policy.go 18 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533
  1. // Copyright (c) 2014, David Kitchen <david@buro9.com>
  2. //
  3. // All rights reserved.
  4. //
  5. // Redistribution and use in source and binary forms, with or without
  6. // modification, are permitted provided that the following conditions are met:
  7. //
  8. // * Redistributions of source code must retain the above copyright notice, this
  9. // list of conditions and the following disclaimer.
  10. //
  11. // * Redistributions in binary form must reproduce the above copyright notice,
  12. // this list of conditions and the following disclaimer in the documentation
  13. // and/or other materials provided with the distribution.
  14. //
  15. // * Neither the name of the organisation (Microcosm) nor the names of its
  16. // contributors may be used to endorse or promote products derived from
  17. // this software without specific prior written permission.
  18. //
  19. // THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
  20. // AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  21. // IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
  22. // DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
  23. // FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
  24. // DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
  25. // SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
  26. // CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
  27. // OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
  28. // OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  29. package bluemonday
  30. import (
  31. "net/url"
  32. "regexp"
  33. "strings"
  34. )
  35. // Policy encapsulates the whitelist of HTML elements and attributes that will
  36. // be applied to the sanitised HTML.
  37. //
  38. // You should use bluemonday.NewPolicy() to create a blank policy as the
  39. // unexported fields contain maps that need to be initialized.
  40. type Policy struct {
  41. // Declares whether the maps have been initialized, used as a cheap check to
  42. // ensure that those using Policy{} directly won't cause nil pointer
  43. // exceptions
  44. initialized bool
  45. // If true then we add spaces when stripping tags, specifically the closing
  46. // tag is replaced by a space character.
  47. addSpaces bool
  48. // When true, add rel="nofollow" to HTML anchors
  49. requireNoFollow bool
  50. // When true, add rel="nofollow" to HTML anchors
  51. // Will add for href="http://foo"
  52. // Will skip for href="/foo" or href="foo"
  53. requireNoFollowFullyQualifiedLinks bool
  54. // When true add target="_blank" to fully qualified links
  55. // Will add for href="http://foo"
  56. // Will skip for href="/foo" or href="foo"
  57. addTargetBlankToFullyQualifiedLinks bool
  58. // When true, URLs must be parseable by "net/url" url.Parse()
  59. requireParseableURLs bool
  60. // When true, u, _ := url.Parse("url"); !u.IsAbs() is permitted
  61. allowRelativeURLs bool
  62. // map[htmlElementName]map[htmlAttributeName]attrPolicy
  63. elsAndAttrs map[string]map[string]attrPolicy
  64. // map[htmlAttributeName]attrPolicy
  65. globalAttrs map[string]attrPolicy
  66. // If urlPolicy is nil, all URLs with matching schema are allowed.
  67. // Otherwise, only the URLs with matching schema and urlPolicy(url)
  68. // returning true are allowed.
  69. allowURLSchemes map[string]urlPolicy
  70. // If an element has had all attributes removed as a result of a policy
  71. // being applied, then the element would be removed from the output.
  72. //
  73. // However some elements are valid and have strong layout meaning without
  74. // any attributes, i.e. <table>. To prevent those being removed we maintain
  75. // a list of elements that are allowed to have no attributes and that will
  76. // be maintained in the output HTML.
