✨ feat(sanitize): rename tags during sanitize#563
Merged
Conversation
Add Policy.transform_tags, sanitize-html's transformTags: map a source tag to a target string to rename it, or to a Transform to rename it and add attributes (simpleTransform). The rename runs before the allowlist in the same C walk, so the renamed element is re-checked from scratch -- a transform decides an element's name but never its safety. Mapping a tag to script still drops it, and an added attribute is scrubbed like the element's own. closes tox-dev#531
for more information, see https://pre-commit.ci
Merging this PR will not alter performance
Performance Changes
Comparing Footnotes
|
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Sanitizing could drop or keep an element but not rewrite it, so migrating a
sanitize-htmlconfig that renames deprecated presentational tags (<b>→<strong>,<center>→<div>) had no equivalent. This addsPolicy.transform_tags, the port of sanitize-html'stransformTags, so a rename happens inside the single sanitize pass rather than as a second edit over the tree.Map a source tag to a string to rename it, or to a
Transformto rename it and add attributes (sanitize-html'ssimpleTransform). The rename runs at the top of the element walk, before the allowlist reads the tag, and the walk then continues on the renamed element as if the author had written the target. 🔒 That ordering is the safety argument: the allowlist still decides the element's disposition, the unconditional baseline still escapes ascriptoriframetarget, and any injected attribute joins the element's own to be scrubbed by the same gates.{"b": "script"}cannot smuggle a live<script>, and an injectedhrefcannot carry ajavascript:URL. Only HTML elements are transformed, matched by tag name.The rename mutates the node in place through the existing tree primitives (rewrite the name, relookup the atom, preserve the source-closed flag), so a transform adds no extra pass over the document. The migration guide benchmarks the transform op end-to-end against sanitize-html's Node runner over stdin, the cost a Python service pays to reach it as a subprocess.
closes #531