xss-sanitize 0.3.1.1 → 0.3.2
raw patch · 2 files changed
+8/−4 lines, 2 files
Files
- Text/HTML/SanitizeXSS.hs +7/−3
- xss-sanitize.cabal +1/−1
Text/HTML/SanitizeXSS.hs view
@@ -3,6 +3,7 @@ ( sanitize , sanitizeBalance , sanitizeXSS+ , sanitizeAttribute , filterTags , safeTags ) where@@ -75,7 +76,7 @@ | otherwise = safeTags tags safeTags (TagOpen name attributes:tags) | safeTagName name = TagOpen name- (catMaybes $ map sanitizeAttribute $ filter safeAttribute attributes) : safeTags tags+ (catMaybes $ map sanitizeAttribute attributes) : safeTags tags | otherwise = safeTags tags safeTags (t:tags) = t:safeTags tags @@ -86,10 +87,13 @@ safeAttribute (name, value) = name `member` sanitaryAttributes && (name `notMember` uri_attributes || sanitaryURI value) +-- | low-level API if you have your own HTML parser. Used by safeTags. sanitizeAttribute :: (Text, Text) -> Maybe (Text, Text) sanitizeAttribute ("style", value) =- let css = sanitizeCSS value in if T.null css then Nothing else Just ("style", css)-sanitizeAttribute attr = Just attr+ let css = sanitizeCSS value+ in if T.null css then Nothing else Just ("style", css)+sanitizeAttribute attr | safeAttribute attr = Just attr+ | otherwise = Nothing -- | Returns @True@ if the specified URI is not a potential security risk.
xss-sanitize.cabal view
@@ -1,5 +1,5 @@ name: xss-sanitize-version: 0.3.1.1+version: 0.3.2 license: BSD3 license-file: LICENSE author: Greg Weber <greg@gregweber.info>