  77. setOfElementsAllowedWithoutAttrs map[string]struct{}
  78. setOfElementsToSkipContent map[string]struct{}
  79. }
  80. type attrPolicy struct {
  81. // optional pattern to match, when not nil the regexp needs to match
  82. // otherwise the attribute is removed
  83. regexp *regexp.Regexp
  84. }
  85. type attrPolicyBuilder struct {
  86. p *Policy
  87. attrNames []string
  88. regexp *regexp.Regexp
  89. allowEmpty bool
  90. }
  91. type urlPolicy func(url *url.URL) (allowUrl bool)
  92. // init initializes the maps if this has not been done already
  93. func (p *Policy) init() {
  94. if !p.initialized {
  95. p.elsAndAttrs = make(map[string]map[string]attrPolicy)
  96. p.globalAttrs = make(map[string]attrPolicy)
  97. p.allowURLSchemes = make(map[string]urlPolicy)
  98. p.setOfElementsAllowedWithoutAttrs = make(map[string]struct{})
  99. p.setOfElementsToSkipContent = make(map[string]struct{})
  100. p.initialized = true
  101. }
  102. }
  103. // NewPolicy returns a blank policy with nothing whitelisted or permitted. This
  104. // is the recommended way to start building a policy and you should now use
  105. // AllowAttrs() and/or AllowElements() to construct the whitelist of HTML
  106. // elements and attributes.
  107. func NewPolicy() *Policy {
  108. p := Policy{}
  109. p.addDefaultElementsWithoutAttrs()
  110. p.addDefaultSkipElementContent()
  111. return &p
  112. }
  113. // AllowAttrs takes a range of HTML attribute names and returns an
  114. // attribute policy builder that allows you to specify the pattern and scope of
  115. // the whitelisted attribute.
  116. //
  117. // The attribute policy is only added to the core policy when either Globally()
  118. // or OnElements(...) are called.
  119. func (p *Policy) AllowAttrs(attrNames ...string) *attrPolicyBuilder {
  120. p.init()
  121. abp := attrPolicyBuilder{
  122. p: p,
  123. allowEmpty: false,
  124. }
  125. for _, attrName := range attrNames {
  126. abp.attrNames = append(abp.attrNames, strings.ToLower(attrName))
  127. }
  128. return &abp
  129. }
  130. // AllowNoAttrs says that attributes on element are optional.
  131. //
  132. // The attribute policy is only added to the core policy when OnElements(...)
  133. // are called.
  134. func (p *Policy) AllowNoAttrs() *attrPolicyBuilder {
  135. p.init()
  136. abp := attrPolicyBuilder{
  137. p: p,
  138. allowEmpty: true,
  139. }
  140. return &abp
  141. }
  142. // AllowNoAttrs says that attributes on element are optional.
  143. //
  144. // The attribute policy is only added to the core policy when OnElements(...)
  145. // are called.
  146. func (abp *attrPolicyBuilder) AllowNoAttrs() *attrPolicyBuilder {
  147. abp.allowEmpty = true
  148. return abp
  149. }
  150. // Matching allows a regular expression to be applied to a nascent attribute
  151. // policy, and returns the attribute policy. Calling this more than once will
  152. // replace the existing regexp.
  153. func (abp *attrPolicyBuilder) Matching(regex *regexp.Regexp) *attrPolicyBuilder {
  154. abp.regexp = regex
  155. return abp
  156. }
  157. // OnElements will bind an attribute policy to a given range of HTML elements
  158. // and return the updated policy
  159. func (abp *attrPolicyBuilder) OnElements(elements ...string) *Policy {
  160. for _, element := range elements {
  161. element = strings.ToLower(element)
  162. for _, attr := range abp.attrNames {
  163. if _, ok := abp.p.elsAndAttrs[element]; !ok {
  164. abp.p.elsAndAttrs[element] = make(map[string]attrPolicy)
  165. }
  166. ap := attrPolicy{}
  167. if abp.regexp != nil {
  168. ap.regexp = abp.regexp
  169. }
  170. abp.p.elsAndAttrs[element][attr] = ap
  171. }
  172. if abp.allowEmpty {
  173. abp.p.setOfElementsAllowedWithoutAttrs[element] = struct{}{}
