HTML-Restrict-v3.0.0/000755 000765 000024 00000000000 13441464015 015522 5ustar00olafaldersstaff000000 000000 HTML-Restrict-v3.0.0/perltidyrc000644 000765 000024 00000000330 13441464015 017622 0ustar00olafaldersstaff000000 000000 --blank-lines-before-packages=0 --iterations=2 --no-outdent-long-comments -b -bar -boc -ci=4 -i=4 -l=78 -nolq -se -wbb="% + - * / x != == >= <= =~ !~ < > | & >= < = **= += *= &= <<= &&= -= /= |= >>= ||= .= %= ^= x=" HTML-Restrict-v3.0.0/perlcriticrc000644 000765 000024 00000004405 13441464015 020135 0ustar00olafaldersstaff000000 000000 severity = 3 verbose = 11 theme = core + pbp + bugs + maintenance + cosmetic + complexity + security + tests + moose exclude = Subroutines::ProhibitCallsToUndeclaredSubs [BuiltinFunctions::ProhibitStringySplit] severity = 3 [CodeLayout::RequireTrailingCommas] severity = 3 [ControlStructures::ProhibitCStyleForLoops] severity = 3 [InputOutput::RequireCheckedSyscalls] functions = :builtins exclude_functions = sleep severity = 3 [Moose::RequireCleanNamespace] modules = Moose Moose::Role MooseX::Role::Parameterized Moose::Util::TypeConstraints cleaners = namespace::autoclean [NamingConventions::Capitalization] package_exemptions = [A-Z]\w+|minFraud file_lexical_variables = [A-Z]\w+|[^A-Z]+ global_variables = :starts_with_upper scoped_lexical_variables = [A-Z]\w+|[^A-Z]+ severity = 3 # Given our code base, leaving this at 5 would be a huge pain [Subroutines::ProhibitManyArgs] max_arguments = 10 [RegularExpressions::ProhibitComplexRegexes] max_characters = 200 [RegularExpressions::ProhibitUnusualDelimiters] severity = 3 [Subroutines::ProhibitUnusedPrivateSubroutines] private_name_regex = _(?!build)\w+ skip_when_using = Moo::Role Moose::Role MooseX::Role::Parameterized Role::Tiny Test::Class::Moose::Role [TestingAndDebugging::ProhibitNoWarnings] allow = redefine [ValuesAndExpressions::ProhibitEmptyQuotes] severity = 3 [ValuesAndExpressions::ProhibitInterpolationOfLiterals] severity = 3 [ValuesAndExpressions::RequireUpperCaseHeredocTerminator] severity = 3 [Variables::ProhibitPackageVars] add_packages = Test::Builder [TestingAndDebugging::RequireUseStrict] [TestingAndDebugging::RequireUseWarnings] [-ControlStructures::ProhibitCascadingIfElse] [-ErrorHandling::RequireCarping] [-InputOutput::RequireBriefOpen] [-ValuesAndExpressions::ProhibitConstantPragma] # No need for /xsm everywhere [-RegularExpressions::RequireDotMatchAnything] [-RegularExpressions::RequireExtendedFormatting] [-RegularExpressions::RequireLineBoundaryMatching] [-Subroutines::ProhibitExplicitReturnUndef] # http://stackoverflow.com/questions/2275317/why-does-perlcritic-dislike-using-shift-to-populate-subroutine-variables [-Subroutines::RequireArgUnpacking] [-Subroutines::RequireFinalReturn] # "use v5.14" is more readable than "use 5.014" [-ValuesAndExpressions::ProhibitVersionStrings] HTML-Restrict-v3.0.0/cpanfile000644 000765 000024 00000003326 13441464015 017232 0ustar00olafaldersstaff000000 000000 requires "Carp" => "0"; requires "Data::Dump" => "0"; requires "HTML::Entities" => "0"; requires "HTML::Parser" => "0"; requires "List::Util" => "1.33"; requires "Moo" => "1.002000"; requires "Scalar::Util" => "0"; requires "Sub::Quote" => "0"; requires "Type::Tiny" => "1.002001"; requires "Types::Standard" => "1.000001"; requires "URI" => "0"; requires "namespace::clean" => "0"; requires "perl" => "5.006"; requires "strict" => "0"; requires "version" => "0"; on 'test' => sub { requires "ExtUtils::MakeMaker" => "0"; requires "File::Spec" => "0"; requires "Test::Fatal" => "0"; requires "Test::More" => "0"; requires "perl" => "5.006"; requires "warnings" => "0"; }; on 'test' => sub { recommends "CPAN::Meta" => "2.120900"; }; on 'configure' => sub { requires "ExtUtils::MakeMaker" => "0"; requires "perl" => "5.006"; }; on 'develop' => sub { requires "Code::TidyAll" => "0.71"; requires "Code::TidyAll::Plugin::SortLines::Naturally" => "0.000003"; requires "Code::TidyAll::Plugin::Test::Vars" => "0.04"; requires "Code::TidyAll::Plugin::UniqueLines" => "0.000003"; requires "Parallel::ForkManager" => "1.19"; requires "Perl::Critic" => "1.132"; requires "Perl::Tidy" => "20180220"; requires "Pod::Coverage::TrustPod" => "0"; requires "Pod::Wordlist" => "0"; requires "Test::CPAN::Changes" => "0.19"; requires "Test::Code::TidyAll" => "0.50"; requires "Test::More" => "0.96"; requires "Test::Pod" => "1.41"; requires "Test::Pod::Coverage" => "1.08"; requires "Test::Spelling" => "0.12"; requires "Test::Synopsis" => "0"; requires "Test::Vars" => "0.014"; requires "warnings" => "0"; }; on 'develop' => sub { recommends "Dist::Zilla::PluginBundle::Git::VersionManager" => "0.007"; }; HTML-Restrict-v3.0.0/Changes000644 000765 000024 00000011531 13441464015 017016 0ustar00olafaldersstaff000000 000000 Revision history for HTML-Restrict v3.0.0 2019-03-11 13:52:08Z - Better fix for handling malformed tags. Removes max_parser_loops(), which was introduced in 2.4.0 (GH#37) (Graham Knop) v2.4.1 2019-02-05 14:13:16Z - Bump version of Type::Tiny to 1.002001. (GH#33) (Olaf Alders). Issue reported by Slaven Rezić (GH#32). v2.4.0 2019-02-05 02:51:05Z - Process text until it returns the same value twice. (GH#31) (Olaf Alders). Issue raised in (GH#29) by Juraj Major. - Add max_parser_loops attribute v2.3.0 2018-02-09 16:00:41Z - Add code filters for attribute values (GH#27) (Graham Knop) 2.2.4 2017-03-01 14:22:13-05:00 America/Toronto - Updates SEE ALSO pod section (Ben Bullock) 2.2.3 2016-07-26 18:00:55-04:00 America/Toronto - Now with fewer non-core prerequisites (Karen Etheridge) 2.2.2 2014-10-16 22:16:29-04:00 America/Toronto - Fixes attribute value encoding. (Graham Knop) 2.2.1 2014-08-18 17:22:05EDT-0400 America/Toronto - Replace MooX::Types::MooseLike with Type::Tiny. (Samuel Kaufman) 2.2.0 2014-08-15 23:01:22EDT-0400 America/Toronto - Fix Changes file - Bump to next minor version rather than changing the format of the version numbers 2.1.9 2013-12-10 - Swaps namespace::clean for namespace::autoclean. (Fitz Elliott) 2.1.8 2013-06-06 - Unlike 2.1.7, This release doesn't contain a local::lib. 2.1.7 2013-06-05 - Removes Perl6::Junction in order to squash smartmatch warnings. 2.1.6 2013-05-06 - Fixes incorrect use of Moo's weak_ref. (Thanks to Carwyn Ellis, Dagfinn Ilmari Mannsåker and Graham Knop for help with this.) 2.1.5 2013-05-01 - Eliminates a circular reference. (Graham TerMarsch) 2.1.4 2013-04-19 - Minor version should have been bumped in previous release. To bump it now would be confusing. - Require Moo 1.001000 as 1.000008 breaks this module. 2.1.3 2013-04-18 - Add replace_img feature (David Golden). - Add 'cite' to list of attributes for URI scheme checks (David Golden). 2.1.2 2013-03-20 - Fixes broken Pod in example script. - Adds x_contributors to META.json. 2.1.1 2013-03-08 - Updates Pod. 2.1.0 2013-03-02 - Allows attributes to be validated against regexes (perlpong). 2.0.0 2013-02-27 - Bumps version to 2.0.0 due to new features breaking backwards compatibility. - Forces all tag rules to be provided in lower case. Breaks backcompat, but mixed or upper case rules would have been silently ignored. So, this is really a bug fix. - Strips content between script tags by default. Breaks backcompat, but the default behaviour was likely not what anyone wanted. - Strips content between style tags by default. Breaks backcompat, but the default behaviour was likely not what anyone wanted. - Adds Pod for previously undocumented allow_comments, allow_declaration and strip_enclosed_content. - Ensures stripper stack is always reset (perlpong). - Protects against undef string comparison (perlpong). - Checks URI scheme for src attributes (perlpong). - Removes accessor/mutator documentation. Would prefer if all params were set at object instatiation. - Adds ridiculously basic example script. 1.0.4 2012-05-22 - Explicity require MooX::Types::MooseLike rather than MooX::Types::MooseLike::Base (Matt Phillips/Github #2) 1.0.3 2012-03-27 - Replaces Moose with Moo for speed in non-persistent apps (Arthur Axel 'fREW' Schmidt) - Adds uri scheme checking for href and src attributes - Adds (undocumented) allow_comments() and allow_declartion() methods 1.0.2 2011-10-11 - No longer emit warnings when pure HTML is supplied for processing Rick Moore (RT #71553) 1.0.1 2011-06-30 - Pod updates 1.0.0 2011-06-30 - Bumped version to 1.0.0 This is no longer beta software. 0.06 2010-03-22 - Fixed RT #55775 "Strings equating to boolean false returned as undef" (Duncan Forsyth) 0.05 2010-02-03 - process( undef ) returns without attempting to do anything. Avoids warnings about uninitialized vars. 0.04 2009-11-19 - MooseX::Params::Validate 0.12 now required. Some earlier versions do not include pos_validated_list() 0.03 2009-11-17 - process() no longer dies when passed an undef -- patch provided by Mark Jubenville (ioncache) 0.02 2009-09-17 - Improved documentation layout and clarity Removed documentation for parser() method -- seems like a bad idea 0.01 2009-09-17 - Beta release HTML-Restrict-v3.0.0/MANIFEST.SKIP000644 000765 000024 00000000037 13441464015 017420 0ustar00olafaldersstaff000000 000000 .gitignore MANIFEST.SKIP local HTML-Restrict-v3.0.0/INSTALL000644 000765 000024 00000004340 13441464015 016554 0ustar00olafaldersstaff000000 000000 This is the Perl distribution HTML-Restrict. Installing HTML-Restrict is straightforward. ## Installation with cpanm If you have cpanm, you only need one line: % cpanm HTML::Restrict If it does not have permission to install modules to the current perl, cpanm will automatically set up and install to a local::lib in your home directory. See the local::lib documentation (https://metacpan.org/pod/local::lib) for details on enabling it in your environment. ## Installing with the CPAN shell Alternatively, if your CPAN shell is set up, you should just be able to do: % cpan HTML::Restrict ## Manual installation As a last resort, you can manually install it. Download the tarball, untar it, install configure prerequisites (see below), then build it: % perl Makefile.PL % make && make test Then install it: % make install On Windows platforms, you should use `dmake` or `nmake`, instead of `make`. If your perl is system-managed, you can create a local::lib in your home directory to install modules to. For details, see the local::lib documentation: https://metacpan.org/pod/local::lib The prerequisites of this distribution will also have to be installed manually. The prerequisites are listed in one of the files: `MYMETA.yml` or `MYMETA.json` generated by running the manual build process described above. ## Configure Prerequisites This distribution requires other modules to be installed before this distribution's installer can be run. They can be found under the "configure_requires" key of META.yml or the "{prereqs}{configure}{requires}" key of META.json. ## Other Prerequisites This distribution may require additional modules to be installed after running Makefile.PL. Look for prerequisites in the following phases: * to run make, PHASE = build * to use the module code itself, PHASE = runtime * to run tests, PHASE = test They can all be found in the "PHASE_requires" key of MYMETA.yml or the "{prereqs}{PHASE}{requires}" key of MYMETA.json. ## Documentation HTML-Restrict documentation is available as POD. You can run `perldoc` from a shell to read the documentation: % perldoc HTML::Restrict For more information on installing Perl modules via CPAN, please see: https://www.cpan.org/modules/INSTALL.html HTML-Restrict-v3.0.0/MANIFEST000644 000765 000024 00000001344 13441464015 016655 0ustar00olafaldersstaff000000 000000 # This file was automatically generated by Dist::Zilla::Plugin::Manifest v6.012. CONTRIBUTORS Changes INSTALL LICENSE MANIFEST MANIFEST.SKIP META.json META.yml Makefile.PL README.md cpanfile dist.ini examples/naughty-strings.pl examples/sanitize-file.pl lib/HTML/Restrict.pm perlcriticrc perltidyrc t/00-load.t t/00-report-prereqs.dd t/00-report-prereqs.t t/attribute_constraints.t t/comments.t t/control-characters.t t/declaration.t t/empty-element-tags.t t/js.t t/lowercase.t t/malformed-html.t t/memory-leak.t t/perlcriticrc t/pod.t t/replace_img.t t/scheme.t t/stack.t t/style.t t/xss.t tidyall.ini xt/author/pod-coverage.t xt/author/pod-spell.t xt/author/pod-syntax.t xt/author/synopsis.t xt/author/tidyall.t xt/release/cpan-changes.t HTML-Restrict-v3.0.0/LICENSE000644 000765 000024 00000043671 13441464015 016542 0ustar00olafaldersstaff000000 000000 This software is copyright (c) 2013-2017 by Olaf Alders. This is free software; you can redistribute it and/or modify it under the same terms as the Perl 5 programming language system itself. Terms of the Perl programming language system itself a) the GNU General Public License as published by the Free Software Foundation; either version 1, or (at your option) any later version, or b) the "Artistic License" --- The GNU General Public License, Version 1, February 1989 --- This software is Copyright (c) 2013-2017 by Olaf Alders. This is free software, licensed under: The GNU General Public License, Version 1, February 1989 GNU GENERAL PUBLIC LICENSE Version 1, February 1989 Copyright (C) 1989 Free Software Foundation, Inc. 