rust-g
rust-g copied to clipboard
tgstation
Adds `sanitize_html`, a whitelist based HTML sanitizer.
Adds a customizable HTML sanitizer function using the Ammonia crate. Out of the box, it will:
- Strip
- Prune all URL schemes, including byond://
- Prune all HTML attributes and CSS tags, but not their contents.
By providing json encoded lists, you can whitelist given attributes or tags to not be pruned. I have included a curated tag list in the dm source file for this module that will whitelist most safe CSS attributes.
It occured to me that alot of servers run things like old papercode, which does not sanitize on the server side before being viewable by a client. Sanitizing strings with DM would be an absolute performance nuke, assuming you could even make it bulletproof in the first place. Here is a recommended default tag whitelist
list(
"b","br",
"center", "code",
"dd", "del", "div", "dl", "dt",
"em",
"font",
"h1", "h2", "h3", "h4", "h5", "h6", "hr",
"i", "ins",
"li",
"menu",
"ol",
"p", "pre",
"span", "strong",
"table",
"tbody",
"td",
"th",
"thead",
"tfoot",
"tr",
"u",
"ul",
)
Error: "sanitize = ["ammonia", "maplit", "serde_json"] is not sorted in Cargo.toml default features"
I am unsure how to fix this.
