v6/src.bak/activitypub/util/sanitize.rs

use ammonia::Builder;
use once_cell::sync::Lazy;

static BUILDER: Lazy<Builder> = Lazy::new(|| {
    let mut builder = Builder::empty();
    builder.tags(
        [
            "a",
            "span",
            "p",
            "br",
            "b",
            "strong",
            "i",
            "em",
            "s",
            "del",
            "u",
            "code",
            "pre",
            "ul",
            "ol",
            "li",
            "blockquote",
            "img",
        ]
        .into_iter()
        .collect(),
    );
    builder.tag_attributes(
        [
            ("a", ["href", "data-user"].into_iter().collect()),
            ("img", ["src"].into_iter().collect()),
        ]
        .into_iter()
        .collect(),
    );
    builder.set_tag_attribute_values(
        // note: rel="noopener noreferrer" is added automatically
        [("a", [("target", "_blank")].into_iter().collect())]
            .into_iter()
            .collect(),
    );
    builder
});

pub fn sanitize_html(html: &str) -> String {
    BUILDER.clean(html).to_string()
}

#[cfg(test)]
mod tests {
    use super::sanitize_html;

    #[test]
    fn test_a_attrs() {
        let source = r#"<p>hello <a href="https://example.com">world</a></p>"#;
        let output = sanitize_html(source);
        assert_eq!(
            output,
            r#"<p>hello <a href="https://example.com" target="_blank" rel="noopener noreferrer">world</a></p>"#
        );
    }
}
Initial commit 2022-12-10 13:15:32 -05:00			`use ammonia::Builder;`
			`use once_cell::sync::Lazy;`

			`static BUILDER: Lazy<Builder> = Lazy::new(\|\| {`
			`let mut builder = Builder::empty();`
			`builder.tags(`
			`[`
			`"a",`
			`"span",`
			`"p",`
			`"br",`
			`"b",`
			`"strong",`
			`"i",`
			`"em",`
			`"s",`
			`"del",`
			`"u",`
			`"code",`
			`"pre",`
			`"ul",`
			`"ol",`
			`"li",`
			`"blockquote",`
			`"img",`
			`]`
			`.into_iter()`
			`.collect(),`
			`);`
			`builder.tag_attributes(`
			`[`
			`("a", ["href", "data-user"].into_iter().collect()),`
			`("img", ["src"].into_iter().collect()),`
			`]`
			`.into_iter()`
			`.collect(),`
			`);`
			`builder.set_tag_attribute_values(`
			`// note: rel="noopener noreferrer" is added automatically`
			`[("a", [("target", "_blank")].into_iter().collect())]`
			`.into_iter()`
			`.collect(),`
			`);`
			`builder`
			`});`

			`pub fn sanitize_html(html: &str) -> String {`
			`BUILDER.clean(html).to_string()`
			`}`

			`#[cfg(test)]`
			`mod tests {`
			`use super::sanitize_html;`

			`#[test]`
			`fn test_a_attrs() {`
			`let source = r#"<p>hello <a href="https://example.com">world</a></p>"#;`
			`let output = sanitize_html(source);`
			`assert_eq!(`
			`output,`
			`r#"<p>hello <a href="https://example.com" target="_blank" rel="noopener noreferrer">world</a></p>"#`
			`);`
			`}`
			`}`