^VE@sddlmZmZmZddlZddlmZmZddlm Z ddl m Z ddl mZejdejZGd d d eZGd d d e eZdS) )absolute_importdivisionunicode_literalsN)escapeunescape) urllib_parse) HTMLTokenizer) tokenTypesaB ^ # Match a content type / (?P[-a-zA-Z0-9.]+/[-a-zA-Z0-9.]+) # Match any character set and encoding (?:(?:;charset=(?:[-a-zA-Z0-9]+)(?:;(?:base64))?) |(?:;(?:base64))?(?:;charset=(?:[-a-zA-Z0-9]+))?) # Assume the rest is data ,.* $ c@sreZdZdZdddddddd d d d d ddddddddddddddddddd d!d"d#d$d%d&d'd(d)d*d+d,d-d.d/d0d1d2d3d4d5d6d7d8d9d:d;d<d=d>d?d@dAdBdCdDdEdFdGdHdIdJdKdLdMdNdOdPdQdRdSdTdUdVdWdXdYdZd[d\d]d^d_d`dadbdcddgcZdedfdgdhdidjdkdldmdndodpdqdrdsdtdudvdwdxdydzd{d|d}d~dgZdddddddddddddddddddddddddddddddddddg#Zdddddddddddddddddddddddddddddddddddddddddddddddddddddd)ddddddddddddddddd8dddddddddddddddddddddddddddddddddddddd d d d d ddddRddddddddddddddddd d!d"d#d$d%d&d'gZd(dd)d)d)d*d+d,d-d.d/d0d1d2d3d4ddd5d6d7d8d9d9d:d;d<d=d=d=d>d?d d@dAdBdCdDd%d%dEdFdGdHdIg-ZdJdKdLdMdNdOdPdQdRdSdTdUdVdWddXddYdZd[d\d]d^d_d`d.daddbdcdddedfdgdhdidjdkdldmdndodpdqdrddsdtddudvdwdxdyddzd{d|d}d~dddddddddddddddddddddddddddddddddddddddddddddddddddddddddddd%ddddddddEddFddGdd'ddHdIddddgZ dddddddddddddEdgZ dXdddbddd|d{dzddg Z dddddddddddddddgZ ddddddddddddd.ddd(dedfdhdidjddddddddddddddddddddddd"dd%g.Z ddddddddddddddddddddddddddddddddd d d d d ddg'ZdbdcdddddddgZdddddddddddddddddd d!d"d#d$dgZd%d&d'd(d)d*gZeeeZeee Ze ZeZeZeZeZd+d,Zd-d.Zd/d0Zd1d2Zd3S(4HTMLSanitizerMixinzA sanitization of XHTML+MathML+SVG and of inline style attributes.aZabbrZacronymaddressareaarticleasideaudiobbig blockquotebrbuttonZcanvascaptioncenterZcitecodecolcolgroupcommanddatagridZdatalistdddeldetailsdfndialogdirdivdldtemz event-sourcefieldset figcaptionfigurefooterfontformheaderh1h2h3h4h5h6hriimginputZinskeygenZkbdlabelZlegendlimmapmenuZmeterZmulticolnavZnextidoloutputoptgroupoptionppreprogressqsZsampsectionselectsmallZsoundsourceZspacerspanstrikestrongsubsuptabletbodytdtextareatimetfootththeadtrttuulvarvideoZmactionmathZmerrorZmfracmiZ mmultiscriptsmnmoZmoverZmpaddedZmphantomZ mprescriptsZmrootZmrowZmspaceZmsqrtZmstyleZmsubZmsubsupZmsupZmtableZmtdmtextZmtrZmunderZ munderovernoneZanimate animateColor animateMotionanimateTransformclipPathZcircleZdefsdescZellipsez font-facezfont-face-namez font-face-srcgZglyphZhkernlinearGradientlinemarkermetadataz missing-glyphZmpathpathZpolygonZpolylineradialGradientZrectsetstopsvgswitchtexttitleZtspanZuseacceptzaccept-charsetZ accesskeyactionZalignZalt autocomplete autofocusZaxis backgroundZbalanceZbgcolorZ bgpropertiesborderZ bordercolorZbordercolordarkZbordercolorlightZ bottompaddingZ cellpaddingZ cellspacingch challengecharZcharoffZchoffcharsetcheckedclassclearcolorcolsZcolspancompactZcontenteditablecontrolsZcoordsdataZdatafldZ datapagesizeZdatasrcdatetimedefaultdelaydisabledZ draggableZdynsrcZenctypeendfaceforframeZ galleryimgZgutterheadersheightZ hidefocushiddenhighhrefZhreflangZhspaceZiconidZ inputmodeismapZkeytypeZ leftspacinglanglistZlongdescZloopZ loopcountZloopendZ loopstartlowZlowsrcmaxZ maxlengthZmediamethodminmultiplenameZnohrefnoshadeZnowrapopenZoptimumpatternZpingz point-sizeZposterZpqgZpreloadpromptZ radiogroupreadonlyrelz repeat-maxz repeat-minreplacerequiredrevZ rightspacingrowsZrowspanrulesZscopeselectedshapesizesrcstartstepstylesummarysuppressZtabindextargettemplateZ toppaddingtypeZ unselectableZusemapurnZvalignvaluevariablevolumeZvspaceZvrmlwidthwrapzxml:langZ actiontypeZ columnalignZ columnlinesZ columnspacingZ columnspandepthZdisplayZ displaystyleZ equalcolumnsZ equalrowsZfenceZ fontstyleZ fontweightZ linethicknessZlspaceZmathbackgroundZ mathcolorZ mathvariantmaxsizeZminsizeotherZrowalignZrowlinesZ rowspacingZrspaceZ scriptlevelZ selection separatorZstretchyz xlink:hrefz xlink:showz xlink:typexmlnsz xmlns:xlinkz accent-height accumulateZadditiveZ alphabeticz arabic-formZascent attributeName attributeType baseProfileZbboxbeginZbycalcModez cap-heightz clip-pathzcolor-renderingcontentZcxcydZdxZdyZdescentZdurfillz fill-opacityz fill-rulez font-familyz font-sizez font-stretchz font-stylez font-variantz font-weightfromZfxZfyZg1Zg2z glyph-name gradientUnitsZhangingz horiz-adv-xzhoriz-origin-x ideographick keyPoints keySplineskeyTimesz marker-endz marker-midz marker-start markerHeight markerUnits markerWidthZ mathematicaloffsetZopacityZorientoriginzoverline-positionzoverline-thicknesszpanose-1 pathLengthZpointspreserveAspectRatiorrefXrefY repeatCount repeatDurrequiredExtensionsrequiredFeaturesZrestartrotaterxZryZslopeZstemhZstemvz stop-colorz stop-opacityzstrikethrough-positionzstrikethrough-thicknessZstrokezstroke-dasharrayzstroke-dashoffsetzstroke-linecapzstroke-linejoinzstroke-miterlimitzstroke-opacityz stroke-widthsystemLanguagez text-anchortoZ transformu1u2zunderline-positionzunderline-thicknessunicodez unicode-rangez units-per-emvaluesversionviewBoxZ visibilityZwidthsxzx-heightZx1Zx2z xlink:actuatez xlink:arcrolez xlink:rolez xlink:titlezxml:basez xml:spaceyy1y2 zoomAndPanz color-profilecursorfiltermaskaltGlyphfeImagetextpathZtrefZazimuthzbackground-colorzborder-bottom-colorzborder-collapsez border-colorzborder-left-colorzborder-right-colorzborder-top-colorZ directionZ elevationfloatzletter-spacingz line-heightZoverflowpausez pause-afterz pause-beforeZpitchz pitch-rangeZrichnessZspeakz speak-headerz speak-numeralzspeak-punctuationz speech-rateZstressz text-alignztext-decorationz text-indentz unicode-bidizvertical-alignz voice-familyz