1Vh/ddlmZddlZddlmZddlmZddlmZddl m Z ddl m Z ddl mZdd lmZgd Zd d gd gd gd ZgZgdZGddeZdZGdde j0Zy))unicode_literalsN)unescape)html5lib) namespaces) sanitizer)HTMLSerializer) force_unicode)alphabetize_attributes) aabbracronymb blockquotecodeemiliolstrongulhreftitle)r r r )httphttpsmailtoc,eZdZdZeeeedddfdZdZ y)CleaneraCleaner for cleaning HTML fragments of malicious content This cleaner is a security-focused function whose sole purpose is to remove malicious content from a string such that it can be displayed as content in a web page. This cleaner is not designed to use to transform content to be used in non-web-page contexts. To use:: from bleach.sanitizer import Cleaner cleaner = Cleaner() for text in all_the_yucky_things: sanitized = cleaner.clean(text) FTNc||_||_||_||_||_||_|xsg|_tjd|_ tjd|_ tdddd|_ y)a Initializes a Cleaner :arg list tags: allowed list of tags; defaults to ``bleach.sanitizer.ALLOWED_TAGS`` :arg dict attributes: allowed attributes; can be a callable, list or dict; defaults to ``bleach.sanitizer.ALLOWED_ATTRIBUTES`` :arg list styles: allowed list of css styles; defaults to ``bleach.sanitizer.ALLOWED_STYLES`` :arg list protocols: allowed list of protocols for links; defaults to ``bleach.sanitizer.ALLOWED_PROTOCOLS`` :arg bool strip: whether or not to strip disallowed elements :arg bool strip_comments: whether or not to strip HTML comments :arg list filters: list of html5lib Filter classes to pass streamed content through .. seealso:: http://html5lib.readthedocs.io/en/latest/movingparts.html#filters .. Warning:: Using filters changes the output of ``bleach.Cleaner.clean``. Make sure the way the filters change the output are secure. F)namespaceHTMLElementsetreealways)quote_attr_valuesomit_optional_tagssanitizealphabetical_attributesN)tags attributesstyles protocolsstripstrip_commentsfiltersr HTMLParserparser getTreeWalkerwalkerr serializer)selfr&r'r(r)r*r+r,s T/home/dcms/DCMS/lib/python3.12/site-packages/tensorboard/_vendor/bleach/sanitizer.py__init__zCleaner.__init__Dsz> $ " ,}" ))F ,,W5 (&$%*  c z|syt|}|jj|}t|j ||j |j |j|j|j|jg}|jD] }||} |jj|S)zCleans text and returns sanitized result as unicode :arg str text: text to be cleaned :returns: sanitized text as unicode )sourcer'strip_disallowed_elementsstrip_html_commentsallowed_elementsallowed_css_propertiesallowed_protocolsallowed_svg_properties)r8)r r. parseFragmentBleachSanitizerFilterr0r'r*r+r&r(r)r,r1render)r2textdomfiltered filter_classs r3cleanz Cleaner.cleanxsT"kk''-(;;s#&*jj $ 3 3"YY#';;"nn#%   !LL 5L#84H 5%%h//r5) __name__ __module__ __qualname____doc__ ALLOWED_TAGSALLOWED_ATTRIBUTESALLOWED_STYLESALLOWED_PROTOCOLSr4rFr5r3rr/s'()5G&2C5 $d2 h!0r5rctrSttrfd}|Sttrfd}|St d)a0Generates attribute filter function for the given attributes value The attributes value can take one of several shapes. This returns a filter function appropriate to the attributes value. One nice thing about this is that there's less if/then shenanigans in the ``allow_token`` method. c|vr|}t|r ||||S||vrydvrd}t|r ||||S||vSy)NT*F)callable)tagattrvalueattr_valr's r3 _attr_filterz.attribute_filter_factory.._attr_filterslj %c?H%#Cu558#j %c?H%#Cu55x''r5c |vS)NrO)rTrUrVr's r3rXz.attribute_filter_factory.._attr_filters:% %r5z3attributes needs to be a callable, a list or a dict)rS isinstancedictlist ValueError)r'rXs` r3attribute_filter_factoryr^sM *d# $*d# & J KKr5c<eZdZdZeddffd ZdZdZdZxZ S)r@zmhtml5lib Filter that sanitizes text This filter can be used anywhere html5lib filters can be used. FTc ht||_||_||_t t ||fi|S)aCreates a BleachSanitizerFilter instance :arg Treewalker source: stream :arg list tags: allowed list of tags; defaults to ``bleach.sanitizer.ALLOWED_TAGS`` :arg dict attributes: allowed attributes; can be a callable, list or dict; defaults to ``bleach.sanitizer.ALLOWED_ATTRIBUTES`` :arg list styles: allowed list of css styles; defaults to ``bleach.sanitizer.ALLOWED_STYLES`` :arg list protocols: allowed list of protocols for links; defaults to ``bleach.sanitizer.ALLOWED_PROTOCOLS`` :arg bool strip_disallowed_elements: whether or not to strip disallowed elements :arg bool strip_html_comments: whether or not to strip HTML comments )r^ attr_filterr9r:superr@r4)r2r8r'r9r:kwargs __class__s r3r4zBleachSanitizerFilter.__init__s:24J?)B *D:6LVLLr5c|d}|dvrU|d|jvr|j|S|jryd|vrt|d|d<|j |S|dk(r|j s|Sy|S)a~Sanitize a token either by HTML-encoding or dropping. Unlike sanitizer.Filter, allowed_attributes can be a dict of {'tag': ['attribute', 'pairs'], 'tag': callable}. Here callable is a function with two arguments of attribute name and value. It should return true of false. Also gives the option to strip tags instead of encoding. type)StartTagEndTagEmptyTagnamedataCommentN)r; allow_tokenr9r disallowed_tokenr:)r2token token_types r3sanitize_tokenz$BleachSanitizerFilter.sanitize_tokens6] ; ;V} 5 55''..//U?%;5=$IE&M,,U33 9 $++ ,Lr5cd|vrfi}|djD]?\}}|\}}|j|d||s#||jvrwtjddt |j }|jdd}tjd|r!|jdd|jvr||jvr5tjd d t |}|j}|s|}d |df|jvr'|d td dffvrtjd|r%|dk(r|j!|}|||<Bt#||d<|S)z-Handles the case where we're allowing the tagrkrju [`- - \s]+r7u�z^[a-z0-9][-+.a-z0-9]*::rzurl\s*\(\s*[^#\s][^)]+?\) N)Nrxlinkrz ^\s*[^#\s])Nstyle)itemsraattr_val_is_uriresubrlowerreplacematchsplitr=svg_attr_val_allows_refr*svg_allow_local_hrefrsearch sanitize_cssr ) r2roattrsnamespaced_nameval namespacerj val_unescapednew_vals r3rmz!BleachSanitizerFilter.allow_token s U?E(-f (;(;(=3 -$"1 4 ''f tSA#d&:&::$&FF2  %'(-uw" %2$9$9(B$GM!:MJ*005a8@V@VV #d&B&BB ff%A%(%-c]4G&mmoG" &%-(D,E,EE&>Jwtjdjd|}|jd}tjd}|D]}|j |rytjd|syg}tj d|D]v\}}|s |j |jvr|j|dz|zdz@|j |jvs]|j|dz|zdzxdj|S) zSanitizes css in style tagszurl\s*\(\s*[^\s)]+?\s*\)\s*rt;zI^([-/:,#%.'"\sa-zA-Z0-9!]|\w-\w|'[\s\w]+'\s*|"[\s\w]+"|\([\d,%\.\s]+\))*$r7z ^\s*([-\w]+\s*:[^:;]*(;\s*|$))*$z([-\w]+)\s*:\s*([^:;]*)z: ) rycompilerzr~r}findallr{r<appendr>join)r2rvpartsgauntletpartrFproprVs r3rz"BleachSanitizerFilter.sanitize_cssPs  89==c5I  C :: \  D>>$' xx:EB::&?G 8KD%zz|t::: TD[50367!rs|' %(=:B=C  $ '  Iy0j0fj0Z&LRkI,,kr5