Kibou is a federated social networking server.
Du kan inte välja fler än 25 ämnen Ämnen måste starta med en bokstav eller siffra, kan innehålla bindestreck ('-') och vara max 35 tecken långa.

html.rs 3.1KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123
  1. use regex::Regex;
  2. pub fn to_plain_text(input: &str) -> String {
  3. let output = str::replace(&input, "\n", "<br>");
  4. return strip_tags(&output);
  5. }
  6. pub fn strip_tags(input: &str) -> String {
  7. let allowed_tags = vec!["a", "b", "br", "em", "img", "strong", "u"];
  8. let forbidden_attributes = vec![
  9. "onabort",
  10. "onafterprint",
  11. "onbeforeprint",
  12. "onbeforeunload",
  13. "onblur",
  14. "oncanplay",
  15. "oncanplaythrough",
  16. "onchange",
  17. "onclick",
  18. "oncontextmenu",
  19. "oncopy",
  20. "oncuechange",
  21. "oncut",
  22. "ondblclick",
  23. "ondrag",
  24. "ondragend",
  25. "ondragenter",
  26. "ondragleave",
  27. "ondragover",
  28. "ondragstart",
  29. "ondrop",
  30. "ondurationchange",
  31. "onemptied",
  32. "onended",
  33. "onerror",
  34. "onfocus",
  35. "onhashchange",
  36. "oninput",
  37. "oninvalid",
  38. "onkeydown",
  39. "onkeypress",
  40. "onkeyup",
  41. "onload",
  42. "onloadeddata",
  43. "onloadedmetadata",
  44. "onloadstart",
  45. "onmessage",
  46. "onmousedown",
  47. "onmousemove",
  48. "onmouseout",
  49. "onmouseover",
  50. "onmouseup",
  51. "onmousewheel",
  52. "onoffline",
  53. "ononline",
  54. "onpagehide",
  55. "onpageshow",
  56. "onpaste",
  57. "onpause",
  58. "onplay",
  59. "onplaying",
  60. "onpopstate",
  61. "onprogress",
  62. "onratechange",
  63. "onreset",
  64. "onresize",
  65. "onscroll",
  66. "onsearch",
  67. "onseeked",
  68. "onseeking",
  69. "onselect",
  70. "onstalled",
  71. "onstorage",
  72. "onsubmit",
  73. "onsuspend",
  74. "ontimeupdate",
  75. "ontoggle",
  76. "onunload",
  77. "onvolumechange",
  78. "onwaiting",
  79. "onwheel",
  80. ];
  81. let mut output: String = input.to_string();
  82. let tag_regex: Regex = Regex::new("<[^>]*>").unwrap();
  83. for tag in tag_regex.captures_iter(&input) {
  84. let parsed_tag: Vec<&str> = tag
  85. .get(0)
  86. .unwrap()
  87. .as_str()
  88. .split(&[' ', '<', '>'][..])
  89. .collect();
  90. let mut tag_valid: bool = true;
  91. let mut parsed_start_tag = String::new();
  92. let stripped_characters = "/";
  93. for character in parsed_tag[1].chars() {
  94. if !stripped_characters.contains(character) {
  95. parsed_start_tag.push(character);
  96. }
  97. }
  98. if allowed_tags.contains(&parsed_start_tag.as_str()) {
  99. // The html sanitizer should try to strip malicious attributes from a tag rather than
  100. // just stripping a whole tag
  101. for tag_slice in parsed_tag.iter() {
  102. for attribute in forbidden_attributes.iter() {
  103. if tag_slice.contains(attribute) {
  104. output = str::replace(&output, tag_slice, "");
  105. }
  106. }
  107. }
  108. } else {
  109. tag_valid = false;
  110. }
  111. if !tag_valid {
  112. output = str::replace(&output, tag.get(0).unwrap().as_str(), "");
  113. }
  114. }
  115. return output;
  116. }