hU SSKJr SSKrSSKrSSKJr SSKJr SSKJr \ "S5r SS/S/S/S .r \ "S 5r S R\"\"SS 5\"S S5\"SS55Vs/sH n\"U5PM sn5r\R""S\-S-\R$5rSr"SS\5r"SS5rSr"SS\R25rgs snf))chainN)unescape) html5lib_shim) parse_shim) aabbracronymb blockquotecodeemiliolstrongulhreftitle)rrr )httphttpsmailto  []?c\rSrSrSrg)NoCssSanitizerWarning5N)__name__ __module__ __qualname____firstlineno____static_attributes__r$cC:\Users\julio\OneDrive\Documentos\Trabajo\Ideas Frescas\venv\Lib\site-packages\bleach/sanitizer.pyr"r"5sr*r"c6\rSrSrSr\\\SSSS4SjrSr Sr g) Cleaner9alCleaner for cleaning HTML fragments of malicious content This cleaner is a security-focused function whose sole purpose is to remove malicious content from a string such that it can be displayed as content in a web page. To use:: from bleach.sanitizer import Cleaner cleaner = Cleaner() for text in all_the_yucky_things: sanitized = cleaner.clean(text) .. Note:: This cleaner is not designed to use to transform content to be used in non-web-page contexts. .. Warning:: This cleaner is not thread-safe--the html parser has internal state. Create a separate cleaner per thread! FTNc rXlX lX0lX@lXPlU=(d /UlXpl[R"URURSSS9Ul [R"S5Ul [R"SSSSSSS9Ul Uc/n[U[5(aUnO\[U[ 5(aG/nUR#5H1n [U [[$45(dM UR'U 5 M3 SU;a[(R*"S [,S 9 ggg) aInitializes a Cleaner :arg set tags: set of allowed tags; defaults to ``bleach.sanitizer.ALLOWED_TAGS`` :arg dict attributes: allowed attributes; can be a callable, list or dict; defaults to ``bleach.sanitizer.ALLOWED_ATTRIBUTES`` :arg list protocols: allowed list of protocols for links; defaults to ``bleach.sanitizer.ALLOWED_PROTOCOLS`` :arg bool strip: whether or not to strip disallowed elements :arg bool strip_comments: whether or not to strip HTML comments :arg list filters: list of html5lib Filter classes to pass streamed content through .. seealso:: http://html5lib.readthedocs.io/en/latest/movingparts.html#filters .. Warning:: Using filters changes the output of ``bleach.Cleaner.clean``. Make sure the way the filters change the output are secure. :arg CSSSanitizer css_sanitizer: instance with a "sanitize_css" method for sanitizing style attribute values and style text; defaults to None F)tagsstripconsume_entitiesnamespaceHTMLElementsetreealwaysT)quote_attr_valuesomit_optional_tagsescape_lt_in_attrsresolve_entitiessanitizealphabetical_attributesNstylez7'style' attribute specified, but css_sanitizer not set.)category)r0 attributes protocolsr1strip_commentsfilters css_sanitizerrBleachHTMLParserparser getTreeWalkerwalkerBleachHTMLSerializer serializer isinstancelistdictvaluestupleextendwarningswarnr") selfr0r>r?r1r@rArBattributes_valuesrLs r+__init__Cleaner.__init__VsL $" ,}" *#44**""'   $11': '<<&$##$)    !# *d++$.!J--$&!(//1F!