allow sanitization of attributes based on attribute value

[inducer]

I'm following up from #346 (closed), which covered my need of letting some (but not all) data: URLs in src attributes pass the sanitizer. What that PR did was piggyback on attribute filters to determine when a value should be allowed to bypass this logc that is otherwise unconditionally applied.

In that PR, @willkg said:

I suspect you can achieve what you're trying to achieve without making a substantial behavior change to Bleach.

Unless data: is added to the allowed_protocols (which seems risky), I don't see how this could be accomplished, but I would be happy to be educated.

[willkg]

You're not providing many details, so I'm going to infer what I can. If any of this is incorrect, please let me know.

Seems like you're trying to sanitize text and in that text it's possible to have HTML tags that have an attribute with a value that has a data: protocol. There are some URLs with the data: protocol that are ok, but the rest you want to disallow.

Does that sound right?

If so, I think you could allow data: as a protocol and for the attributes that allow protocols, set up a callbable that checks the value for data protocols and allows/denies it there. That should be pretty straight-forward.

Does something like that work?

[inducer]

Does that sound right?\

Yep.

Does something like that work?

I agree that it works in theory. I'm not exceedingly happy with it, because if I am to assume that data: URLs are dangerous in some way, I can now no longer rely on bleach on catching those URLs. In particular, I'd have to catch all possible usage sites of those URLs (script.src? style.link? a.href?...) with validation callbacks. That seems inherently dangerous, because I'm bound to miss something. In that sense, I find that it inspires considerably less confidence.

[willkg]

The attributes you're interested in are all listed in html5lib here:

https://github.com/html5lib/html5lib-python/blob/master/html5lib/filters/sanitizer.py#L507

That's the library Bleach sits on top of, so you can iterate over the frozenset without worrying about missing something. That's essentially what Bleach is doing here:

https://github.com/mozilla/bleach/blob/master/bleach/sanitizer.py#L511

Does that help alleviate your concerns?

[inducer]

Fair enough. Thanks for your help.

[dzhuang]

@willkg A question, is there any way for bleach.clean to remove unwanted attributes if a tag, which is not in bleach.ALLOWED_TAGS and was not specified in tags arg in clean, contains those attribute? Thanks.

[dzhuang]

For example,
<a href="data:,Evilcss"></a> is cleaned to <a></a> .

While <style src="data:,Evilcss"> is cleaned to <style src="data:,Evilcss"></style>, instead of <style ></style> . ( style is not in bleach.ALLOWED_TAGS）.

[willkg]

No, I don't think there's a way to do that without subclassing BleachSanitizerFilter and overriding disallow_token.

[dzhuang]

@willkg thanks. Then I'd rather strip it.