Mercurial > wikked

annotate static/js/pagedown/Markdown.Sanitizer.js @ 60:8250c977bc50

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Moved static files to the root directory.
author Ludovic Chabant <ludovic@chabant.com>
date Tue, 05 Feb 2013 14:49:34 -0800
parents wikked/static/js/pagedown/Markdown.Sanitizer.js@59cad6ce1a1c
children
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
3
59cad6ce1a1c Added support for history and diffing.
Ludovic Chabant <ludovic@chabant.com>
parents:
diff changeset
1 (function () {
59cad6ce1a1c Added support for history and diffing.
Ludovic Chabant <ludovic@chabant.com>
parents:
diff changeset
2 var output, Converter;
59cad6ce1a1c Added support for history and diffing.
Ludovic Chabant <ludovic@chabant.com>
parents:
diff changeset
3 if (typeof exports === "object" && typeof require === "function") { // we're in a CommonJS (e.g. Node.js) module
59cad6ce1a1c Added support for history and diffing.
Ludovic Chabant <ludovic@chabant.com>
parents:
diff changeset
4 output = exports;
59cad6ce1a1c Added support for history and diffing.
Ludovic Chabant <ludovic@chabant.com>
parents:
diff changeset
5 Converter = require("./Markdown.Converter").Converter;
59cad6ce1a1c Added support for history and diffing.
Ludovic Chabant <ludovic@chabant.com>
parents:
diff changeset
6 } else {
59cad6ce1a1c Added support for history and diffing.
Ludovic Chabant <ludovic@chabant.com>
parents:
diff changeset
7 output = window.Markdown;
59cad6ce1a1c Added support for history and diffing.
Ludovic Chabant <ludovic@chabant.com>
parents:
diff changeset
8 Converter = output.Converter;
59cad6ce1a1c Added support for history and diffing.
Ludovic Chabant <ludovic@chabant.com>
parents:
diff changeset
9 }
59cad6ce1a1c Added support for history and diffing.
Ludovic Chabant <ludovic@chabant.com>
parents:
diff changeset
10
59cad6ce1a1c Added support for history and diffing.
Ludovic Chabant <ludovic@chabant.com>
parents:
diff changeset
11 output.getSanitizingConverter = function () {
59cad6ce1a1c Added support for history and diffing.
Ludovic Chabant <ludovic@chabant.com>
parents:
diff changeset
12 var converter = new Converter();
59cad6ce1a1c Added support for history and diffing.
Ludovic Chabant <ludovic@chabant.com>
parents:
diff changeset
13 converter.hooks.chain("postConversion", sanitizeHtml);
59cad6ce1a1c Added support for history and diffing.
Ludovic Chabant <ludovic@chabant.com>
parents:
diff changeset
14 converter.hooks.chain("postConversion", balanceTags);
59cad6ce1a1c Added support for history and diffing.
Ludovic Chabant <ludovic@chabant.com>
parents:
diff changeset
15 return converter;
59cad6ce1a1c Added support for history and diffing.
Ludovic Chabant <ludovic@chabant.com>
parents:
diff changeset
16 }
59cad6ce1a1c Added support for history and diffing.
Ludovic Chabant <ludovic@chabant.com>
parents:
diff changeset
17
59cad6ce1a1c Added support for history and diffing.
Ludovic Chabant <ludovic@chabant.com>
parents:
diff changeset
18 function sanitizeHtml(html) {
59cad6ce1a1c Added support for history and diffing.
Ludovic Chabant <ludovic@chabant.com>
parents:
diff changeset
19 return html.replace(/<[^>]*>?/gi, sanitizeTag);
59cad6ce1a1c Added support for history and diffing.
Ludovic Chabant <ludovic@chabant.com>
parents:
diff changeset
20 }
59cad6ce1a1c Added support for history and diffing.
Ludovic Chabant <ludovic@chabant.com>
parents:
diff changeset
21
59cad6ce1a1c Added support for history and diffing.
Ludovic Chabant <ludovic@chabant.com>
parents:
diff changeset
22 // (tags that can be opened/closed) | (tags that stand alone)
59cad6ce1a1c Added support for history and diffing.
Ludovic Chabant <ludovic@chabant.com>
parents:
diff changeset
23 var basic_tag_whitelist = /^(<\/?(b|blockquote|code|del|dd|dl|dt|em|h1|h2|h3|i|kbd|li|ol|p|pre|s|sup|sub|strong|strike|ul)>|<(br|hr)\s?\/?>)$/i;
59cad6ce1a1c Added support for history and diffing.
Ludovic Chabant <ludovic@chabant.com>
parents:
diff changeset
24 // <a href="url..." optional title>|</a>
59cad6ce1a1c Added support for history and diffing.
