diff --git a/bikeshed/Spec.py b/bikeshed/Spec.py index dd12dffcd1..dd87010168 100644 --- a/bikeshed/Spec.py +++ b/bikeshed/Spec.py @@ -14,6 +14,7 @@ from . import config from . import datablocks from . import extensions +from . import fingerprinting from . import headings from . import highlight from . import HTMLSerializer @@ -215,6 +216,7 @@ def processDocument(self): boilerplate.removeUnwantedBoilerplate(self) highlight.addSyntaxHighlighting(self) boilerplate.addBikeshedBoilerplate(self) + fingerprinting.addFingerprinting(self) fixIntraDocumentReferences(self) fixInterDocumentReferences(self) removeMultipleLinks(self) diff --git a/bikeshed/fingerprinting.py b/bikeshed/fingerprinting.py new file mode 100644 index 0000000000..abccc6d150 --- /dev/null +++ b/bikeshed/fingerprinting.py @@ -0,0 +1,41 @@ +# -*- coding: utf-8 -*- +from __future__ import division, unicode_literals + +from .htmlhelpers import * + +fingerprintId = "b732b3fe" # hashlib.md5("tracking-vector").hexdigest()[0:8], to minimize chance of collision + +def addFingerprinting(doc): + if doc.md.fingerprintClass is None: + return + + els = findAll(".{0}".format(doc.md.fingerprintClass), doc) + + if len(els) == 0: + return + + if doc.md.fingerprintImage is None: + # Generate an SVG and it in all the individual spots + appendChild(doc.body, + E.svg({"viewBox":"0 0 46 64", "style":"display:none"}, + E.defs({}, + E.path({"id":fingerprintId, + "stroke":"black", + "stroke-linecap":"round", + "stroke-linejoin":"round", + "stroke-dasharray":"3,2,35,2,20,2", + "fill":"none", + "d":"M2 23Q17 -16 40 12M1 35Q17 -20 43 20M2 40Q18 -19 44 25M3 43Q19 -16 45 29M5 46Q20 -12 45 32M5 49Q11 40 15 27T27 16T45 37M5 49Q15 38 19 25T34 27T44 41M6 52Q17 40 21 28T32 29T43 44M6 52Q21 42 23 31T30 32T42 47M7 54Q23 47 24 36T28 34T41 50M8 56Q26 50 26 35Q28 48 40 53M10 58Q24 54 27 45Q30 52 38 55M27 50Q28 53 36 57M25 52Q28 56 31 57M22 55L26 57M10 58L37 57M13 60L32 60M16 62L28 63"})))) + + for el in els: + prependChild(el, + fingerprintImage(doc.md.fingerprintImage, doc.md.fingerprintTitle)) + + +def fingerprintImage(url, title): + if url is None: + return E.svg({"width":"46", "height":"64", "role":"img"}, + E.title({}, title), + E.use({"href":"#"+fingerprintId})) + else: + return E.img({"title":title, "alt":title, "src":url}) diff --git a/bikeshed/metadata.py b/bikeshed/metadata.py index 3b35eda3f3..969b2d00e5 100644 --- a/bikeshed/metadata.py +++ b/bikeshed/metadata.py @@ -67,6 +67,9 @@ def __init__(self): self.editors = [] self.editorTerm = {"singular": "Editor", "plural": "Editors"} self.favicon = None + self.fingerprintClass = "tracking-vector" + self.fingerprintImage = None + self.fingerprintTitle = "There is a potential fingerprinting vector here." self.forceCrossorigin = False self.group = None self.h1 = None @@ -933,6 +936,12 @@ def parseLiteral(key, val, lineNum): return val +def parseLiteralOrNone(key, val, lineNum): + if val.lower() == "none": + return None + return val + + def parseLiteralCaseless(key, val, lineNum): return val.lower() @@ -964,6 +973,9 @@ def parseLiteralList(key, val, lineNum): "Editor": Metadata("Editor", "editors", joinList, parseEditor), "Editor Term": Metadata("Editor Term", "editorTerm", joinValue, parseEditorTerm), "Favicon": Metadata("Favicon", "favicon", joinValue, parseLiteral), + "Fingerprint Class": Metadata("Fingerprint Class", "fingerprintClass", joinValue, parseLiteralOrNone), + "Fingerprint Image": Metadata("Fingerprint Image", "fingerprintImage", joinValue, parseLiteralOrNone), + "Fingerprint Title": Metadata("Fingerprint Title", "fingerprintTitle", joinValue, parseLiteral), "Force Crossorigin": Metadata("Force Crossorigin", "forceCrossorigin", joinValue, parseBoolean), "Former Editor": Metadata("Former Editor", "previousEditors", joinList, parseEditor), "Group": Metadata("Group", "group", joinValue, parseLiteral), diff --git a/tests/fingerprint001.bs b/tests/fingerprint001.bs new file mode 100644 index 0000000000..95cff8acb6 --- /dev/null +++ b/tests/fingerprint001.bs @@ -0,0 +1,17 @@ +
+Title: Foo
+Group: test
+Shortname: foo
+Level: 1
+Status: LS
+ED: http://example.com/foo
+Abstract: Testing basic support for tracking-vector.
+Editor: Example Editor
+Date: 1970-01-01
+
+ +Here's some text. + +