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed. Preamble The license agreements of most software companies try to keep users at the mercy of those companies. By contrast, our General Public License is intended to guarantee your freedom to share and change free software--to make sure the software is free for all its users. The General Public License applies to the Free Software Foundation's software and to any other program whose authors commit to using it. You can use it for your programs, too. When we speak of free software, we are referring to freedom, not price. Specifically, the General Public License is designed to make sure that you have the freedom to give away or sell copies of free software, that you receive source code or can get it if you want it, that you can change the software or use pieces of it in new free programs; and that you know you can do these things. To protect your rights, we need to make restrictions that forbid anyone to deny you these rights or to ask you to surrender the rights. These restrictions translate to certain responsibilities for you if you distribute copies of the software, or if you modify it. For example, if you distribute copies of a such a program, whether gratis or for a fee, you must give the recipients all the rights that you have. You must make sure that they, too, receive or can get the source code. And you must tell them their rights. We protect your rights with two steps: (1) copyright the software, and (2) offer you this license which gives you legal permission to copy, distribute and/or modify the software. Also, for each author's protection and ours, we want to make certain that everyone understands that there is no warranty for this free software. If the software is modified by someone else and passed on, we want its recipients to know that what they have is not the original, so that any problems introduced by others will not reflect on the original authors' reputations. The precise terms and conditions for copying, distribution and modification follow. GNU GENERAL PUBLIC LICENSE TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION 0. This License Agreement applies to any program or other work which contains a notice placed by the copyright holder saying it may be distributed under the terms of this General Public License. The "Program", below, refers to any such program or work, and a "work based on the Program" means either the Program or any work containing the Program or a portion of it, either verbatim or with modifications. Each licensee is addressed as "you". 1. You may copy and distribute verbatim copies of the Program's source code as you receive it, in any medium, provided that you conspicuously and appropriately publish on each copy an appropriate copyright notice and disclaimer of warranty; keep intact all the notices that refer to this General Public License and to the absence of any warranty; and give any other recipients of the Program a copy of this General Public License along with the Program. You may charge a fee for the physical act of transferring a copy. 2. You may modify your copy or copies of the Program or any portion of it, and copy and distribute such modifications under the terms of Paragraph 1 above, provided that you also do the following: a) cause the modified files to carry prominent notices stating that you changed the files and the date of any change; and b) cause the whole of any work that you distribute or publish, that in whole or in part contains the Program or any part thereof, either with or without modifications, to be licensed at no charge to all third parties under the terms of this General Public License (except that you may choose to grant warranty protection to some or all third parties, at your option). c) If the modified program normally reads commands interactively when run, you must cause it, when started running for such interactive use in the simplest and most usual way, to print or display an announcement including an appropriate copyright notice and a notice that there is no warranty (or else, saying that you provide a warranty) and that users may redistribute the program under these conditions, and telling the user how to view a copy of this General Public License. d) You may charge a fee for the physical act of transferring a copy, and you may at your option offer warranty protection in exchange for a fee. Mere aggregation of another independent work with the Program (or its derivative) on a volume of a storage or distribution medium does not bring the other work under the scope of these terms. 3. You may copy and distribute the Program (or a portion or derivative of it, under Paragraph 2) in object code or executable form under the terms of Paragraphs 1 and 2 above provided that you also do one of the following: a) accompany it with the complete corresponding machine-readable source code, which must be distributed under the terms of Paragraphs 1 and 2 above; or, b) accompany it with a written offer, valid for at least three years, to give any third party free (except for a nominal charge for the cost of distribution) a complete machine-readable copy of the corresponding source code, to be distributed under the terms of Paragraphs 1 and 2 above; or, c) accompany it with the information you received as to where the corresponding source code may be obtained. (This alternative is allowed only for noncommercial distribution and only if you received the program in object code or executable form alone.) Source code for a work means the preferred form of the work for making modifications to it. For an executable file, complete source code means all the source code for all modules it contains; but, as a special exception, it need not include source code for modules which are standard libraries that accompany the operating system on which the executable file runs, or for standard header files or definitions files that accompany that operating system. 4. You may not copy, modify, sublicense, distribute or transfer the Program except as expressly provided under this General Public License. Any attempt otherwise to copy, modify, sublicense, distribute or transfer the Program is void, and will automatically terminate your rights to use the Program under this License. However, parties who have received copies, or rights to use copies, from you under this General Public License will not have their licenses terminated so long as such parties remain in full compliance. 5. By copying, distributing or modifying the Program (or any work based on the Program) you indicate your acceptance of this license to do so, and all its terms and conditions. 6. Each time you redistribute the Program (or any work based on the Program), the recipient automatically receives a license from the original licensor to copy, distribute or modify the Program subject to these terms and conditions. You may not impose any further restrictions on the recipients' exercise of the rights granted herein. 7. The Free Software Foundation may publish revised and/or new versions of the General Public License from time to time. Such new versions will be similar in spirit to the present version, but may differ in detail to address new problems or concerns. Each version is given a distinguishing version number. If the Program specifies a version number of the license which applies to it and "any later version", you have the option of following the terms and conditions either of that version or of any later version published by the Free Software Foundation. If the Program does not specify a version number of the license, you may choose any version ever published by the Free Software Foundation. 8. If you wish to incorporate parts of the Program into other free programs whose distribution conditions are different, write to the author to ask for permission. For software which is copyrighted by the Free Software Foundation, write to the Free Software Foundation; we sometimes make exceptions for this. Our decision will be guided by the two goals of preserving the free status of all derivatives of our free software and of promoting the sharing and reuse of software generally. NO WARRANTY 9. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION. 10. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. END OF TERMS AND CONDITIONS Appendix: How to Apply These Terms to Your New Programs If you develop a new program, and you want it to be of the greatest possible use to humanity, the best way to achieve this is to make it free software which everyone can redistribute and change under these terms. To do so, attach the following notices to the program. It is safest to attach them to the start of each source file to most effectively convey the exclusion of warranty; and each file should have at least the "copyright" line and a pointer to where the full notice is found. Copyright (C) 19yy This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 1, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston MA 02110-1301 USA Also add information on how to contact you by electronic and paper mail. If the program is interactive, make it output a short notice like this when it starts in an interactive mode: Gnomovision version 69, Copyright (C) 19xx name of author Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'. This is free software, and you are welcome to redistribute it under certain conditions; type `show c' for details. The hypothetical commands `show w' and `show c' should show the appropriate parts of the General Public License. Of course, the commands you use may be called something other than `show w' and `show c'; they could even be mouse-clicks or menu items--whatever suits your program. You should also get your employer (if you work as a programmer) or your school, if any, to sign a "copyright disclaimer" for the program, if necessary. Here a sample; alter the names: Yoyodyne, Inc., hereby disclaims all copyright interest in the program `Gnomovision' (a program to direct compilers to make passes at assemblers) written by James Hacker. , 1 April 1989 Ty Coon, President of Vice That's all there is to it! --- The Artistic License 1.0 --- This software is Copyright (c) 2013-2017 by Olaf Alders. This is free software, licensed under: The Artistic License 1.0 The Artistic License Preamble The intent of this document is to state the conditions under which a Package may be copied, such that the Copyright Holder maintains some semblance of artistic control over the development of the package, while giving the users of the package the right to use and distribute the Package in a more-or-less customary fashion, plus the right to make reasonable modifications. Definitions: - "Package" refers to the collection of files distributed by the Copyright Holder, and derivatives of that collection of files created through textual modification. - "Standard Version" refers to such a Package if it has not been modified, or has been modified in accordance with the wishes of the Copyright Holder. - "Copyright Holder" is whoever is named in the copyright or copyrights for the package. - "You" is you, if you're thinking about copying or distributing this Package. - "Reasonable copying fee" is whatever you can justify on the basis of media cost, duplication charges, time of people involved, and so on. (You will not be required to justify it to the Copyright Holder, but only to the computing community at large as a market that must bear the fee.) - "Freely Available" means that no fee is charged for the item itself, though there may be fees involved in handling the item. It also means that recipients of the item may redistribute it under the same conditions they received it. 1. You may make and give away verbatim copies of the source form of the Standard Version of this Package without restriction, provided that you duplicate all of the original copyright notices and associated disclaimers. 2. You may apply bug fixes, portability fixes and other modifications derived from the Public Domain or from the Copyright Holder. A Package modified in such a way shall still be considered the Standard Version. 3. You may otherwise modify your copy of this Package in any way, provided that you insert a prominent notice in each changed file stating how and when you changed that file, and provided that you do at least ONE of the following: a) place your modifications in the Public Domain or otherwise make them Freely Available, such as by posting said modifications to Usenet or an equivalent medium, or placing the modifications on a major archive site such as ftp.uu.net, or by allowing the Copyright Holder to include your modifications in the Standard Version of the Package. b) use the modified Package only within your corporation or organization. c) rename any non-standard executables so the names do not conflict with standard executables, which must also be provided, and provide a separate manual page for each non-standard executable that clearly documents how it differs from the Standard Version. d) make other distribution arrangements with the Copyright Holder. 