ó 0½3\c @s’ddlmZddlmZddlZddlZddlmZddlm Z ddl m Z ddl m Z mZdd d d d d ddddddg Ziddgd6dgd 6dgd 6ZgZdddgZdjgeeddƒeddƒeddƒƒD]Zeeƒ^qƒZejd ed!ejƒZd"Zd#efd$„ƒYZd%„Zd&e jfd'„ƒYZ dS((iÿÿÿÿ(tunicode_literals(tchainN(turlparse(tunescape(t html5lib_shim(talphabetize_attributest force_unicodeuauabbruacronymubu blockquoteucodeuemuiuliuolustronguuluhrefutitleuhttpuhttpsumailtouii i i ii u[u]u?tCleanercBs5eZdZeeeeeedd„Z d„Z RS(u¨Cleaner for cleaning HTML fragments of malicious content This cleaner is a security-focused function whose sole purpose is to remove malicious content from a string such that it can be displayed as content in a web page. To use:: from bleach.sanitizer import Cleaner cleaner = Cleaner() for text in all_the_yucky_things: sanitized = cleaner.clean(text) .. Note:: This cleaner is not designed to use to transform content to be used in non-web-page contexts. .. Warning:: This cleaner is not thread-safe--the html parser has internal state. Create a separate cleaner per thread! c Cs»||_||_||_||_||_||_|p?g|_tjd|jd|jdt dt ƒ|_ tj dƒ|_ tj dddt d td t d t d t ƒ|_d S(u Initializes a Cleaner :arg list tags: allowed list of tags; defaults to ``bleach.sanitizer.ALLOWED_TAGS`` :arg dict attributes: allowed attributes; can be a callable, list or dict; defaults to ``bleach.sanitizer.ALLOWED_ATTRIBUTES`` :arg list styles: allowed list of css styles; defaults to ``bleach.sanitizer.ALLOWED_STYLES`` :arg list protocols: allowed list of protocols for links; defaults to ``bleach.sanitizer.ALLOWED_PROTOCOLS`` :arg bool strip: whether or not to strip disallowed elements :arg bool strip_comments: whether or not to strip HTML comments :arg list filters: list of html5lib Filter classes to pass streamed content through .. seealso:: http://html5lib.readthedocs.io/en/latest/movingparts.html#filters .. Warning:: Using filters changes the output of ``bleach.Cleaner.clean``. Make sure the way the filters change the output are secure. ttagststriptconsume_entitiestnamespaceHTMLElementsuetreetquote_attr_valuesualwaystomit_optional_tagstescape_lt_in_attrstresolve_entitiestsanitizetalphabetical_attributesN(Rt attributeststylest protocolsR tstrip_commentstfiltersRtBleachHTMLParsertFalsetparsert getTreeWalkertwalkertBleachHTMLSerializertTruet serializer(tselfRRRRR RR((s/lib/python2.7/site-packages/bleach/sanitizer.pyt__init__Ws(           cCsèt|tjƒs9djd|jjƒ}t|ƒ‚n|sCdSt|ƒ}|jj |ƒ}t d|j |ƒd|j d|j d|jd|jd |jd |jd gƒ}x |jD]}|d|ƒ}q¿W|jj|ƒS( uÐCleans text and returns sanitized result as unicode :arg str text: text to be cleaned :returns: sanitized text as unicode :raises TypeError: if ``text`` is not a text type u9argument cannot be of '{name}' type, must be of text typetnameutsourceRtstrip_disallowed_elementststrip_html_commentstallowed_elementstallowed_css_propertiestallowed_protocolstallowed_svg_properties(t isinstancetsixt string_typestformatt __class__t__name__t TypeErrorRRt parseFragmenttBleachSanitizerFilterRRR RRRRRRtrender(Rttexttmessagetdomtfilteredt filter_class((s/lib/python2.7/site-packages/bleach/sanitizer.pytclean•s(          N( R.t __module__t__doc__t ALLOWED_TAGStALLOWED_ATTRIBUTEStALLOWED_STYLEStALLOWED_PROTOCOLSRRtNoneR R8(((s/lib/python2.7/site-packages/bleach/sanitizer.pyR:s  Wq|VqWdS(N(tsanitize_tokenR)RG(Rttoken_iteratorttokentrettsubtoken((s/lib/python2.7/site-packages/bleach/sanitizer.pytsanitize_streams   ccsçg}x¡|D]™}|r~|ddkr<|j|ƒq q¡idjg|D]}|d^qLƒd6dd6}g}|Vn#|ddkr¡|j|ƒq n|Vq Widjg|D]}|d^qºƒd6dd6}|VdS(u/Merge consecutive Characters tokens in a streamutypeu CharactersuudataN(tappendtjoin(RRNtcharacters_bufferROt char_tokent new_token((s/lib/python2.7/site-packages/bleach/sanitizer.pytmerge_characterss&  '   ' cCs"|j|jtjj|ƒƒƒS(N(RXRRRtFiltert__iter__(R((s/lib/python2.7/site-packages/bleach/sanitizer.pyRZ:scCs·|d}|d krv|d|jkr6|j|ƒS|jrCd Sd|krft|dƒ|dunameudatauStartTaguEmptyTagu%s:%su %s="%s"u<%s%s>uu<%s>u selfClosingiÿÿÿÿu/>u Characters(uStartTaguEmptyTag(tAssertionErrorRuR?RtprefixesRSRTR_(RROR^R|tnsR!tvR}((s/lib/python2.7/site-packages/bleach/sanitizer.pyR\s,   #   $ cCs&tj|ƒ}tjdƒjd|ƒ}|jdƒ}tjdƒ}x!|D]}|j|ƒsOdSqOWtjd|ƒs‚dSg}xŽtjd|ƒD]z\}}|s³q›n|jƒ|j krä|j |d|dƒq›|jƒ|j kr›|j |d|dƒq›q›Wdj |ƒS( uSanitizes css in style tagsuurl\s*\(\s*[^\s)]+?\s*\)\s*u u;uI^([-/:,#%.'"\sa-zA-Z0-9!]|\w-\w|'[\s\w]+'\s*|"[\s\w]+"|\([\d,%\.\s]+\))*$uu ^\s*([-\w]+\s*:[^:;]*(;\s*|$))*$u([-\w]+)\s*:\s*([^:;]*)u: ( RRlRmtcompileRaRqtmatchtfindallRoR&RSR(RT(RtstyletpartstgauntletRiR8tpropRC((s/lib/python2.7/site-packages/bleach/sanitizer.pyR{Fs&   (R.R9R:R<RRR RRRXRZRMR]RtR[R\R{(((s/lib/python2.7/site-packages/bleach/sanitizer.pyR1és   + = ; = )(!t __future__Rt itertoolsRRmR*tsix.moves.urllib.parseRtxml.sax.saxutilsRtbleachRt bleach.utilsRRR;R<R=R>RTtrangetctchrtINVISIBLE_CHARACTERSR…tUNICODER`RbtobjectRRItSanitizerFilterR1(((s/lib/python2.7/site-packages/bleach/sanitizer.pytsB      O  † )