  174. if _, ok := abp.p.elsAndAttrs[element]; !ok {
  175. abp.p.elsAndAttrs[element] = make(map[string]attrPolicy)
  176. }
  177. }
  178. }
  179. return abp.p
  180. }
  181. // Globally will bind an attribute policy to all HTML elements and return the
  182. // updated policy
  183. func (abp *attrPolicyBuilder) Globally() *Policy {
  184. for _, attr := range abp.attrNames {
  185. if _, ok := abp.p.globalAttrs[attr]; !ok {
  186. abp.p.globalAttrs[attr] = attrPolicy{}
  187. }
  188. ap := attrPolicy{}
  189. if abp.regexp != nil {
  190. ap.regexp = abp.regexp
  191. }
  192. abp.p.globalAttrs[attr] = ap
  193. }
  194. return abp.p
  195. }
  196. // AllowElements will append HTML elements to the whitelist without applying an
  197. // attribute policy to those elements (the elements are permitted
  198. // sans-attributes)
  199. func (p *Policy) AllowElements(names ...string) *Policy {
  200. p.init()
  201. for _, element := range names {
  202. element = strings.ToLower(element)
  203. if _, ok := p.elsAndAttrs[element]; !ok {
  204. p.elsAndAttrs[element] = make(map[string]attrPolicy)
  205. }
  206. }
  207. return p
  208. }
  209. // RequireNoFollowOnLinks will result in all <a> tags having a rel="nofollow"
  210. // added to them if one does not already exist
  211. //
  212. // Note: This requires p.RequireParseableURLs(true) and will enable it.
  213. func (p *Policy) RequireNoFollowOnLinks(require bool) *Policy {
  214. p.requireNoFollow = require
  215. p.requireParseableURLs = true
  216. return p
  217. }
  218. // RequireNoFollowOnFullyQualifiedLinks will result in all <a> tags that point
  219. // to a non-local destination (i.e. starts with a protocol and has a host)
  220. // having a rel="nofollow" added to them if one does not already exist
  221. //
  222. // Note: This requires p.RequireParseableURLs(true) and will enable it.
  223. func (p *Policy) RequireNoFollowOnFullyQualifiedLinks(require bool) *Policy {
  224. p.requireNoFollowFullyQualifiedLinks = require
  225. p.requireParseableURLs = true
  226. return p
  227. }
  228. // AddTargetBlankToFullyQualifiedLinks will result in all <a> tags that point
  229. // to a non-local destination (i.e. starts with a protocol and has a host)
  230. // having a target="_blank" added to them if one does not already exist
  231. //
  232. // Note: This requires p.RequireParseableURLs(true) and will enable it.
  233. func (p *Policy) AddTargetBlankToFullyQualifiedLinks(require bool) *Policy {
  234. p.addTargetBlankToFullyQualifiedLinks = require
  235. p.requireParseableURLs = true
  236. return p
  237. }
  238. // RequireParseableURLs will result in all URLs requiring that they be parseable
  239. // by "net/url" url.Parse()
  240. // This applies to:
  241. // - a.href
  242. // - area.href
  243. // - blockquote.cite
  244. // - img.src
  245. // - link.href
  246. // - script.src
  247. func (p *Policy) RequireParseableURLs(require bool) *Policy {
  248. p.requireParseableURLs = require
  249. return p
  250. }
  251. // AllowRelativeURLs enables RequireParseableURLs and then permits URLs that
  252. // are parseable, have no schema information and url.IsAbs() returns false
  253. // This permits local URLs
  254. func (p *Policy) AllowRelativeURLs(require bool) *Policy {
  255. p.RequireParseableURLs(true)
  256. p.allowRelativeURLs = require
  257. return p
  258. }
  259. // AllowURLSchemes will append URL schemes to the whitelist
  260. // Example: p.AllowURLSchemes("mailto", "http", "https")
  261. func (p *Policy) AllowURLSchemes(schemes ...string) *Policy {
  262. p.init()
  263. p.RequireParseableURLs(true)
  264. for _, scheme := range schemes {
  265. scheme = strings.ToLower(scheme)
  266. // Allow all URLs with matching scheme.