white-spaceZautoZaquaZblackblockZblueZboldZbothZbottomZbrownZcollapseZdashedZdottedZfuchsiaZgrayZgreenz !importantZitalicleftZlimeZmaroonZmediumZnavyZnormalZolivepointerZpurpleZredrightZsolidZsilverZtealtopZ transparentZ underlineZwhiteZyellowZed2kftphttphttpsZircmailtonewsgophernntptelnetZwebcalZxmppZcalltofeedZaimrsynctagsshsftprtspZafsz image/pngz image/jpegz image/gifz image/webpz image/bmpz text/plaincCs|d}|ttjkr/t|}n|tdtdtdfkr|d|jkrs|j||S|j||Sn|tdkrn|SdS)NrStartTagEndTagEmptyTagrComment)rr keysallowed_elements allowed_tokendisallowed_token)selftoken token_typer=/tmp/pip-build-9m6vxulb/pip/pip/_vendor/html5lib/sanitizer.pysanitize_tokens  z!HTMLSanitizerMixin.sanitize_tokenc s'd|kr#tfdd|ddddD}xjD]}||kr^qFntjddt||j}|jdd}ytj|}Wntk rd}||=YnX|rF|j rF|j j kr||=n|j dkrNt j |j }|s&||=qK|jdjkrK||=qKqNqFqFWxCjD]8}||kr\tjd d t||||s z4HTMLSanitizerMixin.allowed_token..ru [`- - \s]+u� content_typezurl\s*\(\s*[^#\s][^)]+?\) rz xlink:hrefz ^\s*[^#\s].*rcSs"g|]\}}||gqSrr)rrrrrrrs )dictattr_val_is_urirerPrlowerrurlparse ValueErrorschemeallowed_protocolscontent_type_rgxmatchrpgroupallowed_content_typessvg_attr_val_allows_refsvg_allow_local_hrefsearch sanitize_cssritems)rrrattrsattrZ val_unescapedurir<r)rrrsH            &z HTMLSanitizerMixin.allowed_tokencCs|tdkr%d|d|drrrcSs,g|]"\}}d|t|fqS)z %s="%s")r)rrvrrrrs z7HTMLSanitizerMixin.disallowed_token..z<%s%s>z<%s> selfClosingrz/>r Charactersr!)r joingetrr)rrrr3rrrrs   z#HTMLSanitizerMixin.disallowed_tokencCsctjdjd|}tjd|s1dStjd|sGdSg}xtjd|D]\}}|sxq`n|j|jkr|j|d|dq`|jd d jdkr!x|jD],}||j krtjd| rPqqW|j|d|dq`|j|j kr`|j|d|dq`q`Wdj |S)Nzurl\s*\(\s*[^\s)]+?\s*\)\s*r z@^([:,;#%.\sa-zA-Z0-9!]|\w-\w|'[\s\w]+'|"[\s\w]+"|\([\d,\s]+\))*$rz ^\s*([-\w]+\s*:[^:;]*(;\s*|$))*$z([-\w]+)\s*:\s*([^:;]*)z: ;-rr|r}marginpaddingz\^(#[0-9a-f]+|rgb\(\d+%?,\d*%?,?\d*%?\)?|\d{0,2}\.?\d{0,2}(cm|em|ex|in|mm|pc|pt|px|%|,|\))?)$)r|r}zmarginzpadding) r$compilerPr+findallr%allowed_css_propertiesappendsplitacceptable_css_keywordsallowed_svg_propertiesr9)rrcleanproprkeywordrrrr1s*  zHTMLSanitizerMixin.sanitize_cssN)__name__ __module__ __qualname____doc__Zacceptable_elementsZmathml_elementsZ svg_elementsZacceptable_attributesZmathml_attributesZsvg_attributesr#r.r/Zacceptable_css_propertiesrDZacceptable_svg_propertiesZacceptable_protocolsZacceptable_content_typesrrrAZallowed_css_keywordsrEr)r-rrrr1rrrrr s                              ) r c@s:eZdZddddddddZddZdS) HTMLSanitizerNTFc Cs)tj|||||||d|dS)Nparser)r __init__)rstreamencoding parseMeta useChardetlowercaseElementNamelowercaseAttrNamerNrrrrO!szHTMLSanitizer.__init__ccs;x4tj|D]#}|j|}|r|VqqWdS)N)r __iter__r)rrrrrrV(szHTMLSanitizer.__iter__)rIrJrKrOrVrrrrrM s  rM) __future__rrrr$xml.sax.saxutilsrrZ six.movesrr& tokenizerr constantsr r?VERBOSEr*objectr rMrrrrs