4. You may distribute the programs of this Package in object code or executable form, provided that you do at least ONE of the following: a) distribute a Standard Version of the executables and library files, together with instructions (in the manual page or equivalent) on where to get the Standard Version. b) accompany the distribution with the machine-readable source of the Package with your modifications. c) accompany any non-standard executables with their corresponding Standard Version executables, giving the non-standard executables non-standard names, and clearly documenting the differences in manual pages (or equivalent), together with instructions on where to get the Standard Version. d) make other distribution arrangements with the Copyright Holder. 5. You may charge a reasonable copying fee for any distribution of this Package. You may charge any fee you choose for support of this Package. You may not charge a fee for this Package itself. However, you may distribute this Package in aggregate with other (possibly commercial) programs as part of a larger (possibly commercial) software distribution provided that you do not advertise this Package as a product of your own. 6. The scripts and library files supplied as input to or produced as output from the programs of this Package do not automatically fall under the copyright of this Package, but belong to whomever generated them, and may be sold commercially, and may be aggregated with this Package. 7. C or perl subroutines supplied by you and linked into this Package shall not be considered part of this Package. 8. The name of the Copyright Holder may not be used to endorse or promote products derived from this software without specific prior written permission. 9. THIS PACKAGE IS PROVIDED "AS IS" AND WITHOUT ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. The End HTML-Restrict-v3.0.0/t/000755 000765 000024 00000000000 13441464015 015765 5ustar00olafaldersstaff000000 000000 HTML-Restrict-v3.0.0/xt/000755 000765 000024 00000000000 13441464015 016155 5ustar00olafaldersstaff000000 000000 HTML-Restrict-v3.0.0/META.yml000644 000765 000024 00000042412 13441464015 016776 0ustar00olafaldersstaff000000 000000 --- abstract: 'Strip unwanted HTML tags and attributes' author: - 'Olaf Alders ' build_requires: ExtUtils::MakeMaker: '0' File::Spec: '0' Test::Fatal: '0' Test::More: '0' perl: '5.006' warnings: '0' configure_requires: ExtUtils::MakeMaker: '0' perl: '5.006' dynamic_config: 0 generated_by: 'Dist::Zilla version 6.012, CPAN::Meta::Converter version 2.150010' license: perl meta-spec: url: http://module-build.sourceforge.net/META-spec-v1.4.html version: '1.4' name: HTML-Restrict no_index: directory: - examples - t - xt requires: Carp: '0' Data::Dump: '0' HTML::Entities: '0' HTML::Parser: '0' List::Util: '1.33' Moo: '1.002000' Scalar::Util: '0' Sub::Quote: '0' Type::Tiny: '1.002001' Types::Standard: '1.000001' URI: '0' namespace::clean: '0' perl: '5.006' strict: '0' version: '0' resources: bugtracker: https://github.com/oalders/html-restrict/issues homepage: https://github.com/oalders/html-restrict repository: https://github.com/oalders/html-restrict.git version: v3.0.0 x_Dist_Zilla: perl: version: '5.026001' plugins: - class: Dist::Zilla::Plugin::PromptIfStale config: Dist::Zilla::Plugin::PromptIfStale: check_all_plugins: 0 check_all_prereqs: 0 modules: - Dist::Zilla::PluginBundle::Author::OALDERS phase: build run_under_travis: 0 skip: [] name: '@Author::OALDERS/stale modules, build' version: '0.055' - class: Dist::Zilla::Plugin::PromptIfStale config: Dist::Zilla::Plugin::PromptIfStale: check_all_plugins: 1 check_all_prereqs: 1 modules: [] phase: release run_under_travis: 0 skip: [] name: '@Author::OALDERS/stale modules, release' version: '0.055' - class: Dist::Zilla::Plugin::MAXMIND::TidyAll name: '@Author::OALDERS/MAXMIND::TidyAll' version: '0.13' - class: Dist::Zilla::Plugin::AutoPrereqs name: '@Author::OALDERS/AutoPrereqs' version: '6.012' - class: Dist::Zilla::Plugin::CheckChangesHasContent name: '@Author::OALDERS/CheckChangesHasContent' version: '0.011' - class: Dist::Zilla::Plugin::MakeMaker config: Dist::Zilla::Role::TestRunner: default_jobs: 1 name: '@Author::OALDERS/MakeMaker' version: '6.012' - class: Dist::Zilla::Plugin::CPANFile name: '@Author::OALDERS/CPANFile' version: '6.012' - class: Dist::Zilla::Plugin::ContributorsFile name: '@Author::OALDERS/ContributorsFile' version: 0.3.0 - class: Dist::Zilla::Plugin::MetaJSON name: '@Author::OALDERS/MetaJSON' version: '6.012' - class: Dist::Zilla::Plugin::MetaYAML name: '@Author::OALDERS/MetaYAML' version: '6.012' - class: Dist::Zilla::Plugin::Manifest name: '@Author::OALDERS/Manifest' version: '6.012' - class: Dist::Zilla::Plugin::MetaNoIndex name: '@Author::OALDERS/MetaNoIndex' version: '6.012' - class: Dist::Zilla::Plugin::MetaConfig name: '@Author::OALDERS/MetaConfig' version: '6.012' - class: Dist::Zilla::Plugin::MetaResources name: '@Author::OALDERS/MetaResources' version: '6.012' - class: Dist::Zilla::Plugin::License name: '@Author::OALDERS/License' version: '6.012' - class: Dist::Zilla::Plugin::InstallGuide name: '@Author::OALDERS/InstallGuide' version: '1.200012' - class: Dist::Zilla::Plugin::Prereqs config: Dist::Zilla::Plugin::Prereqs: phase: develop type: requires name: '@Author::OALDERS/Modules for use with tidyall' version: '6.012' - class: Dist::Zilla::Plugin::ExecDir name: '@Author::OALDERS/ExecDir' version: '6.012' - class: Dist::Zilla::Plugin::Test::PodSpelling config: Dist::Zilla::Plugin::Test::PodSpelling: directories: - bin - lib spell_cmd: '' stopwords: - Alders - "Alders'" - Axel - Carwyn - DOCTYPE - Dagfinn - Forsyth - Ilmari - Jubenville - Mannsåker - Raybec - TerMarsch - XSS - bolded - fREW - href - img - ioncache - param - params - perlpong - schemas - src - whitelisted - whitelisting wordlist: Pod::Wordlist name: '@Author::OALDERS/Test::PodSpelling' version: '2.007005' - class: Dist::Zilla::Plugin::PodCoverageTests name: '@Author::OALDERS/PodCoverageTests' version: '6.012' - class: Dist::Zilla::Plugin::PodSyntaxTests name: '@Author::OALDERS/PodSyntaxTests' version: '6.012' - class: Dist::Zilla::Plugin::Test::CPAN::Changes config: Dist::Zilla::Plugin::Test::CPAN::Changes: changelog: Changes name: '@Author::OALDERS/Test::CPAN::Changes' version: '0.012' - class: Dist::Zilla::Plugin::TestRelease name: '@Author::OALDERS/TestRelease' version: '6.012' - class: Dist::Zilla::Plugin::Test::ReportPrereqs name: '@Author::OALDERS/Test::ReportPrereqs' version: '0.027' - class: Dist::Zilla::Plugin::Test::Synopsis name: '@Author::OALDERS/Test::Synopsis' version: '2.000007' - class: Dist::Zilla::Plugin::Test::TidyAll name: '@Author::OALDERS/Test::TidyAll' version: '0.04' - class: Dist::Zilla::Plugin::RunExtraTests config: Dist::Zilla::Role::TestRunner: default_jobs: 1 name: '@Author::OALDERS/RunExtraTests' version: '0.029' - class: Dist::Zilla::Plugin::MinimumPerl name: '@Author::OALDERS/MinimumPerl' version: '1.006' - class: Dist::Zilla::Plugin::PodWeaver config: Dist::Zilla::Plugin::PodWeaver: finder: - ':InstallModules' - ':ExecFiles' plugins: - class: Pod::Weaver::Plugin::EnsurePod5 name: '@CorePrep/EnsurePod5' version: '4.015' - class: Pod::Weaver::Plugin::H1Nester name: '@CorePrep/H1Nester' version: '4.015' - class: Pod::Weaver::Plugin::SingleEncoding name: '@Default/SingleEncoding' version: '4.015' - class: Pod::Weaver::Section::Name name: '@Default/Name' version: '4.015' - class: Pod::Weaver::Section::Version name: '@Default/Version' version: '4.015' - class: Pod::Weaver::Section::Region name: '@Default/prelude' version: '4.015' - class: Pod::Weaver::Section::Generic name: SYNOPSIS version: '4.015' - class: Pod::Weaver::Section::Generic name: DESCRIPTION version: '4.015' - class: Pod::Weaver::Section::Generic name: OVERVIEW version: '4.015' - class: Pod::Weaver::Section::Collect name: ATTRIBUTES version: '4.015' - class: Pod::Weaver::Section::Collect name: METHODS version: '4.015' - class: Pod::Weaver::Section::Collect name: FUNCTIONS version: '4.015' - class: Pod::Weaver::Section::Leftovers name: '@Default/Leftovers' version: '4.015' - class: Pod::Weaver::Section::Region name: '@Default/postlude' version: '4.015' - class: Pod::Weaver::Section::Authors name: '@Default/Authors' version: '4.015' - class: Pod::Weaver::Section::Legal name: '@Default/Legal' version: '4.015' name: '@Author::OALDERS/PodWeaver' version: '4.008' - class: Dist::Zilla::Plugin::PruneCruft name: '@Author::OALDERS/PruneCruft' version: '6.012' - class: Dist::Zilla::Plugin::CopyFilesFromBuild name: '@Author::OALDERS/CopyFilesFromBuild' version: '0.170880' - class: Dist::Zilla::Plugin::GithubMeta name: '@Author::OALDERS/GithubMeta' version: '0.58' - class: Dist::Zilla::Plugin::Git::GatherDir config: Dist::Zilla::Plugin::GatherDir: exclude_filename: - Install - LICENSE - META.json - Makefile.PL - README.md - cpanfile exclude_match: [] follow_symlinks: 0 include_dotfiles: 0 prefix: '' prune_directory: [] root: . Dist::Zilla::Plugin::Git::GatherDir: include_untracked: 0 name: '@Author::OALDERS/Git::GatherDir' version: '2.045' - class: Dist::Zilla::Plugin::CopyFilesFromRelease config: Dist::Zilla::Plugin::CopyFilesFromRelease: filename: - Install match: [] name: '@Author::OALDERS/CopyFilesFromRelease' version: '0.006' - class: Dist::Zilla::Plugin::Git::Check config: Dist::Zilla::Plugin::Git::Check: untracked_files: die Dist::Zilla::Role::Git::DirtyFiles: allow_dirty: - Changes - Install - LICENSE - META.json - Makefile.PL - README.md - cpanfile - dist.ini allow_dirty_match: [] changelog: Changes Dist::Zilla::Role::Git::Repo: git_version: 2.20.1 repo_root: . name: '@Author::OALDERS/Git::Check' version: '2.045' - class: Dist::Zilla::Plugin::Git::Contributors config: Dist::Zilla::Plugin::Git::Contributors: git_version: 2.20.1 include_authors: 0 include_releaser: 1 order_by: name paths: [] name: '@Author::OALDERS/Git::Contributors' version: '0.035' - class: Dist::Zilla::Plugin::ReadmeAnyFromPod config: Dist::Zilla::Role::FileWatcher: version: '0.006' name: '@Author::OALDERS/ReadmeMdInBuild' version: '0.163250' - class: Dist::Zilla::Plugin::ShareDir name: '@Author::OALDERS/ShareDir' version: '6.012' - class: Dist::Zilla::Plugin::TravisCI::StatusBadge name: '@Author::OALDERS/TravisCI::StatusBadge' version: '0.007' - class: Dist::Zilla::Plugin::ConfirmRelease name: '@Author::OALDERS/ConfirmRelease' version: '6.012' - class: Dist::Zilla::Plugin::UploadToCPAN name: '@Author::OALDERS/UploadToCPAN' version: '6.012' - class: Dist::Zilla::Plugin::Prereqs config: Dist::Zilla::Plugin::Prereqs: phase: develop type: recommends name: '@Author::OALDERS/@Git::VersionManager/pluginbundle version' version: '6.012' - class: Dist::Zilla::Plugin::RewriteVersion::Transitional config: Dist::Zilla::Plugin::RewriteVersion: add_tarball_name: 0 finders: - ':ExecFiles' - ':InstallModules' global: 0 skip_version_provider: 0 Dist::Zilla::Plugin::RewriteVersion::Transitional: {} name: '@Author::OALDERS/@Git::VersionManager/RewriteVersion::Transitional' version: '0.009' - class: Dist::Zilla::Plugin::MetaProvides::Update name: '@Author::OALDERS/@Git::VersionManager/MetaProvides::Update' version: '0.007' - class: Dist::Zilla::Plugin::CopyFilesFromRelease config: Dist::Zilla::Plugin::CopyFilesFromRelease: filename: - Changes match: [] name: '@Author::OALDERS/@Git::VersionManager/CopyFilesFromRelease' version: '0.006' - class: Dist::Zilla::Plugin::Git::Commit config: Dist::Zilla::Plugin::Git::Commit: add_files_in: [] commit_msg: v%v%n%n%c Dist::Zilla::Role::Git::DirtyFiles: allow_dirty: - Changes - Install - LICENSE - META.json - Makefile.PL - README.md - cpanfile - dist.ini allow_dirty_match: [] changelog: Changes Dist::Zilla::Role::Git::Repo: git_version: 2.20.1 repo_root: . Dist::Zilla::Role::Git::StringFormatter: time_zone: local name: '@Author::OALDERS/@Git::VersionManager/release snapshot' version: '2.045' - class: Dist::Zilla::Plugin::Git::Tag config: Dist::Zilla::Plugin::Git::Tag: branch: ~ changelog: Changes signed: 0 tag: vv3.0.0 tag_format: v%v tag_message: v%v Dist::Zilla::Role::Git::Repo: git_version: 2.20.1 repo_root: . Dist::Zilla::Role::Git::StringFormatter: time_zone: local name: '@Author::OALDERS/@Git::VersionManager/Git::Tag' version: '2.045' - class: Dist::Zilla::Plugin::BumpVersionAfterRelease::Transitional config: Dist::Zilla::Plugin::BumpVersionAfterRelease: finders: - ':ExecFiles' - ':InstallModules' global: 0 munge_makefile_pl: 1 Dist::Zilla::Plugin::BumpVersionAfterRelease::Transitional: {} name: '@Author::OALDERS/@Git::VersionManager/BumpVersionAfterRelease::Transitional' version: '0.009' - class: Dist::Zilla::Plugin::NextRelease name: '@Author::OALDERS/@Git::VersionManager/NextRelease' version: '6.012' - class: Dist::Zilla::Plugin::Git::Commit config: Dist::Zilla::Plugin::Git::Commit: add_files_in: [] commit_msg: 'increment $VERSION after %v release' Dist::Zilla::Role::Git::DirtyFiles: allow_dirty: - Build.PL - Changes - Makefile.PL allow_dirty_match: - (?^:^lib/.