Some more text that fingerprints! + +And then some more after that. diff --git a/tests/fingerprint001.html b/tests/fingerprint001.html new file mode 100644 index 0000000000..ca31a8a4f4 --- /dev/null +++ b/tests/fingerprint001.html @@ -0,0 +1,194 @@ + + + + + Foo + + + + + + +

+

+

Foo

+

Living Standard,

+
+
+
This version: +
http://example.com/foo +
Editor: +
Example Editor +
+
+
+

COPYRIGHT GOES HERE

+
+
+
+

Abstract

+

Testing basic support for tracking-vector.

+
+
+ +
+

Here’s some text.

+

+ + There is a potential fingerprinting vector here. + + + Some more text that fingerprints! +

+

And then some more after that.

+
+ + + + + \ No newline at end of file diff --git a/tests/fingerprint002.bs b/tests/fingerprint002.bs new file mode 100644 index 0000000000..e8ea6826cd --- /dev/null +++ b/tests/fingerprint002.bs @@ -0,0 +1,20 @@ +
+Title: Foo
+Group: test
+Shortname: foo
+Level: 1
+Status: LS
+ED: http://example.com/foo
+Abstract: Testing that 'Fingerprint Class: None' turns it off.
+Fingerprint Class: none
+Editor: Example Editor
+Date: 1970-01-01
+
+ +Here's some text. + +

Some more text that shouldn't show anything! + +

Even more text that shouldn't show anything. + +And then some more after that. diff --git a/tests/fingerprint002.html b/tests/fingerprint002.html new file mode 100644 index 0000000000..d316c7de6d --- /dev/null +++ b/tests/fingerprint002.html @@ -0,0 +1,184 @@ + + + + + Foo + + + + + + +

+

+

Foo

+

Living Standard,

+
+
+
This version: +
http://example.com/foo +
Editor: +
Example Editor +
+
+
+

COPYRIGHT GOES HERE

+
+
+
+

Abstract

+

Testing that 'Fingerprint Class: None' turns it off.

+
+
+ +
+

Here’s some text.

+

Some more text that shouldn’t show anything!

+

Even more text that shouldn’t show anything.

+

And then some more after that.

+
\ No newline at end of file diff --git a/tests/fingerprint003.bs b/tests/fingerprint003.bs new file mode 100644 index 0000000000..044692be52 --- /dev/null +++ b/tests/fingerprint003.bs @@ -0,0 +1,20 @@ +
+Title: Foo
+Group: test
+Shortname: foo
+Level: 1
+Status: LS
+ED: http://example.com/foo
+Abstract: Testing that 'Fingerprint Class: foo' works.
+Fingerprint Class: foo
+Editor: Example Editor
+Date: 1970-01-01
+
+ +Here's some text. + +

Some more text that shouldn't show anything! + +

Some text that fingerprints. + +And then some more after that. diff --git a/tests/fingerprint003.html b/tests/fingerprint003.html new file mode 100644 index 0000000000..28e512b604 --- /dev/null +++ b/tests/fingerprint003.html @@ -0,0 +1,195 @@ + + + + + Foo + + + + + + +

+

+

Foo

+

Living Standard,

+
+
+
This version: +
http://example.com/foo +
Editor: +
Example Editor +
+
+
+

COPYRIGHT GOES HERE

+
+
+
+

Abstract

+

Testing that 'Fingerprint Class: foo' works.

