indymedia
/
epicyon
mirror of https://gitlab.com/bashrc2/epicyon
7
4
Fork 1
Code Issues 14 Releases Wiki Activity

Function to remove scripts from content

merge-requests/30/head
Bob Mottram 2022-05-26 10:08:02 +01:00
parent 35da12282d
commit 7381e17c08
2 changed files with 39 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
content.py
View File

@ -1681,3 +1681,28 @@ def create_edits_html(edits_json: {}, post_json_object: {},
return '<details><summary class="cw">' + \ return '<details><summary class="cw">' + \
translate['SHOW EDITS'] + '</summary>' + \ translate['SHOW EDITS'] + '</summary>' + \
edits_str + '</details>' edits_str + '</details>'
def remove_script(content: str) -> str:
"""Removes <script> from some content
"""
separators = [['<', '>'], ['&lt;', '&gt;']]
for sep in separators:
prefix = sep[0] + 'script'
ending = '/script' + sep[1]
if prefix in content:
sections = content.split(prefix)
ctr = 0
for text in sections:
if ctr == 0:
ctr += 1
continue
if ending not in text:
if '/' + sep[1] not in text:
continue
if ending in text:
text = prefix + text.split(ending)[0] + ending
else:
text = prefix + text.split('/' + sep[1])[0] + '/' + sep[1]
content = content.replace(text, '')
return content

14
tests.py
View File

@ -129,6 +129,7 @@ from inbox import json_post_allows_comments
from inbox import valid_inbox from inbox import valid_inbox
from inbox import valid_inbox_filenames from inbox import valid_inbox_filenames
from categories import guess_hashtag_category from categories import guess_hashtag_category
from content import remove_script
from content import create_edits_html from content import create_edits_html
from content import content_diff from content import content_diff
from content import bold_reading_string from content import bold_reading_string
@ -3978,6 +3979,8 @@ def _test_danger_svg(base_dir: str) -> None:
' <circle cx="5" cy="5" r="4" />' + \ ' <circle cx="5" cy="5" r="4" />' + \
'</svg>' '</svg>'
assert not dangerous_svg(svg_content, False) assert not dangerous_svg(svg_content, False)
cleaned_up = remove_script(svg_content)
assert cleaned_up == svg_content
svg_content = \ svg_content = \
' <svg viewBox="0 0 10 10" xmlns="http://www.w3.org/2000/svg">' + \ ' <svg viewBox="0 0 10 10" xmlns="http://www.w3.org/2000/svg">' + \
' <script>' + \ ' <script>' + \
@ -3999,6 +4002,17 @@ def _test_danger_svg(base_dir: str) -> None:
'</svg>' '</svg>'
assert dangerous_svg(svg_content, False) assert dangerous_svg(svg_content, False)
svg_clean = \
' <svg viewBox="0 0 10 10" xmlns="http://www.w3.org/2000/svg">' + \
' <circle cx="5" cy="5" r="4" />' + \
'</svg>'
cleaned_up = remove_script(svg_content)
assert '<script' not in cleaned_up
assert '/script>' not in cleaned_up
if cleaned_up != svg_clean:
print(cleaned_up)
assert cleaned_up == svg_clean
assert not scan_themes_for_scripts(base_dir) assert not scan_themes_for_scripts(base_dir)