Ludovic Chabant <ludovic@chabant.com>
parents:
diff changeset
25 var a_white = /^(<a\shref="((https?|ftp):\/\/|\/)[-A-Za-z0-9+&@#\/%?=~_|!:,.;\(\)]+"(\stitle="[^"<>]+")?\s?>|<\/a>)$/i;
59cad6ce1a1c Added support for history and diffing.
Ludovic Chabant <ludovic@chabant.com>
parents:
diff changeset
26
59cad6ce1a1c Added support for history and diffing.
Ludovic Chabant <ludovic@chabant.com>
parents:
diff changeset
27 // <img src="url..." optional width optional height optional alt optional title
59cad6ce1a1c Added support for history and diffing.
Ludovic Chabant <ludovic@chabant.com>
parents:
diff changeset
28 var img_white = /^(<img\ssrc="(https?:\/\/|\/)[-A-Za-z0-9+&@#\/%?=~_|!:,.;\(\)]+"(\swidth="\d{1,3}")?(\sheight="\d{1,3}")?(\salt="[^"<>]*")?(\stitle="[^"<>]*")?\s?\/?>)$/i;
59cad6ce1a1c Added support for history and diffing.
Ludovic Chabant <ludovic@chabant.com>
parents:
diff changeset
29
59cad6ce1a1c Added support for history and diffing.
Ludovic Chabant <ludovic@chabant.com>
parents:
diff changeset
30 function sanitizeTag(tag) {
59cad6ce1a1c Added support for history and diffing.
Ludovic Chabant <ludovic@chabant.com>
parents:
diff changeset
31 if (tag.match(basic_tag_whitelist) || tag.match(a_white) || tag.match(img_white))
59cad6ce1a1c Added support for history and diffing.
Ludovic Chabant <ludovic@chabant.com>
parents:
diff changeset
32 return tag;
59cad6ce1a1c Added support for history and diffing.
Ludovic Chabant <ludovic@chabant.com>
parents:
diff changeset
33 else
59cad6ce1a1c Added support for history and diffing.
Ludovic Chabant <ludovic@chabant.com>
parents:
diff changeset
34 return "";
59cad6ce1a1c Added support for history and diffing.
Ludovic Chabant <ludovic@chabant.com>
parents:
diff changeset
35 }
59cad6ce1a1c Added support for history and diffing.
Ludovic Chabant <ludovic@chabant.com>
parents:
diff changeset
36
59cad6ce1a1c Added support for history and diffing.
Ludovic Chabant <ludovic@chabant.com>
parents:
diff changeset
37 /// <summary>
59cad6ce1a1c Added support for history and diffing.
Ludovic Chabant <ludovic@chabant.com>
parents:
diff changeset
38 /// attempt to balance HTML tags in the html string
59cad6ce1a1c Added support for history and diffing.
Ludovic Chabant <ludovic@chabant.com>
parents:
diff changeset
39 /// by removing any unmatched opening or closing tags
59cad6ce1a1c Added support for history and diffing.
Ludovic Chabant <ludovic@chabant.com>
parents:
diff changeset
40 /// IMPORTANT: we *assume* HTML has *already* been
59cad6ce1a1c Added support for history and diffing.
Ludovic Chabant <ludovic@chabant.com>
parents:
diff changeset
41 /// sanitized and is safe/sane before balancing!
59cad6ce1a1c Added support for history and diffing.
Ludovic Chabant <ludovic@chabant.com>
parents:
diff changeset
42 ///
59cad6ce1a1c Added support for history and diffing.
Ludovic Chabant <ludovic@chabant.com>
parents:
diff changeset
43 /// adapted from CODESNIPPET: A8591DBA-D1D3-11DE-947C-BA5556D89593
59cad6ce1a1c Added support for history and diffing.
Ludovic Chabant <ludovic@chabant.com>
parents:
diff changeset
44 /// </summary>
59cad6ce1a1c Added support for history and diffing.
Ludovic Chabant <ludovic@chabant.com>
parents:
diff changeset
45 function balanceTags(html) {
59cad6ce1a1c Added support for history and diffing.
Ludovic Chabant <ludovic@chabant.com>
parents:
diff changeset
46
59cad6ce1a1c Added support for history and diffing.
Ludovic Chabant <ludovic@chabant.com>
parents:
diff changeset
47 if (html == "")
59cad6ce1a1c Added support for history and diffing.
Ludovic Chabant <ludovic@chabant.com>
parents:
diff changeset
48 return "";
59cad6ce1a1c Added support for history and diffing.
Ludovic Chabant <ludovic@chabant.com>
parents:
diff changeset
49
59cad6ce1a1c Added support for history and diffing.
Ludovic Chabant <ludovic@chabant.com>
parents:
diff changeset
50 var re = /<\/?\w+[^>]*(\s|$|>)/g;
59cad6ce1a1c Added support for history and diffing.