*\.pm$) changelog: Changes Dist::Zilla::Role::Git::Repo: git_version: 2.20.1 repo_root: . Dist::Zilla::Role::Git::StringFormatter: time_zone: local name: '@Author::OALDERS/@Git::VersionManager/post-release commit' version: '2.045' - class: Dist::Zilla::Plugin::Git::Push config: Dist::Zilla::Plugin::Git::Push: push_to: - origin remotes_must_exist: 1 Dist::Zilla::Role::Git::Repo: git_version: 2.20.1 repo_root: . name: '@Author::OALDERS/Git::Push' version: '2.045' - class: Dist::Zilla::Plugin::Prereqs config: Dist::Zilla::Plugin::Prereqs: phase: runtime type: requires name: Prereqs version: '6.012' - class: Dist::Zilla::Plugin::Git::Tag config: Dist::Zilla::Plugin::Git::Tag: branch: ~ changelog: Changes signed: 0 tag: v3.0.0 tag_format: '%v' tag_message: '%v' Dist::Zilla::Role::Git::Repo: git_version: 2.20.1 repo_root: . Dist::Zilla::Role::Git::StringFormatter: time_zone: local name: Git::Tag version: '2.045' - class: Dist::Zilla::Plugin::FinderCode name: ':InstallModules' version: '6.012' - class: Dist::Zilla::Plugin::FinderCode name: ':IncModules' version: '6.012' - class: Dist::Zilla::Plugin::FinderCode name: ':TestFiles' version: '6.012' - class: Dist::Zilla::Plugin::FinderCode name: ':ExtraTestFiles' version: '6.012' - class: Dist::Zilla::Plugin::FinderCode name: ':ExecFiles' version: '6.012' - class: Dist::Zilla::Plugin::FinderCode name: ':PerlExecFiles' version: '6.012' - class: Dist::Zilla::Plugin::FinderCode name: ':ShareFiles' version: '6.012' - class: Dist::Zilla::Plugin::FinderCode name: ':MainModule' version: '6.012' - class: Dist::Zilla::Plugin::FinderCode name: ':AllFiles' version: '6.012' - class: Dist::Zilla::Plugin::FinderCode name: ':NoFiles' version: '6.012' zilla: class: Dist::Zilla::Dist::Builder config: is_trial: '0' version: '6.012' x_contributors: - "Arthur Axel 'fREW' Schmidt " - 'Ben Bullock ' - 'David Golden ' - 'Fitz Elliott ' - 'Graham Knop ' - 'Graham TerMarsch ' - 'Karen Etheridge ' - 'Mark Jubenville ' - 'Olaf Alders ' - 'perlpong ' - 'skaufman ' x_generated_by_perl: v5.26.1 x_serialization_backend: 'YAML::Tiny version 1.73' HTML-Restrict-v3.0.0/CONTRIBUTORS000644 000765 000024 00000000735 13441464015 017407 0ustar00olafaldersstaff000000 000000 # HTML-RESTRICT CONTRIBUTORS # This is the (likely incomplete) list of people who have helped make this distribution what it is, either via code contributions, patches, bug reports, help with troubleshooting, etc. A huge 'thank you' to all of them. * Arthur Axel 'fREW' Schmidt * Ben Bullock * David Golden * Fitz Elliott * Graham Knop * Graham TerMarsch * Karen Etheridge * Mark Jubenville * Olaf Alders * perlpong * skaufman HTML-Restrict-v3.0.0/META.json000644 000765 000024 00000066275 13441464015 017163 0ustar00olafaldersstaff000000 000000 { "abstract" : "Strip unwanted HTML tags and attributes", "author" : [ "Olaf Alders " ], "dynamic_config" : 0, "generated_by" : "Dist::Zilla version 6.012, CPAN::Meta::Converter version 2.150010", "license" : [ "perl_5" ], "meta-spec" : { "url" : "http://search.cpan.org/perldoc?CPAN::Meta::Spec", "version" : 2 }, "name" : "HTML-Restrict", "no_index" : { "directory" : [ "examples", "t", "xt" ] }, "prereqs" : { "configure" : { "requires" : { "ExtUtils::MakeMaker" : "0", "perl" : "5.006" } }, "develop" : { "recommends" : { "Dist::Zilla::PluginBundle::Git::VersionManager" : "0.007" }, "requires" : { "Code::TidyAll" : "0.71", "Code::TidyAll::Plugin::SortLines::Naturally" : "0.000003", "Code::TidyAll::Plugin::Test::Vars" : "0.04", "Code::TidyAll::Plugin::UniqueLines" : "0.000003", "Parallel::ForkManager" : "1.19", "Perl::Critic" : "1.132", "Perl::Tidy" : "20180220", "Pod::Coverage::TrustPod" : "0", "Pod::Wordlist" : "0", "Test::CPAN::Changes" : "0.19", "Test::Code::TidyAll" : "0.50", "Test::More" : "0.96", "Test::Pod" : "1.41", "Test::Pod::Coverage" : "1.08", "Test::Spelling" : "0.12", "Test::Synopsis" : "0", "Test::Vars" : "0.014", "warnings" : "0" } }, "runtime" : { "requires" : { "Carp" : "0", "Data::Dump" : "0", "HTML::Entities" : "0", "HTML::Parser" : "0", "List::Util" : "1.33", "Moo" : "1.002000", "Scalar::Util" : "0", "Sub::Quote" : "0", "Type::Tiny" : "1.002001", "Types::Standard" : "1.000001", "URI" : "0", "namespace::clean" : "0", "perl" : "5.006", "strict" : "0", "version" : "0" } }, "test" : { "recommends" : { "CPAN::Meta" : "2.120900" }, "requires" : { "ExtUtils::MakeMaker" : "0", "File::Spec" : "0", "Test::Fatal" : "0", "Test::More" : "0", "perl" : "5.006", "warnings" : "0" } } }, "release_status" : "stable", "resources" : { "bugtracker" : { "web" : "https://github.com/oalders/html-restrict/issues" }, "homepage" : "https://github.com/oalders/html-restrict", "repository" : { "type" : "git", "url" : "https://github.com/oalders/html-restrict.git", "web" : "https://github.com/oalders/html-restrict" } }, "version" : "v3.0.0", "x_Dist_Zilla" : { "perl" : { "version" : "5.026001" }, "plugins" : [ { "class" : "Dist::Zilla::Plugin::PromptIfStale", "config" : { "Dist::Zilla::Plugin::PromptIfStale" : { "check_all_plugins" : 0, "check_all_prereqs" : 0, "modules" : [ "Dist::Zilla::PluginBundle::Author::OALDERS" ], "phase" : "build", "run_under_travis" : 0, "skip" : [] } }, "name" : "@Author::OALDERS/stale modules, build", "version" : "0.055" }, { "class" : "Dist::Zilla::Plugin::PromptIfStale", "config" : { "Dist::Zilla::Plugin::PromptIfStale" : { "check_all_plugins" : 1, "check_all_prereqs" : 1, "modules" : [], "phase" : "release", "run_under_travis" : 0, "skip" : [] } }, "name" : "@Author::OALDERS/stale modules, release", "version" : "0.055" }, { "class" : "Dist::Zilla::Plugin::MAXMIND::TidyAll", "name" : "@Author::OALDERS/MAXMIND::TidyAll", "version" : "0.13" }, { "class" : "Dist::Zilla::Plugin::AutoPrereqs", "name" : "@Author::OALDERS/AutoPrereqs", "version" : "6.012" }, { "class" : "Dist::Zilla::Plugin::CheckChangesHasContent", "name" : "@Author::OALDERS/CheckChangesHasContent", "version" : "0.011" }, { "class" : "Dist::Zilla::Plugin::MakeMaker", "config" : { "Dist::Zilla::Role::TestRunner" : { "default_jobs" : 1 } }, "name" : "@Author::OALDERS/MakeMaker", "version" : "6.012" }, { "class" : "Dist::Zilla::Plugin::CPANFile", "name" : "@Author::OALDERS/CPANFile", "version" : "6.012" }, { "class" : "Dist::Zilla::Plugin::ContributorsFile", "name" : "@Author::OALDERS/ContributorsFile", "version" : "0.3.0" }, { "class" : "Dist::Zilla::Plugin::MetaJSON", "name" : "@Author::OALDERS/MetaJSON", "version" : "6.012" }, { "class" : "Dist::Zilla::Plugin::MetaYAML", "name" : "@Author::OALDERS/MetaYAML", "version" : "6.012" }, { "class" : "Dist::Zilla::Plugin::Manifest", "name" : "@Author::OALDERS/Manifest", "version" : "6.012" }, { "class" : "Dist::Zilla::Plugin::MetaNoIndex", "name" : "@Author::OALDERS/MetaNoIndex", "version" : "6.012" }, { "class" : "Dist::Zilla::Plugin::MetaConfig", "name" : "@Author::OALDERS/MetaConfig", "version" : "6.012" }, { "class" : "Dist::Zilla::Plugin::MetaResources", "name" : "@Author::OALDERS/MetaResources", "version" : "6.012" }, { "class" : "Dist::Zilla::Plugin::License", "name" : "@Author::OALDERS/License", "version" : "6.012" }, { "class" : "Dist::Zilla::Plugin::InstallGuide", "name" : "@Author::OALDERS/InstallGuide", "version" : "1.200012" }, { "class" : "Dist::Zilla::Plugin::Prereqs", "config" : { "Dist::Zilla::Plugin::Prereqs" : { "phase" : "develop", "type" : "requires" } }, "name" : "@Author::OALDERS/Modules for use with tidyall", "version" : "6.012" }, { "class" : "Dist::Zilla::Plugin::ExecDir", "name" : "@Author::OALDERS/ExecDir", "version" : "6.012" }, { "class" : "Dist::Zilla::Plugin::Test::PodSpelling", "config" : { "Dist::Zilla::Plugin::Test::PodSpelling" : { "directories" : [ "bin", "lib" ], "spell_cmd" : "", "stopwords" : [ "Alders", "Alders'", "Axel", "Carwyn", "DOCTYPE", "Dagfinn", "Forsyth", "Ilmari", "Jubenville", "Manns\u00e5ker", "Raybec", "TerMarsch", "XSS", "bolded", "fREW", "href", "img", "ioncache", "param", "params", "perlpong", "schemas", "src", "whitelisted", "whitelisting" ], "wordlist" : "Pod::Wordlist" } }, "name" : "@Author::OALDERS/Test::PodSpelling", "version" : "2.007005" }, { "class" : "Dist::Zilla::Plugin::PodCoverageTests", "name" : "@Author::OALDERS/PodCoverageTests", "version" : "6.012" }, { "class" : "Dist::Zilla::Plugin::PodSyntaxTests", "name" : "@Author::OALDERS/PodSyntaxTests", "version" : "6.012" }, { "class" : "Dist::Zilla::Plugin::Test::CPAN::Changes", "config" : { "Dist::Zilla::Plugin::Test::CPAN::Changes" : { "changelog" : "Changes" } }, "name" : "@Author::OALDERS/Test::CPAN::Changes", "version" : "0.012" }, { "class" : "Dist::Zilla::Plugin::TestRelease", "name" : "@Author::OALDERS/TestRelease", "version" : "6.012" }, { "class" : "Dist::Zilla::Plugin::Test::ReportPrereqs", "name" : "@Author::OALDERS/Test::ReportPrereqs", "version" : "0.027" }, { "class" : "Dist::Zilla::Plugin::Test::Synopsis", "name" : "@Author::OALDERS/Test::Synopsis", "version" : "2.000007" }, { "class" : "Dist::Zilla::Plugin::Test::TidyAll", "name" : "@Author::OALDERS/Test::TidyAll", "version" : "0.04" }, { "class" : "Dist::Zilla::Plugin::RunExtraTests", "config" : { "Dist::Zilla::Role::TestRunner" : { "default_jobs" : 1 } }, "name" : "@Author::OALDERS/RunExtraTests", "version" : "0.029" }, { "class" : "Dist::Zilla::Plugin::MinimumPerl", "name" : "@Author::OALDERS/MinimumPerl", "version" : "1.006" }, { "class" : "Dist::Zilla::Plugin::PodWeaver", "config" : { "Dist::Zilla::Plugin::PodWeaver" : { "finder" : [ ":InstallModules", ":ExecFiles" ], "plugins" : [ { "class" : "Pod::Weaver::Plugin::EnsurePod5", "name" : "@CorePrep/EnsurePod5", "version" : "4.015" }, { "class" : "Pod::Weaver::Plugin::H1Nester", "name" : "@CorePrep/H1Nester", "version" : "4.015" }, { "class" : "Pod::Weaver::Plugin::SingleEncoding", "name" : "@Default/SingleEncoding", "version" : "4.015" }, { "class" : "Pod::Weaver::Section::Name", "name" : "@Default/Name", "version" : "4.015" }, { "class" : "Pod::Weaver::Section::Version", "name" : "@Default/Version", "version" : "4.015" }, { "class" : "Pod::Weaver::Section::Region", "name" : "@Default/prelude", "version" : "4.015" }, { "class" : "Pod::Weaver::Section::Generic", "name" : "SYNOPSIS", "version" : "4.015" }, { "class" : "Pod::Weaver::Section::Generic", "name" : "DESCRIPTION", "version" : "4.015" }, { "class" : "Pod::Weaver::Section::Generic", "name" : "OVERVIEW", "version" : "4.015" }, { "class" : "Pod::Weaver::Section::Collect", "name" : "ATTRIBUTES", "version" : "4.015" }, { "class" : "Pod::Weaver::Section::Collect", "name" : "METHODS", "version" : "4.015" }, { "class" : "Pod::Weaver::Section::Collect", "name" : "FUNCTIONS", "version" : "4.015" }, { "class" : "Pod::Weaver::Section::Leftovers", "name" : "@Default/Leftovers", "version" : "4.015" }, { "class" : "Pod::Weaver::Section::Region", "name" : "@Default/postlude", "version" : "4.015" }, { "class" : "Pod::Weaver::Section::Authors", "name" : "@Default/Authors", "version" : "4.015" }, { "class" : "Pod::Weaver::Section::Legal", "name" : "@Default/Legal", "version" : "4.015" } ] } }, "name" : "@Author::OALDERS/PodWeaver", "version" : "4.008" }, { "class" : "Dist::Zilla::Plugin::PruneCruft", "name" : "@Author::OALDERS/PruneCruft", "version" : "6.012" }, { "class" : "Dist::Zilla::Plugin::CopyFilesFromBuild", "name" : "@Author::OALDERS/CopyFilesFromBuild", "version" : "0.170880" }, { "class" : "Dist::Zilla::Plugin::GithubMeta", "name" : "@Author::OALDERS/GithubMeta", "version" : "0.58" }, { "class" : "Dist::Zilla::Plugin::Git::GatherDir", "config" : { "Dist::Zilla::Plugin::GatherDir" : { "exclude_filename" : [ "Install", "LICENSE", "META.json", "Makefile.PL", "README.md", "cpanfile" ], "exclude_match" : [], "follow_symlinks" : 0, "include_dotfiles" : 0, "prefix" : "", "prune_directory" : [], "root" : "." }, "Dist::Zilla::Plugin::Git::GatherDir" : { "include_untracked" : 0 } }, "name" : "@Author::OALDERS/Git::GatherDir", "version" : "2.045" }, { "class" : "Dist::Zilla::Plugin::CopyFilesFromRelease", "config" : { "Dist::Zilla::Plugin::CopyFilesFromRelease" : { "filename" : [ "Install" ], "match" : [] } }, "name" : "@Author::OALDERS/CopyFilesFromRelease", "version" : "0.006" }, { "class" : "Dist::Zilla::Plugin::Git::Check", "config" : { "Dist::Zilla::Plugin::Git::Check" : { "untracked_files" : "die" }, "Dist::Zilla::Role::Git::DirtyFiles" : { "allow_dirty" : [ "Changes", "Install", "LICENSE", "META.json", "Makefile.PL", "README.md", "cpanfile", "dist.ini" ], "allow_dirty_match" : [], "changelog" : "Changes" }, "Dist::Zilla::Role::Git::Repo" : { "git_version" : "2.20.1", "repo_root" : "." } }, "name" : "@Author::OALDERS/Git::Check", "version" : "2.045" }, { "class" : "Dist::Zilla::Plugin::Git::Contributors", "config" : { "Dist::Zilla::Plugin::Git::Contributors" : { "git_version" : "2.20.1", "include_authors" : 0, "include_releaser" : 1, "order_by" : "name", "paths" : [] } }, "name" : "@Author::OALDERS/Git::Contributors", "version" : "0.035" }, { "class" : "Dist::Zilla::Plugin::ReadmeAnyFromPod", "config" : { "Dist::Zilla::Role::FileWatcher" : { "version" : "0.006" } }, "name" : "@Author::OALDERS/ReadmeMdInBuild", "version" : "0.163250" }, { "class" : "Dist::Zilla::Plugin::ShareDir", "name" : "@Author::OALDERS/ShareDir", "version" : "6.012" }, { "class" : "Dist::Zilla::Plugin::TravisCI::StatusBadge", "name" : "@Author::OALDERS/TravisCI::StatusBadge", "version" : "0.007" }, { "class" : "Dist::Zilla::Plugin::ConfirmRelease", "name" : "@Author::OALDERS/ConfirmRelease", "version" : "6.012" }, { "class" : "Dist::Zilla::Plugin::UploadToCPAN", "name" : "@Author::OALDERS/UploadToCPAN", "version" : "6.012" }, { "class" : "Dist::Zilla::Plugin::Prereqs", "config" : { "Dist::Zilla::Plugin::Prereqs" : { "phase" : "develop", "type" : "recommends" } }, "name" : "@Author::OALDERS/@Git::VersionManager/pluginbundle version", "version" : "6.012" }, { "class" : "Dist::Zilla::Plugin::RewriteVersion::Transitional", "config" : { "Dist::Zilla::Plugin::RewriteVersion" : { "add_tarball_name" : 0, "finders" : [ ":ExecFiles", ":InstallModules" ], "global" : 0, "skip_version_provider" : 0 }, "Dist::Zilla::Plugin::RewriteVersion::Transitional" : {} }, "name" : "@Author::OALDERS/@Git::VersionManager/RewriteVersion::Transitional", "version" : "0.009" }, { "class" : "Dist::Zilla::Plugin::MetaProvides::Update", "name" : "@Author::OALDERS/@Git::VersionManager/MetaProvides::Update", "version" : "0.007" }, { "class" : "Dist::Zilla::Plugin::CopyFilesFromRelease", "config" : { "Dist::Zilla::Plugin::CopyFilesFromRelease" : { "filename" : [ "Changes" ], "match" : [] } }, "name" : "@Author::OALDERS/@Git::VersionManager/CopyFilesFromRelease", "version" : "0.006" }, { "class" : "Dist::Zilla::Plugin::Git::Commit", "config" : { "Dist::Zilla::Plugin::Git::Commit" : { "add_files_in" : [], "commit_msg" : "v%v%n%n%c" }, "Dist::Zilla::Role::Git::DirtyFiles" : { "allow_dirty" : [ "Changes", "Install", "LICENSE", "META.json", "Makefile.PL", "README.md", "cpanfile", "dist.ini" ], "allow_dirty_match" : [], "changelog" : "Changes" }, "Dist::Zilla::Role::Git::Repo" : { "git_version" : "2.20.1", "repo_root" : "." }, "Dist::Zilla::Role::Git::StringFormatter" : { "time_zone" : "local" } }, "name" : "@Author::OALDERS/@Git::VersionManager/release snapshot", "version" : "2.045" }, { "class" : "Dist::Zilla::Plugin::Git::Tag", "config" : { "Dist::Zilla::Plugin::Git::Tag" : { "branch" : null, "changelog" : "Changes", "signed" : 0, "tag" : "vv3.0.0", "tag_format" : "v%v", "tag_message" : "v%v" }, "Dist::Zilla::Role::Git::Repo" : { "git_version" : "2.20.1", "repo_root" : "." }, "Dist::Zilla::Role::Git::StringFormatter" : { "time_zone" : "local" } }, "name" : "@Author::OALDERS/@Git::VersionManager/Git::Tag", "version" : "2.045" }, { "class" : "Dist::Zilla::Plugin::BumpVersionAfterRelease::Transitional", "config" : { "Dist::Zilla::Plugin::BumpVersionAfterRelease" : { "finders" : [ ":ExecFiles", ":InstallModules" ], "global" : 0, "munge_makefile_pl" : 1 }, "Dist::Zilla::Plugin::BumpVersionAfterRelease::Transitional" : {} }, "name" : "@Author::OALDERS/@Git::VersionManager/BumpVersionAfterRelease::Transitional", "version" : "0.009" }, { "class" : "Dist::Zilla::Plugin::NextRelease", "name" : "@Author::OALDERS/@Git::VersionManager/NextRelease", "version" : "6.012" }, { "class" : "Dist::Zilla::Plugin::Git::Commit", "config" : { "Dist::Zilla::Plugin::Git::Commit" : { "add_files_in" : [], "commit_msg" : "increment $VERSION after %v release" }, "Dist::Zilla::Role::Git::DirtyFiles" : { "allow_dirty" : [ "Build.PL", "Changes", "Makefile.PL" ], "allow_dirty_match" : [ "(?^:^lib/.*\\.pm$)" ], "changelog" : "Changes" }, "Dist::Zilla::Role::Git::Repo" : { "git_version" : "2.20.1", "repo_root" : "." }, "Dist::Zilla::Role::Git::StringFormatter" : { "time_zone" : "local" } }, "name" : "@Author::OALDERS/@Git::VersionManager/post-release commit", "version" : "2.045" }, { "class" : "Dist::Zilla::Plugin::Git::Push", "config" : { "Dist::Zilla::Plugin::Git::Push" : { "push_to" : [ "origin" ], "remotes_must_exist" : 1 }, "Dist::Zilla::Role::Git::Repo" : { "git_version" : "2.20.1", "repo_root" : "." } }, "name" : "@Author::OALDERS/Git::Push", "version" : "2.045" }, { "class" : "Dist::Zilla::Plugin::Prereqs", "config" : { "Dist::Zilla::Plugin::Prereqs" : { "phase" : "runtime", "type" : "requires" } }, "name" : "Prereqs", "version" : "6.012" }, { "class" : "Dist::Zilla::Plugin::Git::Tag", "config" : { "Dist::Zilla::Plugin::Git::Tag" : { "branch" : null, "changelog" : "Changes", "signed" : 0, "tag" : "v3.0.0", "tag_format" : "%v", "tag_message" : "%v" }, "Dist::Zilla::Role::Git::Repo" : { "git_version" : "2.20.1", "repo_root" : "." }, "Dist::Zilla::Role::Git::StringFormatter" : { "time_zone" : "local" } }, "name" : "Git::Tag", "version" : "2.045" }, { "class" : "Dist::Zilla::Plugin::FinderCode", "name" : ":InstallModules", "version" : "6.012" }, { "class" : "Dist::Zilla::Plugin::FinderCode", "name" : ":IncModules", "version" : "6.012" }, { "class" : "Dist::Zilla::Plugin::FinderCode", "name" : ":TestFiles", "version" : "6.012" }, { "class" : "Dist::Zilla::Plugin::FinderCode", "name" : ":ExtraTestFiles", "version" : "6.012" }, { "class" : "Dist::Zilla::Plugin::FinderCode", "name" : ":ExecFiles", "version" : "6.012" }, { "class" : "Dist::Zilla::Plugin::FinderCode", "name" : ":PerlExecFiles", "version" : "6.012" }, { "class" : "Dist::Zilla::Plugin::FinderCode", "name" : ":ShareFiles", "version" : "6.012" }, { "class" : "Dist::Zilla::Plugin::FinderCode", "name" : ":MainModule", "version" : "6.012" }, { "class" : "Dist::Zilla::Plugin::FinderCode", "name" : ":AllFiles", "version" : "6.012" }, { "class" : "Dist::Zilla::Plugin::FinderCode", "name" : ":NoFiles", "version" : "6.012" } ], "zilla" : { "class" : "Dist::Zilla::Dist::Builder", "config" : { "is_trial" : 0 }, "version" : "6.012" } }, "x_contributors" : [ "Arthur Axel 'fREW' Schmidt ", "Ben Bullock ", "David Golden ", "Fitz Elliott ", "Graham Knop ", "Graham TerMarsch ", "Karen Etheridge ", "Mark Jubenville ", "Olaf Alders ", "perlpong ", "skaufman " ], "x_generated_by_perl" : "v5.26.1", "x_serialization_backend" : "Cpanel::JSON::XS version 4.02" } HTML-Restrict-v3.0.0/README.md000644 000765 000024 00000031413 13441464015 017003 0ustar00olafaldersstaff000000 000000 # NAME HTML::Restrict - Strip unwanted HTML tags and attributes # VERSION version v3.0.0 # SYNOPSIS use HTML::Restrict; my $hr = HTML::Restrict->new(); # use default rules to start with (strip away all HTML) my $processed = $hr->process(' i am bold '); # $processed now equals: 'i am bold' # Now, a less restrictive example: $hr = HTML::Restrict->new( rules => { b => [], img => [qw( src alt / )] } ); my $html = q[hello me]; $processed = $hr->process( $html ); # $processed now equals: hello me # DESCRIPTION This module uses [HTML::Parser](https://metacpan.org/pod/HTML::Parser) to strip HTML from text in a restrictive manner. By default all HTML is restricted. You may alter the default behaviour by supplying your own tag rules. # CONSTRUCTOR AND STARTUP ## new() Creates and returns a new HTML::Restrict object. my $hr = HTML::Restrict->new() HTML::Restrict doesn't require any params to be passed to new. If your goal is to remove all HTML from text, then no further setup is required. Just pass your text to the process() method and you're done: my $plain_text = $hr->process( $html ); If you need to set up specific rules, have a look at the params which HTML::Restrict recognizes: - `rules => \%rules` Sets the rules which will be used to process your data. By default all HTML tags are off limits. Use this argument to define the HTML elements and corresponding attributes you'd like to use. Essentially, consider the default behaviour to be: rules => {} Rules should be passed as a HASHREF of allowed tags. Each hash value should represent the allowed attributes for the listed tag. For example, if you want to allow a fair amount of HTML, you can try something like this: my %rules = ( a => [qw( href target )], b => [], caption => [], center => [], em => [], i => [], img => [qw( alt border height width src style )], li => [], ol => [], p => [qw(style)], span => [qw(style)], strong => [], sub => [], sup => [], table => [qw( style border cellspacing cellpadding align )], tbody => [], td => [], tr => [], u => [], ul => [], ); my $hr = HTML::Restrict->new( rules => \%rules ) Or, to allow only bolded text: my $hr = HTML::Restrict->new( rules => { b => [] } ); Allow bolded text, images and some (but not all) image attributes: my %rules = ( b => [ ], img => [qw( src alt width height border / ) ); my $hr = HTML::Restrict->new( rules => \%rules ); Since [HTML::Parser](https://metacpan.org/pod/HTML::Parser) treats a closing slash as an attribute, you'll need to add "/" to your list of allowed attributes if you'd like your tags to retain closing slashes. For example: my $hr = HTML::Restrict->new( rules =>{ hr => [] } ); $hr->process( "
"); # returns:
my $hr = HTML::Restrict->new( rules =>{ hr => [qw( / )] } ); $hr->process( "
"); # returns:
HTML::Restrict strips away any tags and attributes which are not explicitly allowed. It also rebuilds your explicitly allowed tags and places their attributes in the order in which they appear in your rules. So, if you define the following rules: my %rules = ( ... img => [qw( src alt title width height id / )] ... ); then your image tags will all be built like this: ... This gives you greater consistency in your tag layout. If you don't care about element order you don't need to pay any attention to this, but you should be aware that your elements are being reconstructed rather than just stripped down. As of 2.1.0, you can also specify a regex to be tested against the attribute value. This feature should be considered experimental for the time being: my $hr = HTML::Restrict->new( rules => { iframe => [ qw( width height allowfullscreen ), { src => qr{^http://www\.youtube\.com}, frameborder => qr{^(0|1)$}, } ], img => [ qw( alt ), { src => qr{^/my/images/} }, ], }, ); my $html = 'Alt Text'; my $processed = $hr->process( $html ); # $processed now equals: Alt Text As of 2.3.0, the value to be tested against can also be a code reference. The code reference will be passed the value of the attribute, and should return either a string to use for the attribute value, or undef to remove the attribute. my $hr = HTML::Restrict->new( rules => { span => [ { style => sub { my $value = shift; # all colors are orange $value =~ s/\bcolor\s*:\s*[^;]+/color: orange/g; return $value; } } ], }, ); my $html = 'This is blue'; my $processed = $hr->process( $html ); # $processed now equals: - `trim => [0|1]` By default all leading and trailing spaces will be removed when text is processed. Set this value to 0 in order to disable this behaviour. - `uri_schemes => [undef, 'http', 'https', 'irc', ... ]` As of version 1.0.3, URI scheme checking is performed on all href and src tag attributes. The following schemes are allowed out of the box. No action is required on your part: [ undef, 'http', 'https' ] (undef represents relative URIs). These restrictions have been put in place to prevent XSS in the form of: click for cookie! See [URI](https://metacpan.org/pod/URI) for more detailed info on scheme parsing. If, for example, you wanted to filter out every scheme barring SSL, you would do it like this: uri_schemes => ['https'] This feature is new in 1.0.3. Previous to this, there was no schema checking at all. Moving forward, you'll need to whitelist explicitly all URI schemas which are not supported by default. This is in keeping with the whitelisting behaviour of this module and is also the safest possible approach. Keep in mind that changes to uri\_schemes are not additive, so you'll need to include the defaults in any changes you make, should you wish to keep them: # defaults + irc + mailto uri_schemes => [ 'undef', 'http', 'https', 'irc', 'mailto' ] - allow\_declaration => \[0|1\] Set this value to true if you'd like to allow/preserve DOCTYPE declarations in your content. Useful when cleaning up your own static files or templates. This feature is off by default. my $html = q[foo]; my $hr = HTML::Restrict->new( allow_declaration => 1 ); $html = $hr->process( $html ); # $html is now: "foo" - allow\_comments => \[0|1\] Set this value to true if you'd like to allow/preserve HTML comments in your content. Useful when cleaning up your own static files or templates. This feature is off by default. my $html = q[foo]; my $hr = HTML::Restrict->new( allow_comments => 1 ); $html = $hr->process( $html ); # $html is now: "foo" - replace\_img => \[0|1|CodeRef\] Set the value to true if you'd like to have img tags replaced with `[IMAGE: ...]