From 8f453e3dd5c16991cf7b648bbd2dd2e2c1289c5c Mon Sep 17 00:00:00 2001 From: Yitzchak Gale Date: Sun, 1 Jul 2018 12:59:58 +0300 Subject: [PATCH] Change name to safeTagsCustom, minor bump version to 0.3.5.8. --- Text/HTML/SanitizeXSS.hs | 26 ++++++++++++++------------ test/main.hs | 2 +- xss-sanitize.cabal | 2 +- 3 files changed, 16 insertions(+), 14 deletions(-) diff --git a/Text/HTML/SanitizeXSS.hs b/Text/HTML/SanitizeXSS.hs index 8d5e445..3602c44 100644 --- a/Text/HTML/SanitizeXSS.hs +++ b/Text/HTML/SanitizeXSS.hs @@ -12,7 +12,7 @@ module Text.HTML.SanitizeXSS -- * Custom filtering , filterTags , safeTags - , mySafeTags + , safeTagsCustom , balanceTags -- * Utilities @@ -77,25 +77,27 @@ balance unclosed (t:ts) = t : balance unclosed ts -- | Filters out any usafe tags and attributes. Use with filterTags to create a custom filter. safeTags :: [Tag Text] -> [Tag Text] -safeTags = mySafeTags safeTagName sanitizeAttribute +safeTags = safeTagsCustom safeTagName sanitizeAttribute -- | Filters out unsafe tags and attributes like 'safeTags', but uses -- custom functions for determining which tags and attributes are -- safe. This allows you to add or remove specific tags or attributes -- on the white list, or to use your own white list. --- @mySafeTags safeTagName sanitizeAttribute@ is equivalent to +-- @safeTagsCustom safeTagName sanitizeAttribute@ is equivalent to -- 'safeTags'. -mySafeTags :: (Text -> Bool) -> ((Text, Text) -> Maybe (Text, Text)) -> +-- +-- @since 0.3.5.8 +safeTagsCustom :: (Text -> Bool) -> ((Text, Text) -> Maybe (Text, Text)) -> [Tag Text] -> [Tag Text] -mySafeTags _ _ [] = [] -mySafeTags safeName sanitizeAttr (t@(TagClose name):tags) - | safeName name = t : mySafeTags safeName sanitizeAttr tags - | otherwise = mySafeTags safeName sanitizeAttr tags -mySafeTags safeName sanitizeAttr (TagOpen name attributes:tags) +safeTagsCustom _ _ [] = [] +safeTagsCustom safeName sanitizeAttr (t@(TagClose name):tags) + | safeName name = t : safeTagsCustom safeName sanitizeAttr tags + | otherwise = safeTagsCustom safeName sanitizeAttr tags +safeTagsCustom safeName sanitizeAttr (TagOpen name attributes:tags) | safeName name = TagOpen name (mapMaybe sanitizeAttr attributes) : - mySafeTags safeName sanitizeAttr tags - | otherwise = mySafeTags safeName sanitizeAttr tags -mySafeTags n a (t:tags) = t : mySafeTags n a tags + safeTagsCustom safeName sanitizeAttr tags + | otherwise = safeTagsCustom safeName sanitizeAttr tags +safeTagsCustom n a (t:tags) = t : safeTagsCustom n a tags safeTagName :: Text -> Bool safeTagName tagname = tagname `member` sanitaryTags diff --git a/test/main.hs b/test/main.hs index eb0bf56..9b8eabb 100644 --- a/test/main.hs +++ b/test/main.hs @@ -17,7 +17,7 @@ sanitizedB = test sanitizeBalance sanitizedC = test sanitizeCustom sanitizeCustom :: Text -> Text -sanitizeCustom = filterTags $ mySafeTags mySafeName mySanitizeAttr +sanitizeCustom = filterTags $ safeTagsCustom mySafeName mySanitizeAttr where mySafeName t = t `elem` myTags || safeTagName t mySanitizeAttr (key, val) | key `elem` myAttrs = Just (key, val) diff --git a/xss-sanitize.cabal b/xss-sanitize.cabal index 4769546..c4651f6 100644 --- a/xss-sanitize.cabal +++ b/xss-sanitize.cabal @@ -1,5 +1,5 @@ name: xss-sanitize -version: 0.3.5.7 +version: 0.3.5.8 license: BSD2 license-file: LICENSE author: Greg Weber