def test_LinkTargets():
cases = [
Case(
"""<a href="http://www.google.com">""",
"""<a href="http://www.google.com" rel="nofollow noopener" target="_blank">""",
),
Case(
"""<a href="//www.google.com">""",
"""<a href="//www.google.com" rel="nofollow noopener" target="_blank">""",
),
Case("""<a href="/www.google.com">""",
"""<a href="/www.google.com">"""),
Case("""<a href="www.google.com">""", """<a href="www.google.com">"""),
Case("""<a href="javascript:alert(1)">""", ""),
Case("""<a href="#">""", ""),
Case("""<a href="#top">""", """<a href="#top">"""),
Case("""<a href="?q=1">""", """<a href="?q=1">"""),
Case(
"""<img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAUAAAAFCAYAAACNbyblAAAAHElEQVQI12P4//8/w38GIAXDIBKE0DHxgljNBAAO9TXL0Y4OHwAAAABJRU5ErkJggg==" alt="Red dot" />""",
"""<img alt="Red dot"/>""",
),
Case("""<img src="giraffe.gif" />""", """<img src="giraffe.gif"/>"""),
]
p = UGCPolicy()
p.RequireParseableURLs(True)
p.RequireNoFollowOnLinks(False)
p.RequireNoFollowOnFullyQualifiedLinks(True)
p.AddTargetBlankToFullyQualifiedLinks(True)
def test_cases(case):
assert p.sanitize(case.input) == case.output
pool = ThreadPool(4)
pool.map(test_cases, cases)
# Allow safe attrs copied from lxml
SANITIZER.AllowAttrs(*SAFE_ATTRS).Globally()
# Allow styling globally
SANITIZER.AllowAttrs("class", "style").Globally()
# Allow styling via bluemonday
SANITIZER.AllowStyling()
# Allow safe convenience functions from bluemonday
SANITIZER.AllowStandardAttributes()
SANITIZER.AllowStandardURLs()
# Allow data atributes
SANITIZER.AllowDataAttributes()
# Allow data URI images
SANITIZER.AllowDataURIImages()
# Link security
SANITIZER.AllowRelativeURLs(True)
SANITIZER.RequireNoFollowOnFullyQualifiedLinks(True)
SANITIZER.RequireNoFollowOnLinks(True)
SANITIZER.RequireNoReferrerOnFullyQualifiedLinks(True)
SANITIZER.RequireNoReferrerOnLinks(True)
def sanitize_html(html):
return SANITIZER.sanitize(html)