` containing the alt attribute text. If you set it to a code reference, you can provide your own replacement (which may even contain HTML). sub replacer { my ($tagname, $attr, $text) = @_; # from HTML::Parser return qq{IMAGE: $attr->{alt}}; } my $hr = HTML::Restrict->new( replace_img => \&replacer ); This attribute will only take effect if the img tag is not included in the allowed HTML. - strip\_enclosed\_content => \[0|1\] The default behaviour up to 1.0.4 was to preserve the content between script and style tags, even when the tags themselves were being deleted. So, you'd be left with a bunch of JavaScript or CSS, just with the enclosing tags missing. This is almost never what you want, so starting at 1.0.5 the default will be to remove any script or style info which is enclosed in these tags, unless they have specifically been whitelisted in the rules. This will be a sane default when cleaning up content submitted via a web form. However, if you're using HTML::Restrict to purge your own HTML you can be more restrictive. # strip the head section, in addition to JS and CSS my $html = '......foo'; my $hr = HTML::Restrict->new( strip_enclosed_content => [ 'script', 'style', 'head' ] ); $html = $hr->process( $html ); # $html is now '...foo'; The caveat here is that HTML::Restrict will not try to fix broken HTML. In the above example, if you have any opening script, style or head tags which don't also include matching closing tags, all following content will be stripped away, regardless of any parent tags. Keep in mind that changes to strip\_enclosed\_content are not additive, so if you are adding additional tags you'll need to include the entire list of tags whose enclosed content you'd like to remove. This feature strips script and style tags by default. # SUBROUTINES/METHODS ## process( $html ) This is the method which does the real work. It parses your data, removes any tags and attributes which are not specifically allowed and returns the resulting text. Requires and returns a SCALAR. ## get\_rules Accessor which returns a hash ref of the current rule set. ## get\_uri\_schemes Accessor which returns an array ref of the current valid uri schemes. # CAVEATS Please note that all tag and attribute names passed via the rules param must be supplied in lower case. # correct my $hr = HTML::Restrict->new( rules => { body => ['onload'] } ); # throws a fatal error my $hr = HTML::Restrict->new( rules => { Body => ['onLoad'] } ); # MOTIVATION There are already several modules on the CPAN which accomplish much of the same thing, but after doing a lot of poking around, I was unable to find a solution with a simple setup which I was happy with. The most common use case might be stripping HTML from user submitted data completely or allowing just a few tags and attributes to be displayed. With the exception of URI scheme checking, this module doesn't do any validation on the actual content of the tags or attributes. If this is a requirement, you can either mess with the parser object, post-process the text yourself or have a look at one of the more feature-rich modules in the SEE ALSO section below. My aim here is to keep things easy and, hopefully, cover a lot of the less complex use cases with just a few lines of code and some brief documentation. The idea is to be up and running quickly. # SEE ALSO [HTML::TagFilter](https://metacpan.org/pod/HTML::TagFilter), [HTML::Defang](https://metacpan.org/pod/HTML::Defang), [MojoMojo::Declaw](https://metacpan.org/pod/MojoMojo::Declaw), [HTML::StripScripts](https://metacpan.org/pod/HTML::StripScripts), [HTML::Detoxifier](https://metacpan.org/pod/HTML::Detoxifier), HTML::Sanitizer, [HTML::Scrubber](https://metacpan.org/pod/HTML::Scrubber) # ACKNOWLEDGEMENTS Thanks to Raybec Communications [http://www.raybec.com](http://www.raybec.com) for funding my work on this module and for releasing it to the world. Thanks also to the following for patches, bug reports and assistance: Mark Jubenville (ioncache) Duncan Forsyth Rick Moore Arthur Axel 'fREW' Schmidt perlpong David Golden Graham TerMarsch Dagfinn Ilmari Mannsåker Graham Knop Carwyn Ellis # AUTHOR Olaf Alders # COPYRIGHT AND LICENSE This software is copyright (c) 2013-2017 by Olaf Alders. This is free software; you can redistribute it and/or modify it under the same terms as the Perl 5 programming language system itself. HTML-Restrict-v3.0.0/examples/000755 000765 000024 00000000000 13441464015 017340 5ustar00olafaldersstaff000000 000000 HTML-Restrict-v3.0.0/tidyall.ini000644 000765 000024 00000000507 13441464015 017667 0ustar00olafaldersstaff000000 000000 [JSON] select = t/**/*json [PerlTidy] select = **/*.{pl,pm,t,psgi} ignore = .build/**/* ignore = HTML-Restrict-*/**/* ignore = blib/**/* ignore = t/00-* ignore = t/author-* ignore = t/release-* ignore = t/zzz-* ignore = xt/**/* argv = --profile=$ROOT/perltidyrc [SortLines::Naturally] select = .gitignore select = .stopwords HTML-Restrict-v3.0.0/lib/000755 000765 000024 00000000000 13441464015 016270 5ustar00olafaldersstaff000000 000000 HTML-Restrict-v3.0.0/Makefile.PL000644 000765 000024 00000003504 13441464015 017476 0ustar00olafaldersstaff000000 000000 # This file was automatically generated by Dist::Zilla::Plugin::MakeMaker v6.012. use strict; use warnings; use 5.006; use ExtUtils::MakeMaker; my %WriteMakefileArgs = ( "ABSTRACT" => "Strip unwanted HTML tags and attributes", "AUTHOR" => "Olaf Alders ", "CONFIGURE_REQUIRES" => { "ExtUtils::MakeMaker" => 0 }, "DISTNAME" => "HTML-Restrict", "LICENSE" => "perl", "MIN_PERL_VERSION" => "5.006", "NAME" => "HTML::Restrict", "PREREQ_PM" => { "Carp" => 0, "Data::Dump" => 0, "HTML::Entities" => 0, "HTML::Parser" => 0, "List::Util" => "1.33", "Moo" => "1.002000", "Scalar::Util" => 0, "Sub::Quote" => 0, "Type::Tiny" => "1.002001", "Types::Standard" => "1.000001", "URI" => 0, "namespace::clean" => 0, "strict" => 0, "version" => 0 }, "TEST_REQUIRES" => { "ExtUtils::MakeMaker" => 0, "File::Spec" => 0, "Test::Fatal" => 0, "Test::More" => 0, "warnings" => 0 }, "VERSION" => "v3.0.0", "test" => { "TESTS" => "t/*.t" } ); my %FallbackPrereqs = ( "Carp" => 0, "Data::Dump" => 0, "ExtUtils::MakeMaker" => 0, "File::Spec" => 0, "HTML::Entities" => 0, "HTML::Parser" => 0, "List::Util" => "1.33", "Moo" => "1.002000", "Scalar::Util" => 0, "Sub::Quote" => 0, "Test::Fatal" => 0, "Test::More" => 0, "Type::Tiny" => "1.002001", "Types::Standard" => "1.000001", "URI" => 0, "namespace::clean" => 0, "strict" => 0, "version" => 0, "warnings" => 0 ); unless ( eval { ExtUtils::MakeMaker->VERSION(6.63_03) } ) { delete $WriteMakefileArgs{TEST_REQUIRES}; delete $WriteMakefileArgs{BUILD_REQUIRES}; $WriteMakefileArgs{PREREQ_PM} = \%FallbackPrereqs; } delete $WriteMakefileArgs{CONFIGURE_REQUIRES} unless eval { ExtUtils::MakeMaker->VERSION(6.52) }; WriteMakefile(%WriteMakefileArgs); HTML-Restrict-v3.0.0/dist.ini000644 000765 000024 00000000432 13441464015 017165 0ustar00olafaldersstaff000000 000000 name = HTML-Restrict author = Olaf Alders license = Perl_5 copyright_holder = Olaf Alders copyright_year = 2013-2017 main_module = lib/HTML/Restrict.pm [@Author::OALDERS] [Prereqs] Type::Tiny = 1.002001 [Git::Tag] tag_format = %v tag_message = %v HTML-Restrict-v3.0.0/lib/HTML/000755 000765 000024 00000000000 13441464015 017034 5ustar00olafaldersstaff000000 000000 HTML-Restrict-v3.0.0/lib/HTML/Restrict.pm000644 000765 000024 00000056750 13441464015 021206 0ustar00olafaldersstaff000000 000000 use strict; use 5.006; package HTML::Restrict; use version; our $VERSION = 'v3.0.0'; use Carp qw( croak ); use Data::Dump qw( dump ); use HTML::Parser (); use HTML::Entities qw( encode_entities ); use Types::Standard 1.000001 qw[ Bool HashRef ArrayRef CodeRef ]; use List::Util 1.33 qw( any none ); use Scalar::Util qw( reftype weaken ); use Sub::Quote 'quote_sub'; use URI (); use Moo 1.002000; use namespace::clean; has allow_comments => ( is => 'rw', isa => Bool, default => 0, ); has allow_declaration => ( is => 'rw', isa => Bool, default => 0, ); has debug => ( is => 'rw', isa => Bool, default => 0, ); has parser => ( is => 'ro', lazy => 1, builder => '_build_parser', ); has rules => ( is => 'rw', isa => HashRef, required => 0, default => quote_sub(q{ {} }), trigger => \&_build_parser, reader => 'get_rules', writer => 'set_rules', ); has strip_enclosed_content => ( is => 'rw', isa => ArrayRef, default => sub { [ 'script', 'style' ] }, ); has replace_img => ( is => 'rw', isa => Bool | CodeRef, default => 0, ); has trim => ( is => 'rw', isa => Bool, default => 1, ); has uri_schemes => ( is => 'rw', isa => ArrayRef, required => 0, default => sub { [ undef, 'http', 'https' ] }, reader => 'get_uri_schemes', writer => 'set_uri_schemes', ); has _processed => ( is => 'rw', isa => quote_sub( q{ die "$_[0] is not false or a string!" unless !defined($_[0]) || $_[0] eq "" || "$_[0]" eq '0' || ref(\$_[0]) eq 'SCALAR' } ), clearer => '_clear_processed', ); has _stripper_stack => ( is => 'rw', isa => ArrayRef, default => sub { [] }, ); sub _build_parser { my $self = shift; my $rules = shift; # don't allow any upper case tag or attribute names # these rules would otherwise silently be ignored if ($rules) { foreach my $tag_name ( keys %{$rules} ) { if ( lc $tag_name ne $tag_name ) { croak "All tag names must be lower cased"; } if ( reftype $rules->{$tag_name} eq 'ARRAY' ) { my @attr_names; foreach my $attr_item ( @{ $rules->{$tag_name} } ) { ref $attr_item eq 'HASH' ? push( @attr_names, keys(%$attr_item) ) : push( @attr_names, $attr_item ); } for (@attr_names) { croak "All attribute names must be lower cased" if lc $_ ne $_; } } } } weaken($self); return HTML::Parser->new( empty_element_tags => 1, start_h => [ sub { my ( $p, $tagname, $attr, $text ) = @_; print "starting tag: $tagname", "\n" if $self->debug; my $more = q{}; if ( any { $_ eq $tagname } keys %{ $self->get_rules } ) { print dump $attr if $self->debug; foreach my $source_type ( 'href', 'src', 'cite' ) { my $link = $attr->{$source_type}; # Remove unprintable ASCII control characters, which # are 0..31. These characters are not valid in URLs, # but they can prevent the URI parser from recognizing # the scheme when they are used as leading characters. # Browsers will helpfully ignore some of them, meaning # that some of these characters (particularly 1..8 and # 14..31) can be used to defeat HTML::Restrict when # used as leading characters in a link. In our case we # will strip them all regardless of where they are in # the URL. See # https://github.com/oalders/html-restrict/issues/30 # https://url.spec.whatwg.org/ # https://infra.spec.whatwg.org/#c0-control if ($link) { # C0 control chars (decimal 0..31) # sort of like $link =~ s/[[:^print:]]//g $link =~ s/[\00-\037]|&#x?0+;/ /g; my $url = URI->new($link); if ( defined $url->scheme ) { delete $attr->{$source_type} if none { $_ eq $url->scheme } grep { defined } @{ $self->get_uri_schemes }; } else { # relative URL delete $attr->{$source_type} unless grep { !defined } @{ $self->get_uri_schemes }; } } } foreach my $attr_item ( @{ $self->get_rules->{$tagname} } ) { if ( ref $attr_item eq 'HASH' ) { # validate or munge with regex or coderef contraints # for my $attr_name ( sort grep exists $attr->{$_}, keys %$attr_item ) { my $rule = $attr_item->{$attr_name}; my $value = $attr->{$attr_name}; if ( ref $rule eq 'CODE' ) { $value = $rule->($value); next if !defined $value; } elsif ( $value =~ $rule ) { # ok } else { next; } $more .= qq[ $attr_name="] . encode_entities($value) . q["]; } } else { my $attr_name = $attr_item; if ( exists $attr->{$attr_name} ) { my $value = encode_entities( $attr->{$attr_name} ); $more .= qq[ $attr_name="$value" ] unless $attr_name eq q{/}; } } } # closing slash should (naturally) close the tag if ( exists $attr->{q{/}} && $attr->{q{/}} eq q{/} ) { $more .= ' /'; } my $elem = "<$tagname $more>"; $elem =~ s{\s*>}{>}gxms; $elem =~ s{\s+}{ }gxms; $self->_processed( ( $self->_processed || q{} ) . $elem ); } elsif ( $tagname eq 'img' && $self->replace_img ) { my $alt; if ( ref $self->replace_img ) { $alt = $self->replace_img->( $tagname, $attr, $text ); } else { $alt = defined( $attr->{alt} ) ? ": $attr->{alt}" : ""; $alt = "[IMAGE$alt]"; } $self->_processed( ( $self->_processed || q{} ) . $alt ); } elsif ( any { $_ eq $tagname } @{ $self->strip_enclosed_content } ) { print "adding $tagname to strippers" if $self->debug; push @{ $self->_stripper_stack }, $tagname; } }, "self,tagname,attr,text" ], end_h => [ sub { my ( $p, $tagname, $attr, $text ) = @_; print "end: $text\n" if $self->debug; if ( any { $_ eq $tagname } keys %{ $self->get_rules } ) { $self->_processed( ( $self->_processed || q{} ) . $text ); } elsif ( any { $_ eq $tagname } @{ $self->_stripper_stack } ) { $self->_delete_tag_from_stack($tagname); } }, "self,tagname,attr,text" ], text_h => [ sub { my ( $p, $text ) = @_; print "text: $text\n" if $self->debug; $text = _fix_text_encoding($text); if ( !@{ $self->_stripper_stack } ) { $self->_processed( ( $self->_processed || q{} ) . $text ); } }, "self,text" ], comment_h => [ sub { my ( $p, $text ) = @_; print "comment: $text\n" if $self->debug; if ( $self->allow_comments ) { $self->_processed( ( $self->_processed || q{} ) . $text ); } }, "self,text" ], declaration_h => [ sub { my ( $p, $text ) = @_; print "declaration: $text\n" if $self->debug; if ( $self->allow_declaration ) { $self->_processed( ( $self->_processed || q{} ) . $text ); } }, "self,text" ], ); } sub process { my $self = shift; # returns undef if no value was passed return if !@_; return $_[0] if !$_[0]; my ($content) = @_; die 'content must be a string!' unless ref( \$content ) eq 'SCALAR'; $self->_clear_processed; my $parser = $self->parser; $parser->parse($content); $parser->eof; my $text = $self->_processed; if ( $self->trim && $text ) { $text =~ s{\A\s*}{}gxms; $text =~ s{\s*\z}{}gxms; } $self->_processed($text); # ensure stripper stack is reset in case of broken html $self->_stripper_stack( [] ); return $self->_processed; } # strip_enclosed_content tags could be nested in the source HTML, so we # maintain a stack of these tags. sub _delete_tag_from_stack { my $self = shift; my $closing_tag = shift; my $found = 0; my @tag_list = (); foreach my $tag ( reverse @{ $self->_stripper_stack } ) { if ( $tag eq $closing_tag && $found == 0 ) { $found = 1; next; } push @tag_list, $tag; } $self->_stripper_stack( [ reverse @tag_list ] ); return; } # regex for entities that don't require a terminating semicolon my ($short_entity_re) = map qr/$_/i, join '|', '#x[0-9a-f]+', '#[0-9]+', grep !