Ludovic Chabant <ludovic@chabant.com>
parents:
diff changeset
51 // convert everything to lower case; this makes
59cad6ce1a1c Added support for history and diffing.
Ludovic Chabant <ludovic@chabant.com>
parents:
diff changeset
52 // our case insensitive comparisons easier
59cad6ce1a1c Added support for history and diffing.
Ludovic Chabant <ludovic@chabant.com>
parents:
diff changeset
53 var tags = html.toLowerCase().match(re);
59cad6ce1a1c Added support for history and diffing.
Ludovic Chabant <ludovic@chabant.com>
parents:
diff changeset
54
59cad6ce1a1c Added support for history and diffing.
Ludovic Chabant <ludovic@chabant.com>
parents:
diff changeset
55 // no HTML tags present? nothing to do; exit now
59cad6ce1a1c Added support for history and diffing.
Ludovic Chabant <ludovic@chabant.com>
parents:
diff changeset
56 var tagcount = (tags || []).length;
59cad6ce1a1c Added support for history and diffing.
Ludovic Chabant <ludovic@chabant.com>
parents:
diff changeset
57 if (tagcount == 0)
59cad6ce1a1c Added support for history and diffing.
Ludovic Chabant <ludovic@chabant.com>
parents:
diff changeset
58 return html;
59cad6ce1a1c Added support for history and diffing.
Ludovic Chabant <ludovic@chabant.com>
parents:
diff changeset
59
59cad6ce1a1c Added support for history and diffing.
Ludovic Chabant <ludovic@chabant.com>
parents:
diff changeset
60 var tagname, tag;
59cad6ce1a1c Added support for history and diffing.
Ludovic Chabant <ludovic@chabant.com>
parents:
diff changeset
61 var ignoredtags = "<p><img><br><li><hr>";
59cad6ce1a1c Added support for history and diffing.
Ludovic Chabant <ludovic@chabant.com>
parents:
diff changeset
62 var match;
59cad6ce1a1c Added support for history and diffing.
Ludovic Chabant <ludovic@chabant.com>
parents:
diff changeset
63 var tagpaired = [];
59cad6ce1a1c Added support for history and diffing.
Ludovic Chabant <ludovic@chabant.com>
parents:
diff changeset
64 var tagremove = [];
59cad6ce1a1c Added support for history and diffing.
Ludovic Chabant <ludovic@chabant.com>
parents:
diff changeset
65 var needsRemoval = false;
59cad6ce1a1c Added support for history and diffing.
Ludovic Chabant <ludovic@chabant.com>
parents:
diff changeset
66
59cad6ce1a1c Added support for history and diffing.
Ludovic Chabant <ludovic@chabant.com>
parents:
diff changeset
67 // loop through matched tags in forward order
59cad6ce1a1c Added support for history and diffing.
Ludovic Chabant <ludovic@chabant.com>
parents:
diff changeset
68 for (var ctag = 0; ctag < tagcount; ctag++) {
59cad6ce1a1c Added support for history and diffing.
Ludovic Chabant <ludovic@chabant.com>
parents:
diff changeset
69 tagname = tags[ctag].replace(/<\/?(\w+).*/, "$1");
59cad6ce1a1c Added support for history and diffing.
Ludovic Chabant <ludovic@chabant.com>
parents:
diff changeset
70 // skip any already paired tags
59cad6ce1a1c Added support for history and diffing.
Ludovic Chabant <ludovic@chabant.com>
parents:
diff changeset
71 // and skip tags in our ignore list; assume they're self-closed
59cad6ce1a1c Added support for history and diffing.
Ludovic Chabant <ludovic@chabant.com>
parents:
diff changeset
72 if (tagpaired[ctag] || ignoredtags.search("<" + tagname + ">") > -1)
59cad6ce1a1c Added support for history and diffing.
Ludovic Chabant <ludovic@chabant.com>
parents:
diff changeset
73 continue;
59cad6ce1a1c Added support for history and diffing.
Ludovic Chabant <ludovic@chabant.com>
parents:
diff changeset
74
59cad6ce1a1c Added support for history and diffing.
Ludovic Chabant <ludovic@chabant.com>
parents:
diff changeset
75 tag = tags[ctag];
59cad6ce1a1c Added support for history and diffing.
Ludovic Chabant <ludovic@chabant.com>
parents:
diff changeset
76 match = -1;
59cad6ce1a1c Added support for history and diffing.
Ludovic Chabant <ludovic@chabant.com>
parents:
diff changeset
77
59cad6ce1a1c Added support for history and diffing.
Ludovic Chabant <ludovic@chabant.com>
parents:
diff changeset
78 if (!/^<\//.test(tag)) {
59cad6ce1a1c Added support for history and diffing.
