|
| 1 | +"""Functions to sanitize user input files.""" |
| 2 | +from bleach import clean |
| 3 | +from bleach.css_sanitizer import CSSSanitizer |
| 4 | + |
| 5 | +ALLOWED_ELEMENTS_SVG = [ |
| 6 | + 'a', 'animate', 'animateColor', 'animateMotion', |
| 7 | + 'animateTransform', 'circle', 'defs', 'desc', 'ellipse', 'font-face', |
| 8 | + 'font-face-name', 'font-face-src', 'g', 'glyph', 'hkern', |
| 9 | + 'linearGradient', 'line', 'marker', 'metadata', 'missing-glyph', |
| 10 | + 'mpath', 'path', 'polygon', 'polyline', 'radialGradient', 'rect', |
| 11 | + 'set', 'stop', 'svg', 'switch', 'text', 'title', 'tspan', 'use' |
| 12 | +] |
| 13 | + |
| 14 | +ALLOWED_ATTRIBUTES_SVG = [ |
| 15 | + 'accent-height', 'accumulate', 'additive', 'alphabetic', |
| 16 | + 'arabic-form', 'ascent', 'attributeName', 'attributeType', |
| 17 | + 'baseProfile', 'bbox', 'begin', 'by', 'calcMode', 'cap-height', |
| 18 | + 'class', 'color', 'color-rendering', 'content', 'cx', 'cy', 'd', 'dx', |
| 19 | + 'dy', 'descent', 'display', 'dur', 'end', 'fill', 'fill-opacity', |
| 20 | + 'fill-rule', 'font-family', 'font-size', 'font-stretch', 'font-style', |
| 21 | + 'font-variant', 'font-weight', 'from', 'fx', 'fy', 'g1', 'g2', |
| 22 | + 'glyph-name', 'gradientUnits', 'hanging', 'height', 'horiz-adv-x', |
| 23 | + 'horiz-origin-x', 'id', 'ideographic', 'k', 'keyPoints', |
| 24 | + 'keySplines', 'keyTimes', 'lang', 'marker-end', 'marker-mid', |
| 25 | + 'marker-start', 'markerHeight', 'markerUnits', 'markerWidth', |
| 26 | + 'mathematical', 'max', 'min', 'name', 'offset', 'opacity', 'orient', |
| 27 | + 'origin', 'overline-position', 'overline-thickness', 'panose-1', |
| 28 | + 'path', 'pathLength', 'points', 'preserveAspectRatio', 'r', 'refX', |
| 29 | + 'refY', 'repeatCount', 'repeatDur', 'requiredExtensions', |
| 30 | + 'requiredFeatures', 'restart', 'rotate', 'rx', 'ry', 'slope', |
| 31 | + 'stemh', 'stemv', 'stop-color', 'stop-opacity', |
| 32 | + 'strikethrough-position', 'strikethrough-thickness', 'stroke', |
| 33 | + 'stroke-dasharray', 'stroke-dashoffset', 'stroke-linecap', |
| 34 | + 'stroke-linejoin', 'stroke-miterlimit', 'stroke-opacity', |
| 35 | + 'stroke-width', 'systemLanguage', 'target', 'text-anchor', 'to', |
| 36 | + 'transform', 'type', 'u1', 'u2', 'underline-position', |
| 37 | + 'underline-thickness', 'unicode', 'unicode-range', 'units-per-em', |
| 38 | + 'values', 'version', 'viewBox', 'visibility', 'width', 'widths', 'x', |
| 39 | + 'x-height', 'x1', 'x2', 'xlink:actuate', 'xlink:arcrole', |
| 40 | + 'xlink:href', 'xlink:role', 'xlink:show', 'xlink:title', |
| 41 | + 'xlink:type', 'xml:base', 'xml:lang', 'xml:space', 'xmlns', |
| 42 | + 'xmlns:xlink', 'y', 'y1', 'y2', 'zoomAndPan', 'style' |
| 43 | +] |
| 44 | + |
| 45 | + |
| 46 | +def sanitize_svg(file_data: str, strip: bool = True, elements: str = ALLOWED_ELEMENTS_SVG, attributes: str = ALLOWED_ATTRIBUTES_SVG) -> str: |
| 47 | + """Sanatize a SVG file. |
| 48 | +
|
| 49 | + Args: |
| 50 | + file_data (str): SVG as string. |
| 51 | + strip (bool, optional): Should invalid elements get removed. Defaults to True. |
| 52 | + elements (str, optional): Allowed elements. Defaults to ALLOWED_ELEMENTS_SVG. |
| 53 | + attributes (str, optional): Allowed attributes. Defaults to ALLOWED_ATTRIBUTES_SVG. |
| 54 | +
|
| 55 | + Returns: |
| 56 | + str: Sanitzied SVG file. |
| 57 | + """ |
| 58 | + |
| 59 | + cleaned = clean( |
| 60 | + file_data, |
| 61 | + tags=elements, |
| 62 | + attributes=attributes, |
| 63 | + strip=strip, |
| 64 | + strip_comments=strip, |
| 65 | + css_sanitizer=CSSSanitizer() |
| 66 | + ) |
| 67 | + return cleaned |
0 commit comments