  267. p.allowURLSchemes[scheme] = nil
  268. }
  269. return p
  270. }
  271. // AllowURLSchemeWithCustomPolicy will append URL schemes with
  272. // a custom URL policy to the whitelist.
  273. // Only the URLs with matching schema and urlPolicy(url)
  274. // returning true will be allowed.
  275. func (p *Policy) AllowURLSchemeWithCustomPolicy(
  276. scheme string,
  277. urlPolicy func(url *url.URL) (allowUrl bool),
  278. ) *Policy {
  279. p.init()
  280. p.RequireParseableURLs(true)
  281. scheme = strings.ToLower(scheme)
  282. p.allowURLSchemes[scheme] = urlPolicy
  283. return p
  284. }
  285. // AddSpaceWhenStrippingTag states whether to add a single space " " when
  286. // removing tags that are not whitelisted by the policy.
  287. //
  288. // This is useful if you expect to strip tags in dense markup and may lose the
  289. // value of whitespace.
  290. //
  291. // For example: "<p>Hello</p><p>World</p>"" would be sanitized to "HelloWorld"
  292. // with the default value of false, but you may wish to sanitize this to
  293. // " Hello World " by setting AddSpaceWhenStrippingTag to true as this would
  294. // retain the intent of the text.
  295. func (p *Policy) AddSpaceWhenStrippingTag(allow bool) *Policy {
  296. p.addSpaces = allow
  297. return p
  298. }
  299. // SkipElementsContent adds the HTML elements whose tags is needed to be removed
  300. // with its content.
  301. func (p *Policy) SkipElementsContent(names ...string) *Policy {
  302. p.init()
  303. for _, element := range names {
  304. element = strings.ToLower(element)
  305. if _, ok := p.setOfElementsToSkipContent[element]; !ok {
  306. p.setOfElementsToSkipContent[element] = struct{}{}
  307. }
  308. }
  309. return p
  310. }
  311. // AllowElementsContent marks the HTML elements whose content should be
  312. // retained after removing the tag.
  313. func (p *Policy) AllowElementsContent(names ...string) *Policy {
  314. p.init()
  315. for _, element := range names {
  316. delete(p.setOfElementsToSkipContent, strings.ToLower(element))
  317. }
  318. return p
  319. }
  320. // addDefaultElementsWithoutAttrs adds the HTML elements that we know are valid
  321. // without any attributes to an internal map.
  322. // i.e. we know that <table> is valid, but <bdo> isn't valid as the "dir" attr
  323. // is mandatory
  324. func (p *Policy) addDefaultElementsWithoutAttrs() {
  325. p.init()
  326. p.setOfElementsAllowedWithoutAttrs["abbr"] = struct{}{}
  327. p.setOfElementsAllowedWithoutAttrs["acronym"] = struct{}{}
  328. p.setOfElementsAllowedWithoutAttrs["article"] = struct{}{}
  329. p.setOfElementsAllowedWithoutAttrs["aside"] = struct{}{}
  330. p.setOfElementsAllowedWithoutAttrs["audio"] = struct{}{}
  331. p.setOfElementsAllowedWithoutAttrs["b"] = struct{}{}
  332. p.setOfElementsAllowedWithoutAttrs["bdi"] = struct{}{}
  333. p.setOfElementsAllowedWithoutAttrs["blockquote"] = struct{}{}
  334. p.setOfElementsAllowedWithoutAttrs["body"] = struct{}{}
  335. p.setOfElementsAllowedWithoutAttrs["br"] = struct{}{}
