"""Central HTML output-sanitization policy for the ontology (v2) HTML path. `unstructured` renders untrusted document content into HTML in two places: * ``OntologyElement.to_html`` (``documents/ontology.py``), which fills ``ElementMetadata.text_as_html``. Some callers return this value to clients verbatim, so it must be safe on its own. * ``elements_to_html`` (``partition/html/convert.py``), which assembles a full HTML document from a list of elements. Both used to interpolate attacker-controlled text, attribute names, attribute values, and URL schemes with no output encoding, allowing stored XSS (GHSA-v5mq-3xhg-98m9). This module is the single source of truth for the sanitization policy shared by both paths: * an allowlist of HTML tags we ever legitimately emit, * an allowlist of attribute names (event-handler ``on*`` attributes are never allowed, killing ``onerror``/``onload``/``onmouseover``), * a URL-scheme allowlist for URL-bearing attributes (``href``/``src``/...), which drops ``javascript:`` / ``vbscript:`` and permits ``data:`` only for raster image MIME types on ``img[src]``. The emitter (``ontology.py``) uses the lightweight filters here plus ``html.escape`` to make ``text_as_html`` safe on its own; ``elements_to_html`` additionally runs the assembled document through :func:`sanitize_html_fragment` (``nh3``) as defense-in-depth that also covers attributes it injects itself (e.g. ``href`` from ``metadata.url``). """ from __future__ import annotations import re import nh3 # -- Tags the ontology / convert paths legitimately emit. Anything outside this # -- set (``