+
+
+ +
+

Here’s some text.

+

Some more text that shouldn’t show anything!

+

+ + There is a potential fingerprinting vector here. + + + Some text that fingerprints. +

+

And then some more after that.

+
+ + + + + \ No newline at end of file diff --git a/tests/fingerprint004.bs b/tests/fingerprint004.bs new file mode 100644 index 0000000000..ee49a0e463 --- /dev/null +++ b/tests/fingerprint004.bs @@ -0,0 +1,18 @@ +
+Title: Foo
+Group: test
+Shortname: foo
+Level: 1
+Status: LS
+ED: http://example.com/foo
+Abstract: Testing that 'Fingerprint Image' works.
+Fingerprint Image: https://xanthir.com/pony
+Editor: Example Editor
+Date: 1970-01-01
+
+ +Here's some text. + +

Some text that fingerprints! + +And then some more after that. diff --git a/tests/fingerprint004.html b/tests/fingerprint004.html new file mode 100644 index 0000000000..55e946afbd --- /dev/null +++ b/tests/fingerprint004.html @@ -0,0 +1,183 @@ + + + + + Foo + + + + + + +

+

+

Foo

+

Living Standard,

+
+
+
This version: +
http://example.com/foo +
Editor: +
Example Editor +
+
+
+

COPYRIGHT GOES HERE

+
+
+
+

Abstract

+

Testing that 'Fingerprint Image' works.

+
+
+ +
+

Here’s some text.

+

There is a potential fingerprinting vector here.Some text that fingerprints!

+

And then some more after that.

+
\ No newline at end of file diff --git a/tests/fingerprint005.bs b/tests/fingerprint005.bs new file mode 100644 index 0000000000..9dbb5bf3d2 --- /dev/null +++ b/tests/fingerprint005.bs @@ -0,0 +1,18 @@ +
+Title: Foo
+Group: test
+Shortname: foo
+Level: 1
+Status: LS
+ED: http://example.com/foo
+Abstract: Testing that 'Fingerprint Image:none' reverts to the normal SVG.
+Fingerprint Image: none
+Editor: Example Editor
+Date: 1970-01-01
+
+ +Here's some text. + +

Some text that fingerprints! + +And then some more after that. diff --git a/tests/fingerprint005.html b/tests/fingerprint005.html new file mode 100644 index 0000000000..084c6a84d6 --- /dev/null +++ b/tests/fingerprint005.html @@ -0,0 +1,194 @@ + + + + + Foo + + + + + + +

+

+

Foo

+

Living Standard,

+
+
+
This version: +
http://example.com/foo +
Editor: +
Example Editor +
+
+
+

COPYRIGHT GOES HERE

+
+
+
+

Abstract

+

Testing that 'Fingerprint Image:none' reverts to the normal SVG.

+
+
+ +
+

Here’s some text.

+

+ + There is a potential fingerprinting vector here. + + + Some text that fingerprints! +

+

And then some more after that.

+
+ + + + + \ No newline at end of file diff --git a/tests/fingerprint006.bs b/tests/fingerprint006.bs new file mode 100644 index 0000000000..e2da84b460 --- /dev/null +++ b/tests/fingerprint006.bs @@ -0,0 +1,18 @@ +
+Title: Foo
+Group: test
+Shortname: foo
+Level: 1
+Status: LS
+ED: http://example.com/foo
+Abstract: Testing that 'Fingerprint Title' works.
+Fingerprint Title: A custom fingerprint title, .
+Editor: Example Editor
+Date: 1970-01-01
+
+ +Here's some text. + +

Some text that fingerprints! + +And then some more after that. diff --git a/tests/fingerprint006.html b/tests/fingerprint006.html new file mode 100644 index 0000000000..1f1541f8b3 --- /dev/null +++ b/tests/fingerprint006.html @@ -0,0 +1,194 @@ + + + + + Foo + + + + + + +

+

+

Foo

+

Living Standard,

+
+
+
This version: +
http://example.com/foo +
Editor: +
Example Editor +
+
+
+

COPYRIGHT GOES HERE

+
+
+
+

Abstract

+

Testing that 'Fingerprint Title' works.

+
+
+ +
+

Here’s some text.

+

+ + A custom fingerprint title, <script>alert("xss")</script>. + + + Some text that fingerprints! +

+

And then some more after that.

+
+ + + + + \ No newline at end of file