Ludovic Chabant <ludovic@chabant.com>
parents:
diff changeset
79 // this is an opening tag
59cad6ce1a1c Added support for history and diffing.
Ludovic Chabant <ludovic@chabant.com>
parents:
diff changeset
80 // search forwards (next tags), look for closing tags
59cad6ce1a1c Added support for history and diffing.
Ludovic Chabant <ludovic@chabant.com>
parents:
diff changeset
81 for (var ntag = ctag + 1; ntag < tagcount; ntag++) {
59cad6ce1a1c Added support for history and diffing.
Ludovic Chabant <ludovic@chabant.com>
parents:
diff changeset
82 if (!tagpaired[ntag] && tags[ntag] == "</" + tagname + ">") {
59cad6ce1a1c Added support for history and diffing.
Ludovic Chabant <ludovic@chabant.com>
parents:
diff changeset
83 match = ntag;
59cad6ce1a1c Added support for history and diffing.
Ludovic Chabant <ludovic@chabant.com>
parents:
diff changeset
84 break;
59cad6ce1a1c Added support for history and diffing.
Ludovic Chabant <ludovic@chabant.com>
parents:
diff changeset
85 }
59cad6ce1a1c Added support for history and diffing.
Ludovic Chabant <ludovic@chabant.com>
parents:
diff changeset
86 }
59cad6ce1a1c Added support for history and diffing.
Ludovic Chabant <ludovic@chabant.com>
parents:
diff changeset
87 }
59cad6ce1a1c Added support for history and diffing.
Ludovic Chabant <ludovic@chabant.com>
parents:
diff changeset
88
59cad6ce1a1c Added support for history and diffing.
Ludovic Chabant <ludovic@chabant.com>
parents:
diff changeset
89 if (match == -1)
59cad6ce1a1c Added support for history and diffing.
Ludovic Chabant <ludovic@chabant.com>
parents:
diff changeset
90 needsRemoval = tagremove[ctag] = true; // mark for removal
59cad6ce1a1c Added support for history and diffing.
Ludovic Chabant <ludovic@chabant.com>
parents:
diff changeset
91 else
59cad6ce1a1c Added support for history and diffing.
Ludovic Chabant <ludovic@chabant.com>
parents:
diff changeset
92 tagpaired[match] = true; // mark paired
59cad6ce1a1c Added support for history and diffing.
Ludovic Chabant <ludovic@chabant.com>
parents:
diff changeset
93 }
59cad6ce1a1c Added support for history and diffing.
Ludovic Chabant <ludovic@chabant.com>
parents:
diff changeset
94
59cad6ce1a1c Added support for history and diffing.
Ludovic Chabant <ludovic@chabant.com>
parents:
diff changeset
95 if (!needsRemoval)
59cad6ce1a1c Added support for history and diffing.
Ludovic Chabant <ludovic@chabant.com>
parents:
diff changeset
96 return html;
59cad6ce1a1c Added support for history and diffing.
Ludovic Chabant <ludovic@chabant.com>
parents:
diff changeset
97
59cad6ce1a1c Added support for history and diffing.
Ludovic Chabant <ludovic@chabant.com>
parents:
diff changeset
98 // delete all orphaned tags from the string
59cad6ce1a1c Added support for history and diffing.
Ludovic Chabant <ludovic@chabant.com>
parents:
diff changeset
99
59cad6ce1a1c Added support for history and diffing.
Ludovic Chabant <ludovic@chabant.com>
parents:
diff changeset
100 var ctag = 0;
59cad6ce1a1c Added support for history and diffing.
Ludovic Chabant <ludovic@chabant.com>
parents:
diff changeset
101 html = html.replace(re, function (match) {
59cad6ce1a1c Added support for history and diffing.
Ludovic Chabant <ludovic@chabant.com>
parents:
diff changeset
102 var res = tagremove[ctag] ? "" : match;
59cad6ce1a1c Added support for history and diffing.
Ludovic Chabant <ludovic@chabant.com>
parents:
diff changeset
103 ctag++;
59cad6ce1a1c Added support for history and diffing.
Ludovic Chabant <ludovic@chabant.com>
parents:
diff changeset
104 return res;
59cad6ce1a1c Added support for history and diffing.
Ludovic Chabant <ludovic@chabant.com>
parents:
diff changeset
105 });
59cad6ce1a1c Added support for history and diffing.
Ludovic Chabant <ludovic@chabant.com>
parents:
diff changeset
106 return html;
59cad6ce1a1c Added support for history and diffing.
Ludovic Chabant <ludovic@chabant.com>
parents:
diff changeset
107 }
59cad6ce1a1c Added support for history and diffing.
Ludovic Chabant <ludovic@chabant.com>
parents:
diff changeset
108 })();