The words Under construction in black text on a yellow background with diagonal black stipes surrounding it
I'm in the process of moving my site. It's still a work in progress. Please excuse the mess and broken links.

Sanitize HTML With Ammonia In Rust

TODO: Pull subtitle into page object

Overview

I'm using the ammonia rust crate to sanitize HTML for my twitch bot. I'm using it like this:

Code
use ammonia::Builder;
use maplit::{hashmap, hashset};

fn main() {
    let source = r#"
        <div>
            <span id="alfa" class="bravo">charlie</span>
        </div>
    "#;
    let scrubbed = sanatize_html(source);
    dbg!(scrubbed);
}

fn sanatize_html(source: &str) -> String {
    let tags = hashset!["span"];
    let tag_attrs = hashmap![
        "span" => hashset!["id"]
    ];
    Builder::new()
        .tags(tags)
        .tag_attributes(tag_attrs)
        .clean(source)
        .to_string()
}

Details

Installation

Installing the crate is done with:

Code
cargo add ammonia
cargo add maplit

The _matlit__ crate provides the macros used in the example to make the hashsets and hashmap. It's not required. Using the std hash features works as well.

Debugging Stuff

I'm moving stuff around right now. All this below is helping me figure out where to put stuff

        -- title

Sanitize HTML With Ammonia In Rust

-- h2

Overview

I'm using the ammonia rust crate to sanitize
HTML for my twitch bot. I'm using it like this: 

-- code

use ammonia::Builder;
use maplit::{hashmap, hashset};

fn main() {
    let source = r#"
        <div>
            <span id="alfa" class="bravo">charlie</span>
        </div>
    "#;
    let scrubbed = sanatize_html(source);
    dbg!(scrubbed);
}

fn sanatize_html(source: &str) -> String {
    let tags = hashset!["span"];
    let tag_attrs = hashmap![
        "span" => hashset!["id"]
    ];
    Builder::new()
        .tags(tags)
        .tag_attributes(tag_attrs)
        .clean(source)
        .to_string()
}

-- h2

Details

-- list

- Only tags and attributes for the tags are
are explicitly added will be allowed through

- Permitted tags are added to the `tags`` hashset
and added to the `Builder`` via `.tags()``

- Attributes for defined for each tag `tag_attrs``
and added via `.tag_attributes()``

- The output is returned as a string. In this
example about the result is:

&lt;span id="alfa"&gt;charlie&lt;/span&gt;


-- h3

Installation

Installing the crate is done with:

-- code

cargo add ammonia
cargo add maplit

-- p

The _matlit__ crate provides the macros used in the
example to make the hashsets and hashmap. It's not 
required. Using the std hash features works as well. 


-- ref
-- title: Ammonia
-- subtitle: - an allow-list based HTML sanitization library
-- url: https://docs.rs/ammonia/latest/ammonia/

"Designed to prevent cross-site scripting, layout breaking, 
and clickjacking caused by untrusted user-provided HTML being 
mixed into a larger web page"

-- ref
-- title: html5ever
-- url: https://docs.rs/html5ever/latest/html5ever/

This is what ammonia uses under the hood for parsing

-- ref
-- title: Ammonia Builder
-- url: https://docs.rs/ammonia/latest/ammonia/struct.Builder.html

The made struct for setting up a sanitize run

-- categories
-- Rust 

-- metadata
-- date: 2023-08-31 21:42:36
-- id: 2um6lang
-- site: aws
-- type: post
-- status: published