&4-88)0082++ M2, !r*c [U[5(d)SURR<S3S-n[ U5eU(dgUR R U5n[URU5URURURURURURS9nURH nU"US9nM UR R#U5$)zCleans text and returns sanitized result as unicode :arg str text: text to be cleaned :returns: sanitized text as unicode :raises TypeError: if ``text`` is not a text type zargument cannot be of z type, zmust be of text typer)source allowed_tagsr>strip_disallowed_tagsstrip_html_commentsrBallowed_protocols)rV)rIstr __class__r% TypeErrorrD parseFragmentBleachSanitizerFilterrFr0r>r1r@rBr?rArHrender)rQtextmessagedomfiltered filter_classs r+clean Cleaner.cleans$$$()@)@(C7K() G$ $kk''-(;;s#"&** $ 3 3,,"nn !LLL#84H)%%h//r*) r>rBrArDr?rHr1r@r0rF) r%r&r'r(__doc__ ALLOWED_TAGSALLOWED_ATTRIBUTESALLOWED_PROTOCOLSrSrfr)r$r*r+r-r-9s*<%#Sj#0r*r-c^[T5(aT$[T[5(aU4SjnU$[T[5(aU4SjnU$[ S5e)a Generates attribute filter function for the given attributes value The attributes value can take one of several shapes. This returns a filter function appropriate to the attributes value. One nice thing about this is that there's less if/then shenanigans in the ``allow_token`` method. c>UT;a$TUn[U5(a U"XU5$X;agST;a"TSn[U5(a U"XU5$X;$g)NT*F)callable)tagattrvalueattr_valr>s r+ _attr_filter.attribute_filter_factory.._attr_filtersjj %c?H%%#Cu55#j %c?H%%#Cu55''r*c>UT;$Nr$)rprqrrr>s r+rtrus:% %r*z3attributes needs to be a callable, a list or a dict)rorIrKrJ ValueError)r>rts` r+attribute_filter_factoryrysV *d## $*d## & J KKr*c \rSrSrSr\\\\R\R\RSSS4 Sjr Sr SrS rS rS rS rS rSrSrg)r_zehtml5lib Filter that sanitizes text This filter can be used anywhere html5lib filters can be used. FTNc [RRX5 [U5Ul[U5Ul[ U5UlXlXl XPl X`l Xl Xpl g)aCreates a BleachSanitizerFilter instance :arg source: html5lib TreeWalker stream as an html5lib TreeWalker :arg set allowed_tags: set of allowed tags; defaults to ``bleach.sanitizer.ALLOWED_TAGS`` :arg dict attributes: allowed attributes; can be a callable, list or dict; defaults to ``bleach.sanitizer.ALLOWED_ATTRIBUTES`` :arg list allowed_protocols: allowed list of protocols for links; defaults to ``bleach.sanitizer.ALLOWED_PROTOCOLS`` :arg attr_val_is_uri: set of attributes that have URI values :arg svg_attr_val_allows_ref: set of SVG attributes that can have references :arg svg_allow_local_href: set of SVG elements that can have local hrefs :arg bool strip_disallowed_tags: whether or not to strip disallowed tags :arg bool strip_html_comments: whether or not to strip HTML comments :arg CSSSanitizer css_sanitizer: instance with a "sanitize_css" method for sanitizing style attribute values and style text; defaults to None N)rFilterrS frozensetrWrZry attr_filterrXrYattr_val_is_urisvg_attr_val_allows_refrBsvg_allow_local_href) rQrVrWr>rZrrrrXrYrBs r+rSBleachSanitizerFilter.__init__se` %%d3%l3!*+$*$8!r*c## UHBnURU5nU(dM[U[5(a UShvN M>Uv MD gN7frw)sanitize_tokenrIrJ)rQtoken_iteratortokenrets r+sanitize_stream%BleachSanitizerFilter.sanitize_streamAsC#E%%e,C#t$$ $s:AA Ac#n# /nUHtnU(aJUSS:XaURU5 M&SRUVs/sHoDSPM sn5SS.n/nUv OUSS:XaURU5 MpUv Mv SRUVs/sHoDSPM sn5SS.nUv gs snfs snf7f)z/Merge consecutive Characters tokens in a streamtype Charactersrdata)rrN)appendjoin)rQrcharacters_bufferr char_token new_tokens r+merge_characters&BleachSanitizerFilter.merge_charactersMs#E =L0%,,U3 !