diff options
| -rw-r--r-- | apioforum/mdrender.py | 42 |
1 files changed, 41 insertions, 1 deletions
diff --git a/apioforum/mdrender.py b/apioforum/mdrender.py index 5a50661..277b027 100644 --- a/apioforum/mdrender.py +++ b/apioforum/mdrender.py @@ -1,4 +1,5 @@ import bleach +from bleach._vendor.html5lib.filters.base import Filter from .csscolors import csscolors allowed_tags = [ @@ -21,24 +22,63 @@ allowed_tags = [ 'details','summary', 'hr', 'br', + 'iframe', ] +john_css = "margin-left:auto;display:block;margin-right:auto;max-width:732px;width:100%;height:94px;border:none;" + +class IFrameCSS: + def sanitize_css(self, css): + if css == john_css: + return css + else: + return "" + +class IFrameSandboxFilter(Filter): + def sanitize_token(self, token): + if token["type"] == "StartTag" and token["name"] == "iframe": + token["data"][(None, "sandbox")] = \ + "allow-forms " + \ + "allow-scripts " + \ + "allow-top-navigation-by-user-activation " + \ + "allow-top-navigation-to-custom-protocols" + for key in token["data"]: + if key[1] in ("height", "width"): + try: + if int(token["data"][key]) > 1000: + token["data"][key] = "800" + except ValueError: + del token["data"][key] + return token + + def __iter__(self): + for token in Filter.__iter__(self): + token = self.sanitize_token(token) + if token: + yield token + + allowed_tags += csscolors allowed_tags += ("mark" + c for c in csscolors) allowed_attributes = bleach.sanitizer.ALLOWED_ATTRIBUTES.copy() allowed_attributes.update( img=['src','alt','title'], + iframe=['src','height','width','srcdoc','style'], ol=['start'], details=['open'], ) allowed_tags.extend(bleach.sanitizer.ALLOWED_TAGS) -cleaner = bleach.sanitizer.Cleaner(tags=allowed_tags,attributes=allowed_attributes) +cleaner = bleach.sanitizer.Cleaner( + tags=allowed_tags, + attributes=allowed_attributes, + css_sanitizer=IFrameCSS(), + filters=[IFrameSandboxFilter]) import markdown md = markdown.Markdown(extensions=[ |