packages feed

xss-sanitize 0.3.1.1 → 0.3.2

raw patch · 2 files changed

+8/−4 lines, 2 files

Files

Text/HTML/SanitizeXSS.hs view
@@ -3,6 +3,7 @@     ( sanitize     , sanitizeBalance     , sanitizeXSS+    , sanitizeAttribute     , filterTags     , safeTags     ) where@@ -75,7 +76,7 @@     | otherwise = safeTags tags safeTags (TagOpen name attributes:tags)   | safeTagName name = TagOpen name-      (catMaybes $ map sanitizeAttribute $ filter safeAttribute attributes) : safeTags tags+      (catMaybes $ map sanitizeAttribute attributes) : safeTags tags   | otherwise = safeTags tags safeTags (t:tags) = t:safeTags tags @@ -86,10 +87,13 @@ safeAttribute (name, value) = name `member` sanitaryAttributes &&   (name `notMember` uri_attributes || sanitaryURI value) +-- | low-level API if you have your own HTML parser. Used by safeTags. sanitizeAttribute :: (Text, Text) -> Maybe (Text, Text) sanitizeAttribute ("style", value) =-  let css = sanitizeCSS value in if T.null css then Nothing else Just ("style", css)-sanitizeAttribute attr = Just attr+    let css = sanitizeCSS value+    in  if T.null css then Nothing else Just ("style", css)+sanitizeAttribute attr | safeAttribute attr = Just attr+                       | otherwise = Nothing            -- | Returns @True@ if the specified URI is not a potential security risk.
xss-sanitize.cabal view
@@ -1,5 +1,5 @@ name:            xss-sanitize-version:         0.3.1.1+version:         0.3.2 license:         BSD3 license-file:    LICENSE author:          Greg Weber <greg@gregweber.info>