#BSTBSJ/BST!!- !I )+%#Ov,.!((/K+$0GGBSTBSJ/BSTU  #UUs:B5B+ AB5B0B5c|URUR[RR U555$rw)rrrr}__iter__)rQs r+rBleachSanitizerFilter.__iter__ns4$$  !5!5!>!>t!D E  r*cHUSnUS;aGUSUR;aURU5$UR(agURU5$US:Xa2UR(d [ R "USSSS .S 9US'U$gUS :XaURU5$U$) aSanitize a token either by HTML-encoding or dropping. Unlike sanitizer.Filter, allowed_attributes can be a dict of {'tag': ['attribute', 'pairs'], 'tag': callable}. Here callable is a function with two arguments of attribute name and value. It should return true of false. Also gives the option to strip tags instead of encoding. :arg dict token: token to sanitize :returns: token or list of tokens r)StartTagEndTagEmptyTagnameNCommentrz"z')"')entitiesr)rW allow_tokenrXdisallowed_tokenrYrescapesanitize_characters)rQr token_types r+r$BleachSanitizerFilter.sanitize_tokenss 6] ; ;V} 1 11''..++,,U33 9 $++ - 4 4&M(,J!f   < '++E2 2Lr*cURSS5nU(dU$[R[U5nX!S'SU;aU$/n[R "U5HnU(dM UR S5(av[R"U5nUb]US:XaURSSS.5 OURSUS .5 U[U5S -SnU(aURSUS.5 MURSUS.5 M U$) a}Handles Characters tokens Our overridden tokenizer doesn't do anything with entities. However, that means that the serializer will convert all ``&`` in Characters tokens to ``&``. Since we don't want that, we extract entities here and convert them to Entity tokens so the serializer will let them be. :arg token: the Characters token to work on :returns: a list of tokens rr&Nampr)rrEntity)rr) getINVISIBLE_CHARACTERS_REsubINVISIBLE_REPLACEMENT_CHARrnext_possible_entity startswith match_entityrlen)rQrr new_tokenspartentity remainders r+r)BleachSanitizerFilter.sanitize_characterssyy$L&**+EtLf  d?L "66t ;RP(//"=(--/  ((8F ==}} 11 2(((-- ~%"((-a04EE **g9J.J 5  sC C! C!cSU;GaG0nUSR5GH)up4UupVURUSXd5(dM&X0R;a"URX@R5nUcMUUnX0R ;a<[ R"SS[U55nUR5nU(dMUnSUS4UR;a9US[RSS44;a[ R"S U5(aMUS :Xa/UR(aURRU5nOS nXBU'GM, X!S'U$) z-Handles the case where we're allowing the tagrrNzurl\s*\(\s*[^#\s][^)]+?\) )Nrxlinkrz ^\s*[^#\s])Nr<r)itemsrrrrZrrrrr1rr namespacessearchrB sanitize_css) rQrattrsnamespaced_nameval namespacer new_valuenew_vals r+r!BleachSanitizerFilter.allow_tokensY U?E(-f (;(;(=$"1 ''f tAA#&:&:: $ 7 7=S=S TI ( #C#&B&BB ff%A3QT VG%mmoG" &%-(D,E,EE&&&11':FC+99]C88$#o5))"00==cB!*-o&k)>n"&M r*cUSnUS:Xa SUSS3US'OUS(aUS;de/nUSR5HbuupEnU(a U(dXTpTUbU[R;aUnO[RUSU3nURS US US 35 Md S USS R U5S3US'O S USS3US'UR S5(aUSSSS3US'SUS'US U$)Nrrzr)rrrrz="rr)rrprefixesrrr)rQrrrnsrvrs r+r&BleachSanitizerFilter.disallowed_tokenZs=6]  ! vq1E&M 6]!99 99E!&v!4!4!6 Ad#:=+A+A!A&*O)6)?)?)C(DAdV&LO  q 1A3a89!"7" f rwwu~.>a@E&M f a0E&M 99] # #$V}Sb12"5E&M$f &M r*) rZrWrrrBrXrYrr)r%r&r'r(rhrirjrkrrrrrSrrrrrrrrr)r$r*r+r_r_sj"%+%55 - E E*??# <9| B )V;z8tCJ$r*r_) itertoolsrrrOxml.sax.saxutilsrbleachrrr~rirjrkrrangechrINVISIBLE_CHARACTERScompileUNICODErr UserWarningr"r-rySanitizerFilterr_)cs0r+rs %   ( '  Iy9:ww5A;b" uR}EFESVEF **S+?%?#%ErzzR! K U0U0p(LVBM99BeGs'C