Coverage for /pythoncovmergedfiles/medio/medio/usr/local/lib/python3.8/site-packages/bleach/css_sanitizer.py: 27%
22 statements
« prev ^ index » next coverage.py v7.2.7, created at 2023-07-01 06:54 +0000
« prev ^ index » next coverage.py v7.2.7, created at 2023-07-01 06:54 +0000
1import tinycss2
4ALLOWED_CSS_PROPERTIES = frozenset(
5 (
6 "azimuth",
7 "background-color",
8 "border-bottom-color",
9 "border-collapse",
10 "border-color",
11 "border-left-color",
12 "border-right-color",
13 "border-top-color",
14 "clear",
15 "color",
16 "cursor",
17 "direction",
18 "display",
19 "elevation",
20 "float",
21 "font",
22 "font-family",
23 "font-size",
24 "font-style",
25 "font-variant",
26 "font-weight",
27 "height",
28 "letter-spacing",
29 "line-height",
30 "overflow",
31 "pause",
32 "pause-after",
33 "pause-before",
34 "pitch",
35 "pitch-range",
36 "richness",
37 "speak",
38 "speak-header",
39 "speak-numeral",
40 "speak-punctuation",
41 "speech-rate",
42 "stress",
43 "text-align",
44 "text-decoration",
45 "text-indent",
46 "unicode-bidi",
47 "vertical-align",
48 "voice-family",
49 "volume",
50 "white-space",
51 "width",
52 )
53)
56ALLOWED_SVG_PROPERTIES = frozenset(
57 (
58 "fill",
59 "fill-opacity",
60 "fill-rule",
61 "stroke",
62 "stroke-width",
63 "stroke-linecap",
64 "stroke-linejoin",
65 "stroke-opacity",
66 )
67)
70class CSSSanitizer:
71 def __init__(
72 self,
73 allowed_css_properties=ALLOWED_CSS_PROPERTIES,
74 allowed_svg_properties=ALLOWED_SVG_PROPERTIES,
75 ):
76 self.allowed_css_properties = allowed_css_properties
77 self.allowed_svg_properties = allowed_svg_properties
79 def sanitize_css(self, style):
80 """Sanitizes css in style tags"""
81 parsed = tinycss2.parse_declaration_list(style)
83 if not parsed:
84 return ""
86 new_tokens = []
87 for token in parsed:
88 if token.type == "declaration":
89 if (
90 token.lower_name in self.allowed_css_properties
91 or token.lower_name in self.allowed_svg_properties
92 ):
93 new_tokens.append(token)
94 elif token.type in ("comment", "whitespace"):
95 if new_tokens and new_tokens[-1].type != token.type:
96 new_tokens.append(token)
98 # NOTE(willkg): We currently don't handle AtRule or ParseError and
99 # so both get silently thrown out
101 if not new_tokens:
102 return ""
104 return tinycss2.serialize(new_tokens).strip()