a D g!@sdZddlZddlmZmZmZmZddlmZgdZ e dZ ddZ d d Z e iZee d e ieeeeeeeeeeeee e d d d d eeeeeeedZGdddZdS)ze A generic HTML whitelisting engine, designed to accommodate subclassing to override specific rules. N) BeautifulSoupCommentNavigableStringTag)escape)httphttpsftpmailtotelz^[a-z0-9][-+.a-z0-9]*:cCsp|}|dd}|dd}|dd}tdd|}|d d}t|rl|d d d }|tvrldS|S) Nz<z&&z[`\000-\040\177-\240\s]+u�:r)lowerreplaceresub PROTOCOL_REmatchsplitALLOWED_URL_SCHEMES)Z url_stringZ unescapedprotocolrP/var/www/lab.imftr.de/x/nb_venv/lib/python3.9/site-packages/wagtail/whitelist.py check_urls     rcsfdd}|S)af Generator for functions that can be used as entries in Whitelister.element_rules. These functions accept a tag, and modify its attributes by looking each attribute up in the 'allowed_attrs' dict defined here: * if the lookup fails, drop the attribute * if the lookup returns a callable, replace the attribute with the result of calling it - for example `{'title': uppercase}` will replace 'title' with the result of uppercasing the title. If the callable returns None, the attribute is dropped. * if the lookup returns a truthy value, keep the attribute; if falsy, drop it cs\t|jD]H\}}|}|rPt|rV||}|durD||=qN|||<qVq||=qdSN)listattrsitemsgetcallable)tagattrvalrulenew_val allowed_attrsrrfn-s  zattribute_rule..fnr)r*r+rr)rattribute_rule!s r,hrefT)srcwidthheightZalt)z [document]abbrdivemh1h2h3h4h5h6hriimgliolpstrongrsupulc@s8eZdZeZddZddZddZddZd d Z d S) WhitelistercCs"t|d}||||jtdS)zQClean up an HTML string to contain just the allowed elements / attributesz html.parser) formatter)r clean_nodedecoder)selfhtmldocrrrcleancs  zWhitelister.cleancCs@t|tr|||n$t|tr0|||n |||dS)z'Clean a BeautifulSoup document in-placeN) isinstancerclean_string_noderclean_tag_nodeclean_unknown_noderIrKnoderrrrGps   zWhitelister.clean_nodecCst|tr|dSdSr)rMrextractrQrrrrN|s zWhitelister.clean_string_nodecCsVt|jD]}|||q z|j|j}WntyH|YdS0||dSr)rcontentsrG element_rulesnameKeyErrorunwrap)rIrKr$childr'rrrrOs zWhitelister.clean_tag_nodecCs |dSr)Z decomposerQrrrrPszWhitelister.clean_unknown_nodeN) __name__ __module__ __qualname__DEFAULT_ELEMENT_RULESrUrLrGrNrOrPrrrrrE`s    rE)__doc__rZbs4rrrrZdjango.utils.htmlrrcompilerrr,Zallow_without_attributesr]rErrrrsD