/;\z/, sort keys %HTML::Entities::entity2char; # semicolon required my ($complete_entity_re) = map qr/$_/i, join '|', grep /;\z/, sort keys %HTML::Entities::entity2char; sub _fix_text_encoding { my $text = shift; $text =~ s{ & (?: ($short_entity_re);? | ($complete_entity_re) )? }{ defined $1 ? "&$1;" : defined $2 ? "&$2" : "&" }xgie; return encode_entities( $text, '<>' ); } 1; # End of HTML::Restrict # ABSTRACT: Strip unwanted HTML tags and attributes __END__ =pod =encoding UTF-8 =head1 NAME HTML::Restrict - Strip unwanted HTML tags and attributes =head1 VERSION version v3.0.0 =head1 SYNOPSIS use HTML::Restrict; my $hr = HTML::Restrict->new(); # use default rules to start with (strip away all HTML) my $processed = $hr->process(' i am bold '); # $processed now equals: 'i am bold' # Now, a less restrictive example: $hr = HTML::Restrict->new( rules => { b => [], img => [qw( src alt / )] } ); my $html = q[hello me]; $processed = $hr->process( $html ); # $processed now equals: hello me =head1 DESCRIPTION This module uses L to strip HTML from text in a restrictive manner. By default all HTML is restricted. You may alter the default behaviour by supplying your own tag rules. =head1 CONSTRUCTOR AND STARTUP =head2 new() Creates and returns a new HTML::Restrict object. my $hr = HTML::Restrict->new() HTML::Restrict doesn't require any params to be passed to new. If your goal is to remove all HTML from text, then no further setup is required. Just pass your text to the process() method and you're done: my $plain_text = $hr->process( $html ); If you need to set up specific rules, have a look at the params which HTML::Restrict recognizes: =over 4 =item * C<< rules => \%rules >> Sets the rules which will be used to process your data. By default all HTML tags are off limits. Use this argument to define the HTML elements and corresponding attributes you'd like to use. Essentially, consider the default behaviour to be: rules => {} Rules should be passed as a HASHREF of allowed tags. Each hash value should represent the allowed attributes for the listed tag. For example, if you want to allow a fair amount of HTML, you can try something like this: my %rules = ( a => [qw( href target )], b => [], caption => [], center => [], em => [], i => [], img => [qw( alt border height width src style )], li => [], ol => [], p => [qw(style)], span => [qw(style)], strong => [], sub => [], sup => [], table => [qw( style border cellspacing cellpadding align )], tbody => [], td => [], tr => [], u => [], ul => [], ); my $hr = HTML::Restrict->new( rules => \%rules ) Or, to allow only bolded text: my $hr = HTML::Restrict->new( rules => { b => [] } ); Allow bolded text, images and some (but not all) image attributes: my %rules = ( b => [ ], img => [qw( src alt width height border / ) ); my $hr = HTML::Restrict->new( rules => \%rules ); Since L treats a closing slash as an attribute, you'll need to add "/" to your list of allowed attributes if you'd like your tags to retain closing slashes. For example: my $hr = HTML::Restrict->new( rules =>{ hr => [] } ); $hr->process( "
"); # returns:
my $hr = HTML::Restrict->new( rules =>{ hr => [qw( / )] } ); $hr->process( "
"); # returns:
HTML::Restrict strips away any tags and attributes which are not explicitly allowed. It also rebuilds your explicitly allowed tags and places their attributes in the order in which they appear in your rules. So, if you define the following rules: my %rules = ( ... img => [qw( src alt title width height id / )] ... ); then your image tags will all be built like this: ... This gives you greater consistency in your tag layout. If you don't care about element order you don't need to pay any attention to this, but you should be aware that your elements are being reconstructed rather than just stripped down. As of 2.1.0, you can also specify a regex to be tested against the attribute value. This feature should be considered experimental for the time being: my $hr = HTML::Restrict->new( rules => { iframe => [ qw( width height allowfullscreen ), { src => qr{^http://www\.youtube\.com}, frameborder => qr{^(0|1)$}, } ], img => [ qw( alt ), { src => qr{^/my/images/} }, ], }, ); my $html = 'Alt Text'; my $processed = $hr->process( $html ); # $processed now equals: Alt Text As of 2.3.0, the value to be tested against can also be a code reference. The code reference will be passed the value of the attribute, and should return either a string to use for the attribute value, or undef to remove the attribute. my $hr = HTML::Restrict->new( rules => { span => [ { style => sub { my $value = shift; # all colors are orange $value =~ s/\bcolor\s*:\s*[^;]+/color: orange/g; return $value; } } ], }, ); my $html = 'This is blue'; my $processed = $hr->process( $html ); # $processed now equals: =item * C<< trim => [0|1] >> By default all leading and trailing spaces will be removed when text is processed. Set this value to 0 in order to disable this behaviour. =item * C<< uri_schemes => [undef, 'http', 'https', 'irc', ... ] >> As of version 1.0.3, URI scheme checking is performed on all href and src tag attributes. The following schemes are allowed out of the box. No action is required on your part: [ undef, 'http', 'https' ] (undef represents relative URIs). These restrictions have been put in place to prevent XSS in the form of: click for cookie! See L for more detailed info on scheme parsing. If, for example, you wanted to filter out every scheme barring SSL, you would do it like this: uri_schemes => ['https'] This feature is new in 1.0.3. Previous to this, there was no schema checking at all. Moving forward, you'll need to whitelist explicitly all URI schemas which are not supported by default. This is in keeping with the whitelisting behaviour of this module and is also the safest possible approach. Keep in mind that changes to uri_schemes are not additive, so you'll need to include the defaults in any changes you make, should you wish to keep them: # defaults + irc + mailto uri_schemes => [ 'undef', 'http', 'https', 'irc', 'mailto' ] =item * allow_declaration => [0|1] Set this value to true if you'd like to allow/preserve DOCTYPE declarations in your content. Useful when cleaning up your own static files or templates. This feature is off by default. my $html = q[foo]; my $hr = HTML::Restrict->new( allow_declaration => 1 ); $html = $hr->process( $html ); # $html is now: "foo" =item * allow_comments => [0|1] Set this value to true if you'd like to allow/preserve HTML comments in your content. Useful when cleaning up your own static files or templates. This feature is off by default. my $html = q[foo]; my $hr = HTML::Restrict->new( allow_comments => 1 ); $html = $hr->process( $html ); # $html is now: "foo" =item * replace_img => [0|1|CodeRef] Set the value to true if you'd like to have img tags replaced with C<[IMAGE: ...]> containing the alt attribute text. If you set it to a code reference, you can provide your own replacement (which may even contain HTML). sub replacer { my ($tagname, $attr, $text) = @_; # from HTML::Parser return qq{IMAGE: $attr->{alt}}; } my $hr = HTML::Restrict->new( replace_img => \&replacer ); This attribute will only take effect if the img tag is not included in the allowed HTML. =item * strip_enclosed_content => [0|1] The default behaviour up to 1.0.4 was to preserve the content between script and style tags, even when the tags themselves were being deleted. So, you'd be left with a bunch of JavaScript or CSS, just with the enclosing tags missing. This is almost never what you want, so starting at 1.0.5 the default will be to remove any script or style info which is enclosed in these tags, unless they have specifically been whitelisted in the rules. This will be a sane default when cleaning up content submitted via a web form. However, if you're using HTML::Restrict to purge your own HTML you can be more restrictive. # strip the head section, in addition to JS and CSS my $html = '......foo'; my $hr = HTML::Restrict->new( strip_enclosed_content => [ 'script', 'style', 'head' ] ); $html = $hr->process( $html ); # $html is now '...foo'; The caveat here is that HTML::Restrict will not try to fix broken HTML. In the above example, if you have any opening script, style or head tags which don't also include matching closing tags, all following content will be stripped away, regardless of any parent tags. Keep in mind that changes to strip_enclosed_content are not additive, so if you are adding additional tags you'll need to include the entire list of tags whose enclosed content you'd like to remove. This feature strips script and style tags by default. =back =head1 SUBROUTINES/METHODS =head2 process( $html ) This is the method which does the real work. It parses your data, removes any tags and attributes which are not specifically allowed and returns the resulting text. Requires and returns a SCALAR. =head2 get_rules Accessor which returns a hash ref of the current rule set. =head2 get_uri_schemes Accessor which returns an array ref of the current valid uri schemes. =head1 CAVEATS Please note that all tag and attribute names passed via the rules param must be supplied in lower case. # correct my $hr = HTML::Restrict->new( rules => { body => ['onload'] } ); # throws a fatal error my $hr = HTML::Restrict->new( rules => { Body => ['onLoad'] } ); =head1 MOTIVATION There are already several modules on the CPAN which accomplish much of the same thing, but after doing a lot of poking around, I was unable to find a solution with a simple setup which I was happy with. The most common use case might be stripping HTML from user submitted data completely or allowing just a few tags and attributes to be displayed. With the exception of URI scheme checking, this module doesn't do any validation on the actual content of the tags or attributes. If this is a requirement, you can either mess with the parser object, post-process the text yourself or have a look at one of the more feature-rich modules in the SEE ALSO section below. My aim here is to keep things easy and, hopefully, cover a lot of the less complex use cases with just a few lines of code and some brief documentation. The idea is to be up and running quickly. =head1 SEE ALSO L, L, L, L, L, HTML::Sanitizer, L =head1 ACKNOWLEDGEMENTS Thanks to Raybec Communications L for funding my work on this module and for releasing it to the world. Thanks also to the following for patches, bug reports and assistance: Mark Jubenville (ioncache) Duncan Forsyth Rick Moore Arthur Axel 'fREW' Schmidt perlpong David Golden Graham TerMarsch Dagfinn Ilmari Mannsåker Graham Knop Carwyn Ellis =head1 AUTHOR Olaf Alders =head1 COPYRIGHT AND LICENSE This software is copyright (c) 2013-2017 by Olaf Alders. This is free software; you can redistribute it and/or modify it under the same terms as the Perl 5 programming language system itself. =cut HTML-Restrict-v3.0.0/examples/naughty-strings.pl000755 000765 000024 00000001364 13441464015 023052 0ustar00olafaldersstaff000000 000000 #!/usr/bin/env perl =head1 DESCRIPTION This script: * processes the Big List of Naughty Strings (or some version of it) * prints it to a file * tries to open this file in a browser This is helpful for finding naughty strings which might get turned into something clickable. A visual scan is required. =cut use strict; use warnings; use Browser::Open qw( open_browser ); use Data::BLNS qw( get_naughty_strings ); use HTML::Restrict (); use Path::Tiny (); my $hr = HTML::Restrict->new; my @clean = map { $_ . '
' } grep { $_ } map { $hr->process($_) } get_naughty_strings; my $file = Path::Tiny->tempfile( CLEANUP => 1, SUFFIX => '.html', ); $file->spew_raw( '', @clean, '' ); open_browser( $file->stringify ); HTML-Restrict-v3.0.0/examples/sanitize-file.pl000755 000765 000024 00000000601 13441464015 022440 0ustar00olafaldersstaff000000 000000 #!/usr/bin/env perl use strict; use warnings; use HTML::Restrict (); use Path::Tiny qw( path ); my $filename = shift @ARGV; die "usage: perl $0 path/to/file > path/to/new/file" if !$filename; my $text = path($filename)->slurp; my $hr = HTML::Restrict->new; print $hr->process($text); =pod =head1 SYNOPSIS perl sanitize_file path/to/filename > path/to/sanitized/file =cut HTML-Restrict-v3.0.0/xt/author/000755 000765 000024 00000000000 13441464015 017457 5ustar00olafaldersstaff000000 000000 HTML-Restrict-v3.0.0/xt/release/000755 000765 000024 00000000000 13441464015 017575 5ustar00olafaldersstaff000000 000000 HTML-Restrict-v3.0.0/xt/release/cpan-changes.t000644 000765 000024 00000000344 13441464015 022312 0ustar00olafaldersstaff000000 000000 use strict; use warnings; # this test was generated with Dist::Zilla::Plugin::Test::CPAN::Changes 0.012 use Test::More 0.96 tests => 1; use Test::CPAN::Changes; subtest 'changes_ok' => sub { changes_file_ok('Changes'); }; HTML-Restrict-v3.0.0/xt/author/tidyall.t000644 000765 000024 00000000522 13441464015 021305 0ustar00olafaldersstaff000000 000000 # This file was automatically generated by Dist::Zilla::Plugin::Test::TidyAll v$VERSION use Test::More 0.88; use Test::Code::TidyAll 0.24; tidyall_ok( verbose => ( exists $ENV{TEST_TIDYALL_VERBOSE} ? $ENV{TEST_TIDYALL_VERBOSE} : 0 ), jobs => ( exists $ENV{TEST_TIDYALL_JOBS} ? $ENV{TEST_TIDYALL_JOBS} : 1 ), ); done_testing; HTML-Restrict-v3.0.0/xt/author/synopsis.t000644 000765 000024 00000000060 13441464015 021527 0ustar00olafaldersstaff000000 000000 #!perl use Test::Synopsis; all_synopsis_ok(); HTML-Restrict-v3.0.0/xt/author/pod-syntax.t000644 000765 000024 00000000252 13441464015 021751 0ustar00olafaldersstaff000000 000000 #!perl # This file was automatically generated by Dist::Zilla::Plugin::PodSyntaxTests. use strict; use warnings; use Test::More; use Test::Pod 1.41; all_pod_files_ok(); HTML-Restrict-v3.0.0/xt/author/pod-spell.t000644 000765 000024 00000001150 13441464015 021540 0ustar00olafaldersstaff000000 000000 use strict; use warnings; use Test::More; # generated by Dist::Zilla::Plugin::Test::PodSpelling 2.007005 use Test::Spelling 0.12; use Pod::Wordlist; add_stopwords(); all_pod_files_spelling_ok( qw( bin lib ) ); __DATA__ Alders Alders' Arthur Axel Ben Bullock Carwyn DOCTYPE Dagfinn David Elliott Etheridge Fitz Forsyth Golden Graham HTML Ilmari Jubenville Karen Knop Mannsåker Mark Olaf Raybec Restrict Schmidt TerMarsch XSS benkasminbullock bolded calyx238 dagolden ether fREW fitz frioux graham haarg href img ioncache lib mark olaf param params perlpong sam schemas skaufman src whitelisted whitelisting HTML-Restrict-v3.0.0/xt/author/pod-coverage.t000644 000765 000024 00000000334 13441464015 022217 0ustar00olafaldersstaff000000 000000 #!perl # This file was automatically generated by Dist::Zilla::Plugin::PodCoverageTests. use Test::Pod::Coverage 1.08; use Pod::Coverage::TrustPod; all_pod_coverage_ok({ coverage_class => 'Pod::Coverage::TrustPod' }); HTML-Restrict-v3.0.0/t/pod.t000644 000765 000024 00000000350 13441464015 016732 0ustar00olafaldersstaff000000 000000 #!perl -T use strict; use warnings; use Test::More; # Ensure a recent version of Test::Pod my $min_tp = 1.22; eval "use Test::Pod $min_tp"; plan skip_all => "Test::Pod $min_tp required for testing POD" if $@; all_pod_files_ok(); HTML-Restrict-v3.0.0/t/lowercase.t000644 000765 000024 00000001103 13441464015 020131 0ustar00olafaldersstaff000000 000000 #!