diff options
| author | John MacFarlane <jgm@berkeley.edu> | 2021-08-21 15:30:13 -0700 |
|---|---|---|
| committer | John MacFarlane <jgm@berkeley.edu> | 2021-08-28 22:31:42 -0700 |
| commit | d6d7c9620abddc5e5e45450c091bc8a73bac8f66 (patch) | |
| tree | 2dd3e01150a5611f5bb86cd08239de7f5eca3106 /src/Text/Pandoc/App/OutputSettings.hs | |
| parent | b76796eae8ce842f8414cca8cd8e3b55be513694 (diff) | |
Add `--sandbox` option.
+ Add sandbox feature for readers. When this option is used,
readers and writers only have access to input files (and
other files specified directly on command line). This restriction
is enforced in the type system.
+ Filters, PDF production, custom writers are unaffected. This
feature only insulates the actual readers and writers, not
the pipeline around them in Text.Pandoc.App.
+ Note that when `--sandboxed` is specified, readers won't have
access to the resource path, nor will anything have access to
the user data directory.
+ Add module Text.Pandoc.Class.Sandbox, defining
`sandbox`. Exported via Text.Pandoc.Class. [API change]
Closes #5045.
Diffstat (limited to 'src/Text/Pandoc/App/OutputSettings.hs')
| -rw-r--r-- | src/Text/Pandoc/App/OutputSettings.hs | 22 |
1 files changed, 21 insertions, 1 deletions
diff --git a/src/Text/Pandoc/App/OutputSettings.hs b/src/Text/Pandoc/App/OutputSettings.hs index 3f83f4b21..7b057713b 100644 --- a/src/Text/Pandoc/App/OutputSettings.hs +++ b/src/Text/Pandoc/App/OutputSettings.hs @@ -90,11 +90,31 @@ optToOutputSettings opts = do then writerName else T.toLower $ baseWriterName writerName + let makeSandboxed pureWriter = + let files = maybe id (:) (optReferenceDoc opts) . + maybe id (:) (optEpubMetadata opts) . + maybe id (:) (optEpubCoverImage opts) . + maybe id (:) (optCSL opts) . + maybe id (:) (optCitationAbbreviations opts) $ + optEpubFonts opts ++ + optBibliography opts + in case pureWriter of + TextWriter w -> TextWriter $ \o d -> sandbox files (w o d) + ByteStringWriter w + -> ByteStringWriter $ \o d -> sandbox files (w o d) + + (writer, writerExts) <- if ".lua" `T.isSuffixOf` format then return (TextWriter (\o d -> writeCustom (T.unpack writerName) o d), mempty) - else getWriter (T.toLower writerName) + else if optSandbox opts + then + case runPure (getWriter writerName) of + Left e -> throwError e + Right (w, wexts) -> + return (makeSandboxed w, wexts) + else getWriter (T.toLower writerName) let standalone = optStandalone opts || not (isTextFormat format) || pdfOutput |