  336. p.setOfElementsAllowedWithoutAttrs["button"] = struct{}{}
  337. p.setOfElementsAllowedWithoutAttrs["canvas"] = struct{}{}
  338. p.setOfElementsAllowedWithoutAttrs["caption"] = struct{}{}
  339. p.setOfElementsAllowedWithoutAttrs["center"] = struct{}{}
  340. p.setOfElementsAllowedWithoutAttrs["cite"] = struct{}{}
  341. p.setOfElementsAllowedWithoutAttrs["code"] = struct{}{}
  342. p.setOfElementsAllowedWithoutAttrs["col"] = struct{}{}
  343. p.setOfElementsAllowedWithoutAttrs["colgroup"] = struct{}{}
  344. p.setOfElementsAllowedWithoutAttrs["datalist"] = struct{}{}
  345. p.setOfElementsAllowedWithoutAttrs["dd"] = struct{}{}
  346. p.setOfElementsAllowedWithoutAttrs["del"] = struct{}{}
  347. p.setOfElementsAllowedWithoutAttrs["details"] = struct{}{}
  348. p.setOfElementsAllowedWithoutAttrs["dfn"] = struct{}{}
  349. p.setOfElementsAllowedWithoutAttrs["div"] = struct{}{}
  350. p.setOfElementsAllowedWithoutAttrs["dl"] = struct{}{}
  351. p.setOfElementsAllowedWithoutAttrs["dt"] = struct{}{}
  352. p.setOfElementsAllowedWithoutAttrs["em"] = struct{}{}
  353. p.setOfElementsAllowedWithoutAttrs["fieldset"] = struct{}{}
  354. p.setOfElementsAllowedWithoutAttrs["figcaption"] = struct{}{}
  355. p.setOfElementsAllowedWithoutAttrs["figure"] = struct{}{}
  356. p.setOfElementsAllowedWithoutAttrs["footer"] = struct{}{}
  357. p.setOfElementsAllowedWithoutAttrs["h1"] = struct{}{}
  358. p.setOfElementsAllowedWithoutAttrs["h2"] = struct{}{}
  359. p.setOfElementsAllowedWithoutAttrs["h3"] = struct{}{}
  360. p.setOfElementsAllowedWithoutAttrs["h4"] = struct{}{}
  361. p.setOfElementsAllowedWithoutAttrs["h5"] = struct{}{}
  362. p.setOfElementsAllowedWithoutAttrs["h6"] = struct{}{}
  363. p.setOfElementsAllowedWithoutAttrs["head"] = struct{}{}
  364. p.setOfElementsAllowedWithoutAttrs["header"] = struct{}{}
  365. p.setOfElementsAllowedWithoutAttrs["hgroup"] = struct{}{}
  366. p.setOfElementsAllowedWithoutAttrs["hr"] = struct{}{}
  367. p.setOfElementsAllowedWithoutAttrs["html"] = struct{}{}
  368. p.setOfElementsAllowedWithoutAttrs["i"] = struct{}{}
  369. p.setOfElementsAllowedWithoutAttrs["ins"] = struct{}{}
  370. p.setOfElementsAllowedWithoutAttrs["kbd"] = struct{}{}
  371. p.setOfElementsAllowedWithoutAttrs["li"] = struct{}{}
  372. p.setOfElementsAllowedWithoutAttrs["mark"] = struct{}{}
  373. p.setOfElementsAllowedWithoutAttrs["marquee"] = struct{}{}
  374. p.setOfElementsAllowedWithoutAttrs["nav"] = struct{}{}
  375. p.setOfElementsAllowedWithoutAttrs["ol"] = struct{}{}
  376. p.setOfElementsAllowedWithoutAttrs["optgroup"] = struct{}{}
  377. p.setOfElementsAllowedWithoutAttrs["option"] = struct{}{}
  378. p.setOfElementsAllowedWithoutAttrs["p"] = struct{}{}
  379. p.setOfElementsAllowedWithoutAttrs["pre"] = struct{}{}
  380. p.setOfElementsAllowedWithoutAttrs["q"] = struct{}{}
  381. p.setOfElementsAllowedWithoutAttrs["rp"] = struct{}{}
  382. p.setOfElementsAllowedWithoutAttrs["rt"] = struct{}{}
  383. p.setOfElementsAllowedWithoutAttrs["ruby"] = struct{}{}
