Skip to content

Commit

Permalink
Review feedback.
Browse files Browse the repository at this point in the history
  • Loading branch information
otherdaniel committed Dec 18, 2024
1 parent c2f6465 commit 8ba0ee6
Show file tree
Hide file tree
Showing 10 changed files with 376 additions and 2,258 deletions.
5 changes: 5 additions & 0 deletions .github/workflows/pr-push.yml
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,11 @@ jobs:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- uses: actions/setup-python@v4
with:
python-version: '3.10'
- name: Generate safe-default-configuration.json
run: python builtins/safe-default-configuration.py --input builtins/safe-default-configuration.txt --out builtins/safe-default-configuration.json
- uses: w3c/spec-prod@v2
with:
GH_PAGES_BRANCH: gh-pages
1 change: 1 addition & 0 deletions .gitignore
Original file line number Diff line number Diff line change
@@ -1,3 +1,4 @@
/.project
/out
/*.ninja*
/builtins/safe-default-configuration.json
147 changes: 147 additions & 0 deletions builtins/safe-baseline-configuration.json
Original file line number Diff line number Diff line change
@@ -0,0 +1,147 @@
{
"removeElements": [
{
"namespace": "http://www.w3.org/1999/xhtml",
"name": "script"
},
{
"namespace": "http://www.w3.org/2000/svg",
"name": "script"
}
],
"removeAttributes": [
"onabort",
"onactivate",
"onafterprint",
"onanimationend",
"onanimationiteration",
"onanimationstart",
"onauxclick",
"onbeforecopy",
"onbeforecut",
"onbeforeinput",
"onbeforepaste",
"onbeforeprint",
"onbeforetoggle",
"onbeforeunload",
"onbegin",
"onblur",
"oncancel",
"oncanplay",
"oncanplaythrough",
"onchange",
"onclick",
"onclose",
"oncontentvisibilityautostatechange",
"oncontextlost",
"oncontextmenu",
"oncontextrestored",
"oncopy",
"oncuechange",
"oncut",
"ondblclick",
"ondismiss",
"ondrag",
"ondragend",
"ondragenter",
"ondragleave",
"ondragover",
"ondragstart",
"ondrop",
"ondurationchange",
"onemptied",
"onend",
"onended",
"onerror",
"onfocus",
"onfocusin",
"onfocusout",
"onformdata",
"ongotpointercapture",
"onhashchange",
"oninput",
"oninvalid",
"onkeydown",
"onkeypress",
"onkeyup",
"onlanguagechange",
"onload",
"onloadeddata",
"onloadedmetadata",
"onloadstart",
"onlostpointercapture",
"onmessage",
"onmessageerror",
"onmousedown",
"onmouseenter",
"onmouseleave",
"onmousemove",
"onmouseout",
"onmouseover",
"onmouseup",
"onmousewheel",
"onmove",
"onoffline",
"ononline",
"onorientationchange",
"onoverscroll",
"onpagehide",
"onpageshow",
"onpaste",
"onpause",
"onplay",
"onplaying",
"onpointercancel",
"onpointerdown",
"onpointerenter",
"onpointerleave",
"onpointermove",
"onpointerout",
"onpointerover",
"onpointerrawupdate",
"onpointerup",
"onpopstate",
"onprogress",
"onratechange",
"onrepeat",
"onreset",
"onresize",
"onresolve",
"onscroll",
"onscrollend",
"onscrollsnapchange",
"onscrollsnapchanging",
"onsearch",
"onsecuritypolicyviolation",
"onseeked",
"onseeking",
"onselect",
"onselectionchange",
"onselectstart",
"onshow",
"onslotchange",
"onstalled",
"onstorage",
"onsubmit",
"onsuspend",
"ontimeupdate",
"ontimezonechange",
"ontoggle",
"ontouchcancel",
"ontouchend",
"ontouchmove",
"ontouchstart",
"ontransitionend",
"onunload",
"onvalidationstatuschange",
"onvolumechange",
"onwaiting",
"onwebkitanimationend",
"onwebkitanimationiteration",
"onwebkitanimationstart",
"onwebkitfullscreenchange",
"onwebkitfullscreenerror",
"onwebkittransitionend",
"onwheel"
]
}
42 changes: 42 additions & 0 deletions builtins/safe-default-configuration.py
Original file line number Diff line number Diff line change
@@ -0,0 +1,42 @@
# Sanitizer API - Build configuration dictionary from text file.

import json
import argparse
import sys

def main():
parser = argparse.ArgumentParser()
parser.add_argument("--input", type=argparse.FileType('r'), required=True)
parser.add_argument("--out", type=argparse.FileType('w'), required=True)
args = parser.parse_args()

try:
lines = args.input.read()
except BaseException as err:
parser.error("Cannot read from --input file.")

result = { "elements": [], "attributes": [] }
current = []
for line in lines.split("\n"):
if not line:
pass
elif line.startswith("//"):
pass
elif line.startswith("- "):
current.append({ "name": line[2:], "namespace": None })
elif line == "[HTML Global]":
current = result["attributes"]
else:
elem = { "name": line, "namespace": "http://www.w3.org/1999/xhtml",
"attributes": [] }
result["elements"].append(elem)
current = elem["attributes"]

try:
json.dump(result, args.out, indent=2)
except BaseException as err:
parser.error("Cannot write to --out file.")
return 0

if __name__ == "__main__":
main()
171 changes: 171 additions & 0 deletions builtins/safe-default-configuration.txt
Original file line number Diff line number Diff line change
@@ -0,0 +1,171 @@
// Document element
// https://html.spec.whatwg.org/#the-root-element

html

// Document metadata
// https://html.spec.whatwg.org/#document-metadata

head
title

// meta and link, purposely omitted

// Sections
// https://html.spec.whatwg.org/#sections

body
article
section
nav
aside
h1
h2
h3
h4
h5
h6
hgroup
header
footer
address

// Grouping Content
// https://html.spec.whatwg.org/#grouping-content

p
hr
pre
blockquote
- cite
ol
- reversed
- start
- type
ul
menu
li
- value
dl
dt
dd
figure
figcaption
main
search
div

// Text-level Semantics
// https://html.spec.whatwg.org/#text-level-semantics ###

a
- href
- rel
- hreflang
- type
// Purposely omitted:
// - target
// - download
// - referrerpolicy
// - ping
em
strong
small
s
cite
q
dfn
- title
abbr
- title
ruby
rt
rp
data
- value
time
- datetime
code
var
samp
kbd
sub
sup
i
b
u
mark
bdi
- dir
bdo
- dir
span
br
wbr

// Edits
// https://html.spec.whatwg.org/#edits

ins
- cite
- datetime
del
- cite
- datetime

// Embedded content
// https://html.spec.whatwg.org/#embedded-content
//
// Purposely omitted.

// Tabular Data
// https://html.spec.whatwg.org/#tables

table
caption
colgroup
- span
col
- span
tbody
thead
tfoot
tr
td
- colspan
- rowspan
- headers
th
- colspan
- rowspan
- headers
- scope
- abbr

// Forms
// https://html.spec.whatwg.org/#forms
//
// Purposely omitted

// Interactive Elements
// https://html.spec.whatwg.org/#interactive-elements
//
// Purposly omitted.

// Scripting
// https://html.spec.whatwg.org/#scripting
//
// Purposely omitted.

// SVG: TBD
// MathML: TDB

// HTML global attributes
//
// Selection of attributes. Most are purposely omitted.

[HTML Global]
- dir
- lang
- title

Loading

0 comments on commit 8ba0ee6

Please sign in to comment.