"""Central HTML output-sanitization policy for the ontology (v2) HTML path.
`unstructured` renders untrusted document content into HTML in two places:
* ``OntologyElement.to_html`` (``documents/ontology.py``), which fills
``ElementMetadata.text_as_html``. Some callers return this value to clients
verbatim, so it must be safe on its own.
* ``elements_to_html`` (``partition/html/convert.py``), which assembles a full
HTML document from a list of elements.
Both used to interpolate attacker-controlled text, attribute names, attribute
values, and URL schemes with no output encoding, allowing stored XSS
(GHSA-v5mq-3xhg-98m9). This module is the single source of truth for the
sanitization policy shared by both paths:
* an allowlist of HTML tags we ever legitimately emit,
* an allowlist of attribute names (event-handler ``on*`` attributes are never
allowed, killing ``onerror``/``onload``/``onmouseover``),
* a URL-scheme allowlist for URL-bearing attributes (``href``/``src``/...),
which drops ``javascript:`` / ``vbscript:`` and permits ``data:`` only for
raster image MIME types on ``img[src]``.
The emitter (``ontology.py``) uses the lightweight filters here plus
``html.escape`` to make ``text_as_html`` safe on its own; ``elements_to_html``
additionally runs the assembled document through :func:`sanitize_html_fragment`
(``nh3``) as defense-in-depth that also covers attributes it injects itself
(e.g. ``href`` from ``metadata.url``).
"""
from __future__ import annotations
import re
import nh3
# -- Tags the ontology / convert paths legitimately emit. Anything outside this
# -- set (``