  384. p.setOfElementsAllowedWithoutAttrs["s"] = struct{}{}
  385. p.setOfElementsAllowedWithoutAttrs["samp"] = struct{}{}
  386. p.setOfElementsAllowedWithoutAttrs["script"] = struct{}{}
  387. p.setOfElementsAllowedWithoutAttrs["section"] = struct{}{}
  388. p.setOfElementsAllowedWithoutAttrs["select"] = struct{}{}
  389. p.setOfElementsAllowedWithoutAttrs["small"] = struct{}{}
  390. p.setOfElementsAllowedWithoutAttrs["span"] = struct{}{}
  391. p.setOfElementsAllowedWithoutAttrs["strike"] = struct{}{}
  392. p.setOfElementsAllowedWithoutAttrs["strong"] = struct{}{}
  393. p.setOfElementsAllowedWithoutAttrs["style"] = struct{}{}
  394. p.setOfElementsAllowedWithoutAttrs["sub"] = struct{}{}
  395. p.setOfElementsAllowedWithoutAttrs["summary"] = struct{}{}
  396. p.setOfElementsAllowedWithoutAttrs["sup"] = struct{}{}
  397. p.setOfElementsAllowedWithoutAttrs["svg"] = struct{}{}
  398. p.setOfElementsAllowedWithoutAttrs["table"] = struct{}{}
  399. p.setOfElementsAllowedWithoutAttrs["tbody"] = struct{}{}
  400. p.setOfElementsAllowedWithoutAttrs["td"] = struct{}{}
  401. p.setOfElementsAllowedWithoutAttrs["textarea"] = struct{}{}
  402. p.setOfElementsAllowedWithoutAttrs["tfoot"] = struct{}{}
  403. p.setOfElementsAllowedWithoutAttrs["th"] = struct{}{}
  404. p.setOfElementsAllowedWithoutAttrs["thead"] = struct{}{}
  405. p.setOfElementsAllowedWithoutAttrs["title"] = struct{}{}
  406. p.setOfElementsAllowedWithoutAttrs["time"] = struct{}{}
  407. p.setOfElementsAllowedWithoutAttrs["tr"] = struct{}{}
  408. p.setOfElementsAllowedWithoutAttrs["tt"] = struct{}{}
  409. p.setOfElementsAllowedWithoutAttrs["u"] = struct{}{}
  410. p.setOfElementsAllowedWithoutAttrs["ul"] = struct{}{}
  411. p.setOfElementsAllowedWithoutAttrs["var"] = struct{}{}
  412. p.setOfElementsAllowedWithoutAttrs["video"] = struct{}{}
  413. p.setOfElementsAllowedWithoutAttrs["wbr"] = struct{}{}
  414. }
  415. // addDefaultSkipElementContent adds the HTML elements that we should skip
  416. // rendering the character content of, if the element itself is not allowed.
  417. // This is all character data that the end user would not normally see.
  418. // i.e. if we exclude a <script> tag then we shouldn't render the JavaScript or
  419. // anything else until we encounter the closing </script> tag.
  420. func (p *Policy) addDefaultSkipElementContent() {
  421. p.init()
  422. p.setOfElementsToSkipContent["frame"] = struct{}{}
  423. p.setOfElementsToSkipContent["frameset"] = struct{}{}
  424. p.setOfElementsToSkipContent["iframe"] = struct{}{}
  425. p.setOfElementsToSkipContent["noembed"] = struct{}{}
  426. p.setOfElementsToSkipContent["noframes"] = struct{}{}
  427. p.setOfElementsToSkipContent["noscript"] = struct{}{}
  428. p.setOfElementsToSkipContent["nostyle"] = struct{}{}
  429. p.setOfElementsToSkipContent["object"] = struct{}{}
  430. p.setOfElementsToSkipContent["script"] = struct{}{}
  431. p.setOfElementsToSkipContent["style"] = struct{}{}
  432. p.setOfElementsToSkipContent["title"] = struct{}{}
  433. }