neuron-technologies/el
2
0
Fork 0
Code Issues Pull Requests 3 Actions Packages Projects Releases 5 Wiki Activity
Files
runtime/integrate
el/tests/html_sanitizer/run.sh
T
Will Anderson af480f6266 add el_html_sanitize allowlist runtime primitive 
Replaces the need for product-level denylist sanitizers. Small
state-machine parser; tag-and-attribute allowlist passed as JSON;
URL scheme validation on href/src attrs (http, https, mailto,
fragment, relative); whole-subtree drop for script/style/iframe/
object/embed/form (plus rarer media containers). No comment-
wrapping (was fragile to comment-injection bypass via a literal
--> inside an attacker-supplied attribute value).

Also picks up the codegen and parser changes for first-class
Instant/Duration types (postfix-literal time values, typed binop
dispatch) that were sitting in tree alongside this work.

Test corpus at tests/html_sanitizer/ covers the live attacker
probes (script, iframe, form, javascript:, about:, data:, img
onerror, onclick) plus structural attacks (comment-injection
bypass, tab-in-scheme bypass, encoded payloads, malformed input,
empty input, plain text). 29 cases, all green.

Self-host fixed point holds at 5720 lines via the canonical
el-compiler/src/compiler.el entry. Snapshot tagged at
dist/platform/elc.20260502-1249-self-host.

Backlog: bl-dc55ae07
2026-05-02 12:49:41 -05:00

33 lines
918 B
Bash
Executable File
Raw Permalink Blame History

#!/usr/bin/env bash
# run.sh — build and execute the html_sanitizer acceptance corpus.
#
# Compiles tests/html_sanitizer/runner.el via the canonical native elc,
# links against the shared C runtime, then runs the binary against
# cases.json. Exits non-zero on any FAIL.
set -euo pipefail
cd "$(dirname "$0")"
EL_HOME="${EL_HOME:-$(cd ../.. && pwd)}"
ELC="${EL_HOME}/dist/platform/elc"
RUNTIME_DIR="${EL_HOME}/el-compiler/runtime"
if [ ! -x "${ELC}" ]; then
echo "elc not found at ${ELC}" >&2
exit 1
fi
OUT_C="$(mktemp -t html_sanitizer.XXXXXX).c"
OUT_BIN="$(mktemp -t html_sanitizer.XXXXXX)"
trap 'rm -f "${OUT_C}" "${OUT_BIN}"' EXIT
echo "==> Compiling runner.el via ${ELC}"
"${ELC}" runner.el > "${OUT_C}"
echo "==> Linking against ${RUNTIME_DIR}/el_runtime.c"
cc -O2 -I "${RUNTIME_DIR}" "${OUT_C}" "${RUNTIME_DIR}/el_runtime.c" \
-lcurl -lpthread -o "${OUT_BIN}"
echo "==> Running"
"${OUT_BIN}"
Reference in New Issue View Git Blame Copy Permalink