Merge pull request #1 from JuliaComputing/sp/correctws

pfitzseb · web-flow · commit 9c34154df613 · 2020-01-09T20:13:59.000+01:00
preserve whitespace
diff --git a/src/HTMLSanitizer.jl b/src/HTMLSanitizer.jl
@@ -14,14 +14,17 @@ Sanitizes the HTML input according to `whitelist`.
 - `prettyprint`: Returns a prettier multiline string instead of a somewhat minified version.
 """
 function sanitize(input::AbstractString; isfragment = true, whitelist = WHITELIST, prettyprint = false)
-    doc = parsehtml(input)
+    input_preserve_ws = replace(input, r"(\s+)"s => s" 🐑\1🐑 ")
+    doc = parsehtml(input_preserve_ws)
 
     sanitize_bfs(doc.root, whitelist)
 
     out = IOBuffer()
     print(out, doc.root, pretty = prettyprint)
 
     out = String(take!(out))
+    out = replace(out, r"\s?🐑(\s+)🐑\s?"s => s"\1")
+
     if isfragment
         out = replace(out, r"^<HTML>" => "")
         out = replace(out, r"</HTML>$" => "")
@@ -30,7 +33,9 @@ function sanitize(input::AbstractString; isfragment = true, whitelist = WHITELIS
     end
 end
 
-reparent!(node, parent) = node.parent = parent
+reparent!(_, _) = nothing
+
+reparent!(node::HTMLElement, parent) = node.parent = parent
 
 # HTMLText isn't mutable, so this does nothing. Will lead to inconsistencies, but ¯\_(ツ)_/¯.
 reparent!(node::HTMLText, parent) = nothing
@@ -70,7 +75,8 @@ function sanitize_element(el::HTMLElement{TAG}, whitelist) where TAG
             return Gumbo.HTMLText("")
         end
         @debug("Replacing `$(tag)` with its contents.")
-        return sanitize_element.(el.children, Ref(whitelist))
+        out = sanitize_element.(el.children, Ref(whitelist))
+        return isempty(out) ? Gumbo.HTMLText("") : out
     end
 
     el = sanitize_attributes(el, whitelist)
diff --git a/test/runtests.jl b/test/runtests.jl
@@ -94,7 +94,7 @@ using Test
       <tfoot><tr><td>Sum</td></tr></tfoot>
       <tbody><tr><td>1</td></tr></tbody>
       </table>"""
-    @test replace(orig, '\n' => "") == HTMLSanitizer.sanitize(orig)
+    @test replace(orig, "\n" => "") == replace(HTMLSanitizer.sanitize(orig), "\n" => "")
   end
 
   @testset "test_summary_tag_are_not_removed" begin
@@ -116,10 +116,34 @@ using Test
           <summary>Baz</summary>
         </details>
         Qux
-      </details>
-    """
-    @test replace(orig, r"[\s\n]" => "") == replace(HTMLSanitizer.sanitize(orig), r"[\s\n]" => "")
+      </details>"""
+    @test replace(orig, "\n" => "") == replace(HTMLSanitizer.sanitize(orig), "\n" => "")
   end
 end
 
+@testset "preserve relevant whitespace" begin
+  orig = """
+  <!DOCTYPE html>
+  <html>
+    <head>
+      <meta description="test page"></meta>
+    </head>
+    <body>
+      <p>A simple test page.</p>
+      <a></a>
+      <a></a>
+      <pre>
+          <code>
+  foo
+  bar
+  baz
+          </code>
+      </pre>
+    </body>
+  </html>
+  """
+  expected = "<HTML>\n\n  \n    \n  \n  \n    <p>A simple test page.</p>\n    <a></a>\n    <a></a>\n    <pre>\n        <code>\nfoo\nbar\nbaz\n        </code>\n    </pre>\n  \n\n</HTML>"
+  @test sanitize(orig, isfragment=false) == expected
+end
+
 include("malicious_html.jl")
