indymedia
/
epicyon
mirror of https://gitlab.com/bashrc2/epicyon
7
4
Fork 1
Code Issues 14 Releases Wiki Activity

Allow pre with extra checks

merge-requests/30/head
Bob Mottram 2023-04-28 12:38:32 +01:00
parent 2102919c69
commit 4ff9968f6b
1 changed files with 7 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
utils.py
View File

@ -1168,14 +1168,14 @@ def html_tag_has_closing(tag_name: str, content: str) -> bool:
# check that an ending tag exists # check that an ending tag exists
if end_tag not in section: if end_tag not in section:
return False return False
if tag_name == 'code': if tag_name in ('code', 'pre'):
# check that lines are not too long # check that lines are not too long
section = section.split(end_tag)[0] section = section.split(end_tag)[0]
section = section.replace('<br>', '\n') section = section.replace('<br>', '\n')
code_lines = section.split('\n') code_lines = section.split('\n')
for line in code_lines: for line in code_lines:
if len(line) >= 60: if len(line) >= 60:
print('<code> line too long') print('<code> or <pre> line too long')
return False return False
ctr += 1 ctr += 1
return True return True
@ -1193,12 +1193,12 @@ def dangerous_markup(content: str, allow_local_network_access: bool) -> bool:
return True return True
if not html_tag_has_closing('code', content): if not html_tag_has_closing('code', content):
return True return True
if not html_tag_has_closing('pre', content):
return True
invalid_strings = [ invalid_strings = [
'script', 'noscript', 'pre', 'script', 'noscript', 'canvas', 'style', 'abbr', 'input',
'canvas', 'style', 'abbr', 'input', 'frame', 'iframe', 'html', 'body', 'hr', 'allow-popups',
'frame', 'iframe', 'html', 'body', 'allow-scripts', 'amp-', '?php'
'hr', 'allow-popups', 'allow-scripts',
'amp-', '?php'
] ]
return _is_dangerous_string_tag(content, allow_local_network_access, return _is_dangerous_string_tag(content, allow_local_network_access,
separators, invalid_strings) separators, invalid_strings)