/usr/bin/env perl use strict; use warnings; use Test::More; use Test::Fatal; use HTML::Restrict; my $html = q[foo]; like( exception { my $hr = HTML::Restrict->new( rules => { Body => ['onload'] } ); }, qr{tag names must be lower cased}, "dies on mixed case tag names", ); like( exception { my $hr = HTML::Restrict->new( rules => { body => ['onLoad'] } ); }, qr{attribute names must be lower cased}, "dies on mixed case attributes", ); done_testing(); HTML-Restrict-v3.0.0/t/control-characters.t000755 000765 000024 00000002250 13441464015 021751 0ustar00olafaldersstaff000000 000000 use strict; use warnings; use Test::More; use HTML::Restrict (); my $hr = HTML::Restrict->new( rules => { a => ['href'] }, uri_schemes => [undef], ); my $expected = 'click me'; for my $i ( 0 .. 31 ) { subtest "control char $i" => sub { my $dec = "&#$i;"; my $hex = sprintf( "&#x%X;", $i ); for my $prefix ( $dec, $hex ) { my $type = $prefix =~ m{x} ? 'hex' : 'decimal'; my $single = $hr->process( make_link($prefix) ); is( $single, $expected, "single control char removed ($type)" ); my $double = $hr->process( make_link( $prefix, $prefix ) ); is( $double, $expected, "double control char removed ($type)" ); } }; } is( $hr->process( make_link("�") ), $expected, 'null byte (decimal) with more padding' ); is( $hr->process( make_link("�") ), $expected, 'null byte (hex) with more padding' ); sub make_link { my $prefix = join q{}, @_; return sprintf( q{click me}, $prefix, ); } done_testing; HTML-Restrict-v3.0.0/t/perlcriticrc000644 000765 000024 00000000202 13441464015 020367 0ustar00olafaldersstaff000000 000000 severity = 3 [-Subroutines::RequireArgUnpacking] [-ControlStructures::ProhibitPostfixControls] [-Miscellanea::RequireRcsKeywords] HTML-Restrict-v3.0.0/t/xss.t000755 000765 000024 00000001646 13441464015 017001 0ustar00olafaldersstaff000000 000000 #!/usr/bin/env perl use warnings; use strict; use Test::More; use HTML::Restrict; my $hr = HTML::Restrict->new; $hr->debug(0); $hr->set_rules( { a => [ 'href', 'class' ] } ); my $text = 'oops!'; my $clean = $hr->process($text); is $clean, 'oops!', "bad scheme removed"; is $hr->process('evil'), 'evil', 'bad scheme removed'; foreach my $uri ( 'http://vilerichard.com', 'https://vilerichard.com', '//vilerichard.com', '/music' ) { my $img = qq[click]; is $hr->process($img), $img, "good uri scheme preserved"; } is $hr->process( '' ), '', 'attribute value filtered'; done_testing(); HTML-Restrict-v3.0.0/t/style.t000644 000765 000024 00000000740 13441464015 017313 0ustar00olafaldersstaff000000 000000 #!perl use strict; use warnings; use HTML::Restrict; use Scalar::Util; use Test::More; my $hr = HTML::Restrict->new( debug => 0 ); my $html = q[]; is( $hr->process($html), undef, "content of style tag removed by default" ); $hr->set_rules( { style => ['type'] } ); is( $hr->process($html), $html, "content of style tag preserved" ); done_testing(); HTML-Restrict-v3.0.0/t/declaration.t000644 000765 000024 00000001021 13441464015 020431 0ustar00olafaldersstaff000000 000000 #!/usr/bin/env perl use warnings; use strict; use HTML::Restrict; use Test::More; my $hr = HTML::Restrict->new; my $text = ' '; $hr->debug(1); is $hr->process($text), '', 'declaration not preserved'; $hr->allow_declaration(1); is $hr->process($text), '', 'declaration is preserved'; $text = ''; is $hr->process($text), $text, 'declaration preserved'; done_testing(); HTML-Restrict-v3.0.0/t/attribute_constraints.t000644 000765 000024 00000006006 13441464015 022606 0ustar00olafaldersstaff000000 000000 use strict; use warnings; use Test::More; use HTML::Restrict; my $hr = HTML::Restrict->new( rules => { iframe => [ qw( width height ), { src => qr{^http://www\.youtube\.com}, frameborder => qr{^(0|1)$}, } ], }, ); cmp_ok( $hr->process( '' ), 'eq', '', 'all constraints pass', ); cmp_ok( $hr->process( '' ), 'eq', '', 'one constraint fails', ); cmp_ok( $hr->process( '' ), 'eq', '', 'two constraints fail', ); $hr = HTML::Restrict->new( rules => { iframe => [ { src => qr{^http://www\.youtube\.com} }, { frameborder => qr{^(0|1)$} }, { height => qr{^315$} }, { width => qr{^560$} }, ], }, ); cmp_ok( $hr->process( '' ), 'eq', '', 'possible to maintain order', ); cmp_ok( $hr->process( q[] ), 'eq', q[], 'entities are re-encoded when regex match passes', ); $hr = HTML::Restrict->new( rules => { span => [ { style => sub { my $value = shift; my @values; while ( $value =~ /(?:\A|;)\s*([a-z-]+)\s*:\s*([^;\n]+?)\s*(?=;|$)/gc ) { my ( $prop, $prop_value ) = ( $1, $2 ); if ( $prop =~ /\A(?:margin|padding)\z/ && $prop_value =~ /\A\d+(?:em|px|)\z/ ) { push @values, "$prop: $prop_value"; } } return unless @values; return join '; ', @values; } }, { class => sub { return undef } }, ], }, ); cmp_ok( $hr->process( 'content', ), 'eq', 'content', 'filter attributes by coderef', ); done_testing; HTML-Restrict-v3.0.0/t/comments.t000644 000765 000024 00000001454 13441464015 020003 0ustar00olafaldersstaff000000 000000 #!/usr/bin/env perl use warnings; use strict; use HTML::Restrict; use Test::More; my $hr = HTML::Restrict->new; my $text = 'stuff'; $hr->debug(0); is $hr->process($text), 'stuff', 'comments allowed'; $hr->allow_comments(1); is $hr->process($text), $text, 'comments allowd'; $text = 'beforeafter'; $hr->allow_comments(0); is $hr->process($text), 'beforeafter', 'comment allowed'; $hr->allow_comments(1); is $hr->process($text), $text, 'comments allowd'; $hr->allow_comments(0); $text = ''; is $hr->process($text), undef, 'tags nested in comments removed'; #$hr->set_rules({ script => [], 'h1' => [] }); #is $hr->process( $text ), $text, 'tags nested in comments not removed when explicitly allowed'; done_testing(); HTML-Restrict-v3.0.0/t/js.t000644 000765 000024 00000000724 13441464015 016571 0ustar00olafaldersstaff000000 000000 #!perl use strict; use warnings; use HTML::Restrict; use Scalar::Util; use Test::More; my $hr = HTML::Restrict->new( debug => 0 ); my $html = q[]; is( $hr->process($html), undef, "content of script tags removed by default" ); $hr->set_rules( { script => ['type'] } ); is( $hr->process($html), $html, "content of script preserved" ); done_testing(); HTML-Restrict-v3.0.0/t/empty-element-tags.t000644 000765 000024 00000001051 13441464015 021670 0ustar00olafaldersstaff000000 000000 use strict; use warnings; use Test::More; use HTML::Restrict; my $before = <<'EOF'; two element open & close break

one element open & close break
one element open & close break no space
EOF my $after = <<'EOF'; two element open & close break

one element open & close break
one element open & close break no space
EOF my $hr = HTML::Restrict->new( trim => 0, rules => { br => [], }, ); my $got = $hr->process($before); is( $got, $after, '
preserved' ); done_testing(); HTML-Restrict-v3.0.0/t/scheme.t000644 000765 000024 00000003016 13441464015 017416 0ustar00olafaldersstaff000000 000000 use strict; use warnings; use Test::More; use HTML::Restrict; my $hr = HTML::Restrict->new( rules => { a => [qw( href )], img => [qw( src /)], blockquote => [qw( cite )], }, ); $hr->set_uri_schemes( [ 'http', 'https', undef, 'ftp' ] ); cmp_ok( $hr->process('link'), 'eq', 'link', 'http scheme preserved', ); cmp_ok( $hr->process('link'), 'eq', 'link', 'https scheme preserved', ); cmp_ok( $hr->process('link'), 'eq', 'link', 'relative scheme preserved', ); cmp_ok( $hr->process('link'), 'eq', 'link', 'ftp scheme preserved', ); cmp_ok( $hr->process('link'), 'eq', 'link', 'file scheme removed', ); cmp_ok( $hr->process(''), 'eq', '', 'img src with javascript removed', ); cmp_ok( $hr->process( '
blockquote
'), 'eq', '
blockquote
', 'blockquote cite with javascript removed', ); # disable relative schemes $hr->set_uri_schemes( [ 'http', 'https', 'ftp' ] ); cmp_ok( $hr->process('link'), 'eq', 'link', 'relative scheme removed', ); done_testing(); HTML-Restrict-v3.0.0/t/malformed-html.t000755 000765 000024 00000002150 13441464015 021063 0ustar00olafaldersstaff000000 000000 use strict; use warnings; use Test::Fatal qw( exception ); use Test::More; use HTML::Restrict; # Behaviour as of 2.3.0 is for # <div onmouseover="alert(1);">hover over me</div> # to get pared down to #
hover over me
# with a subsequent call to process() returning # hover over me # So, malformed HTML is actually being turned into valid HTML on the first pass # and the tags are not being stripped. This is a regression test for fixing the # issue noted above. my $html = '<div onmouseover="alert(1);">hover over me</div>'; { my $hr = HTML::Restrict->new; is( $hr->process( '<div onmouseover="alert(1);">hover over me</div>'), '<div onmouseover="alert(1);">hover over me</div>', 'malformed HTML is correctly cleaned' ); } { my $hr = HTML::Restrict->new; is( $hr->process( '&lt; θ &aMp; 2 P «g;'), '&lt; θ &aMp; 2 P «g;', 'badly encoded entities corrected' ); } done_testing(); HTML-Restrict-v3.0.0/t/00-load.t000644 000765 000024 00000007135 13441464015 017314 0ustar00olafaldersstaff000000 000000 #!perl use Test::More; use strict; use warnings; use Data::Dump; use HTML::Restrict; use Scalar::Util; my $version = $HTML::Restrict::VERSION || 'development'; diag( "Testing HTML::Restrict $version, Perl $], $^X" ); my $hr = HTML::Restrict->new( debug => 0 ); isa_ok( $hr, 'HTML::Restrict' ); isa_ok( $hr->parser, 'HTML::Parser' ); my $default_rules = $hr->get_rules; cmp_ok( Scalar::Util::reftype( $default_rules ), 'eq', 'HASH', "default rules are empty" ); # basic stripping -- all tags strippped my $bold = 'i am bold'; my $processed = $hr->process( $bold ); cmp_ok( $processed, 'eq', 'i am bold', "b tag stripped" ); # updating rules my $b_rules = { b => [] }; $hr->set_rules( $b_rules ); my $updated_rules = $hr->get_rules; is_deeply( $b_rules, $updated_rules, "rules update correctly" ); # ensure allowed tags aren't stripped $processed = $hr->process( $bold ); cmp_ok( $processed, 'eq', $bold, "b tag not stripped" ); # more complex set with multiple tags # ensure allowed tags aren't stripped and others are removed $hr->set_rules( { a => [qw( href target )] } ); my $link = q[
google
]; my $processed_link = $hr->process( $link ); cmp_ok( $processed_link, 'eq', q[google], "allowed link but not center tag", ); # ensure closing slash is maintained for tags # with no end tag $hr->set_rules( { img => [qw( src width height /)] } ); my $img = q[]; my $processed_img = $hr->process( $img ); cmp_ok( $processed_img, 'eq', '', "closing slash preserved in image" ); # rest rules to default set $hr->set_rules( {} ); cmp_ok( $hr->process( $bold ), 'eq', 'i am bold', "back to default rules" ); # stripping of comments cmp_ok( $hr->process( "ok" ), 'eq', 'ok', "comments are stripped" ); # stripping of javascript includes cmp_ok( $hr->process( q{ok} ), 'eq', 'ok', "javascript includes are stripped" ); # stripping of css includes cmp_ok( $hr->process( q{ok} ), 'eq', 'ok', "css includes are stripped" ); ok( $hr->trim, "trim enabled by default" ); # stripping of leading and trailing spaces cmp_ok( $hr->process( " ok ok ok " ), 'eq', 'ok ok ok', "leading and trailing spaces trimmed" ); # stripping of div tags cmp_ok( $hr->process( "
ok
" ), 'eq', 'ok', "divs are stripped away" ); # undef should be returned when no value is passed to the process method is( $hr->process(), undef, "undef is returned when no value passed" ); # start fresh # RT #55775 $hr = HTML::Restrict->new; cmp_ok( $hr->process( 0 ), 'eq', '0', "untrue values not processed"); cmp_ok( $hr->process( '0' ), 'eq', '0', "untrue values not processed"); cmp_ok( $hr->process( '000' ), 'eq', '000', "untrue values not processed"); ok( !$hr->process(""), "process only HTML" ); # bugfix: check URI scheme for "src" attributes $hr = HTML::Restrict->new( rules => { img => [qw( src )] } ); $hr->set_uri_schemes( [ undef, 'http', 'https' ] ); cmp_ok( $hr->process(''), 'eq', '' ); # bugfix: ensure stripper stack is reset in case of broken html $hr = HTML::Restrict->new; $hr->strip_enclosed_content( ['script'] ); $hr->process('