaner = Cleaner() for text in all_the_yucky_things: sanitized = cleaner.clean(text) FTNcCs^||_||_||_||_||_||_|pg|_tjdd|_ t d|_ t ddddd|_ dS)a Initializes a Cleaner :arg list tags: allowed list of tags; defaults to ``bleach.sanitizer.ALLOWED_TAGS`` :arg dict attributes: allowed attributes; can be a callable, list or dict; defaults to ``bleach.sanitizer.ALLOWED_ATTRIBUTES`` :arg list styles: allowed list of css styles; defaults to ``bleach.sanitizer.ALLOWED_STYLES`` :arg list protocols: allowed list of protocols for links; defaults to ``bleach.sanitizer.ALLOWED_PROTOCOLS`` :arg bool strip: whether or not to strip disallowed elements :arg bool strip_comments: whether or not to strip HTML comments :arg list filters: list of html5lib Filter classes to pass streamed content through .. seealso:: http://html5lib.readthedocs.io/en/latest/movingparts.html#filters .. Warning:: Using filters changes the output of ``bleach.Cleaner.clean``. Make sure the way the filters change the output are secure. F)ZnamespaceHTMLElementsetreealways)Zquote_attr_valuesZomit_optional_tagssanitizeZalphabetical_attributesN)tags attributesstyles protocolsstripstrip_commentsfiltersr HTMLParserparserZ getTreeWalkerwalkerr serializer)selfrrrrrr r!r'e/home/www/facesmatcher.com/pyenv/lib/python3.10/site-packages/tensorboard/_vendor/bleach/sanitizer.py__init__Ds   zCleaner.__init__c Csh|sdSt|}|j|}t|||j|j|j|j|j |j gd}|j D]}||d}q&|j |S)zCleans text and returns sanitized result as unicode :arg str text: text to be cleaned :returns: sanitized text as unicode )sourcerstrip_disallowed_elementsstrip_html_commentsallowed_elementsallowed_css_propertiesallowed_protocolsallowed_svg_properties)r+)rr#Z parseFragmentBleachSanitizerFilterr$rrr rrrr!r%render)r&textdomfilteredZ filter_classr'r'r(cleanxs"    z Cleaner.clean) __name__ __module__ __qualname____doc__ ALLOWED_TAGSALLOWED_ATTRIBUTESALLOWED_STYLESALLOWED_PROTOCOLSr)r7r'r'r'r(r/s 4rcsHtrSttrfdd}|Sttr fdd}|Std)a0Generates attribute filter function for the given attributes value The attributes value can take one of several shapes. This returns a filter function appropriate to the attributes value. One nice thing about this is that there's less if/then shenanigans in the ``allow_token`` method. cs`|vr|}t|r||||S||vrdSdvr.d}t|r*||||S||vSdS)NT*F)callable)tagattrvalueZattr_valrr'r( _attr_filters  z.attribute_filter_factory.._attr_filtercs|vS)Nr')rBrCrDrEr'r(rFsz3attributes needs to be a callable, a list or a dict)rA isinstancedictlist ValueError)rrFr'rEr(attribute_filter_factorys    rKcs@eZdZdZeddffdd ZddZdd Zd d ZZ S) r2zmhtml5lib Filter that sanitizes text This filter can be used anywhere html5lib filters can be used. FTc s.t||_||_||_tt|j|fi|S)aCreates a BleachSanitizerFilter instance :arg Treewalker source: stream :arg list tags: allowed list of tags; defaults to ``bleach.sanitizer.ALLOWED_TAGS`` :arg dict attributes: allowed attributes; can be a callable, list or dict; defaults to ``bleach.sanitizer.ALLOWED_ATTRIBUTES`` :arg list styles: allowed list of css styles; defaults to ``bleach.sanitizer.ALLOWED_STYLES`` :arg list protocols: allowed list of protocols for links; defaults to ``bleach.sanitizer.ALLOWED_PROTOCOLS`` :arg bool strip_disallowed_elements: whether or not to strip disallowed elements :arg bool strip_html_comments: whether or not to strip HTML comments )rK attr_filterr,r-superr2r))r&r+rr,r-kwargs __class__r'r(r)s zBleachSanitizerFilter.__init__cCsn|d}|dvr*|d|jvr||S|jrdSd|vr%t|d|d<||S|dkr5|js3|SdS|S)a~Sanitize a token either by HTML-encoding or dropping. Unlike sanitizer.Filter, allowed_attributes can be a dict of {'tag': ['attribute', 'pairs'], 'tag': callable}. Here callable is a function with two arguments of attribute name and value. It should return true of false. Also gives the option to strip tags instead of encoding. type)ZStartTagZEndTagZEmptyTagnamedataCommentN)r. allow_tokenr,r Zdisallowed_tokenr-)r&token token_typer'r'r(sanitize_tokens   z$BleachSanitizerFilter.sanitize_tokenc Csd|vri}|dD]w\}}|\}}||d||sq ||jvrEtddt|}|dd}td|rE| dd|j vrEq ||j vr\td d t|}| }|sZq |}d |df|j vrv|d td dffvrvtd|rvq |dkr||}|||<q t||d<|S)z-Handles the case where we're allowing the tagrSrRu [`- - \s]+r*u�z^[a-z0-9][-+.a-z0-9]*::rzurl\s*\(\s*[^#\s][^)]+?\) N)NrZxlinkrz ^\s*[^#\s])Nstyle)itemsrLZattr_val_is_uriresubrlowerreplacematchsplitr0Zsvg_attr_val_allows_refrZsvg_allow_local_hrefrsearch sanitize_cssr ) r&rVattrsZnamespaced_nameval namespacerRZ val_unescapednew_valr'r'r(rU sJ        z!BleachSanitizerFilter.allow_tokencCstdd|}|d}td}|D] }||sdSqtd|s(dSg}td|D],\}}|s7q0||jvrJ||d|dq0||j vr\||d|dq0d |S) zSanitizes css in style tagszurl\s*\(\s*[^\s)]+?\s*\)\s*rZ;zI^([-/:,#%.'"\sa-zA-Z0-9!]|\w-\w|'[\s\w]+'\s*|"[\s\w]+"|\([\d,%\.\s]+\))*$r*z ^\s*([-\w]+\s*:[^:;]*(;\s*|$))*$z([-\w]+)\s*:\s*([^:;]*)z: ) r]compiler^rbrafindallr_r/appendr1join)r&r[partsZgauntletpartr7proprDr'r'r(rdPs*    z"BleachSanitizerFilter.sanitize_css) r8r9r:r;r=r)rXrUrd __classcell__r'r'rOr(r2s "Cr2) __future__rr]Zxml.sax.saxutilsrZtensorboard._vendorrZ&tensorboard._vendor.html5lib.constantsrZ$tensorboard._vendor.html5lib.filtersrZ'tensorboard._vendor.html5lib.serializerrZ#tensorboard._vendor.bleach.encodingrZ tensorboard._vendor.bleach.utilsr r<r=r>r?objectrrKFilterr2r'r'r'r(s&        m)