-
-
Notifications
You must be signed in to change notification settings - Fork 138
/
generate-safelists
executable file
·56 lines (43 loc) · 1.67 KB
/
generate-safelists
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
#! /usr/bin/env ruby
require "open3"
require "json"
require "fileutils"
TEMP_DIR = "tmp"
DOMPURIFY_URL = "https://github.com/cure53/DOMPurify"
DOMPURIFY_VERSION = "1.0.8"
# FileUtils.mkdir_p TEMP_DIR
# Dir.chdir TEMP_DIR do
# system("git clone #{DOMPURIFY_URL}")unless Dir.exist?("DOMPurify")
# Dir.chdir "DOMPurify" do
# system("npm install") unless Dir.exist?("node_modules")
# system "git checkout #{DOMPURIFY_VERSION}"
# end
# end
dompurify_metadata = Open3.popen2("tasks/dompurify-to-json") do |stdin, stdout, wait_thr|
raise wait_thr.value.to_s unless wait_thr.value.success?
JSON.parse(stdout.read)
end
dompurify_metadata.each { |k, v| puts "#{k}: #{v.keys}" }
require "loofah"
pairs = {
"html:tags" => [Loofah::HTML5::SafeList::ACCEPTABLE_ELEMENTS, dompurify_metadata["tags"]["html"]],
"mathml:tags" => [Loofah::HTML5::SafeList::MATHML_ELEMENTS, dompurify_metadata["tags"]["mathMl"]],
"svg:tags" => [Loofah::HTML5::SafeList::SVG_ELEMENTS, dompurify_metadata["tags"]["svg"]],
"html:attrs" => [Loofah::HTML5::SafeList::ACCEPTABLE_ATTRIBUTES, dompurify_metadata["attrs"]["html"]],
"mathml:attrs" => [Loofah::HTML5::SafeList::MATHML_ATTRIBUTES, dompurify_metadata["attrs"]["mathMl"]],
"svg:attrs" => [Loofah::HTML5::SafeList::SVG_ATTRIBUTES, dompurify_metadata["attrs"]["svg"]],
}
pairs.each do |name, v|
existing, updated = *v
existing = existing.to_a.sort
updated = updated.to_a.sort
removals = existing - updated
additions = updated - existing
puts "#{name}:"
puts " removals (#{removals.length}):"
puts " #{removals}"
puts " additions (#{additions.length}):"
puts " #{additions}"
puts
end
# TODO actually generate safelists