Add content filtering package

Copilot · SamMorrowDrums · Copilot · commit e2f6b4476307 · 2025-05-23T10:51:08.000Z
Co-authored-by: SamMorrowDrums &lt;4811358+SamMorrowDrums@users.noreply.github.com&gt;
diff --git a/pkg/filtering/content_filter.go b/pkg/filtering/content_filter.go
@@ -0,0 +1,133 @@
+package filtering
+
+import (
+	"regexp"
+	"strings"
+)
+
+var (
+	// Invisible Unicode characters
+	// This includes zero-width spaces, zero-width joiners, zero-width non-joiners, 
+	// bidirectional marks, and other invisible unicode characters
+	invisibleCharsRegex = regexp.MustCompile(`[\x{200B}-\x{200F}\x{2028}-\x{202E}\x{2060}-\x{2064}\x{FEFF}]`)
+
+	// HTML comments
+	htmlCommentsRegex = regexp.MustCompile(`<!--[\s\S]*?-->`)
+
+	// HTML elements that could contain hidden content
+	// This is a simple approach that targets specific dangerous tags
+	// Go's regexp doesn't support backreferences, so we list each tag explicitly
+	htmlScriptRegex = regexp.MustCompile(`<script[^>]*>[\s\S]*?</script>`)
+	htmlStyleRegex = regexp.MustCompile(`<style[^>]*>[\s\S]*?</style>`)
+	htmlIframeRegex = regexp.MustCompile(`<iframe[^>]*>[\s\S]*?</iframe>`)
+	htmlObjectRegex = regexp.MustCompile(`<object[^>]*>[\s\S]*?</object>`)
+	htmlEmbedRegex = regexp.MustCompile(`<embed[^>]*>[\s\S]*?</embed>`)
+	htmlSvgRegex = regexp.MustCompile(`<svg[^>]*>[\s\S]*?</svg>`)
+	htmlMathRegex = regexp.MustCompile(`<math[^>]*>[\s\S]*?</math>`)
+	htmlLinkRegex = regexp.MustCompile(`<link[^>]*>[\s\S]*?</link>`)
+
+	// HTML attributes that might be used for hiding content
+	htmlAttributesRegex = regexp.MustCompile(`<[^>]*(?:style|data-[\w-]+|hidden|class)="[^"]*"[^>]*>`)
+
+	// Detect collapsed sections (details/summary)
+	collapsedSectionsRegex = regexp.MustCompile(`<details>[\s\S]*?</details>`)
+
+	// Very small text (font-size or similar CSS tricks)
+	smallTextRegex = regexp.MustCompile(`<[^>]*style="[^"]*font-size:\s*(?:0|0\.\d+|[0-3])(?:px|pt|em|%)[^"]*"[^>]*>[\s\S]*?</[^>]+>`)
+
+	// Excessive whitespace (more than 3 consecutive newlines)
+	excessiveWhitespaceRegex = regexp.MustCompile(`\n{4,}`)
+)
+
+// Config holds configuration for content filtering
+type Config struct {
+	// DisableContentFiltering disables all content filtering when true
+	DisableContentFiltering bool
+}
+
+// DefaultConfig returns the default content filtering configuration
+func DefaultConfig() *Config {
+	return &Config{
+		DisableContentFiltering: false,
+	}
+}
+
+// FilterContent filters potentially hidden content from the input text
+// This includes invisible Unicode characters, HTML comments, and other methods of hiding content
+func FilterContent(input string, cfg *Config) string {
+	if cfg != nil && cfg.DisableContentFiltering {
+		return input
+	}
+
+	if input == "" {
+		return input
+	}
+
+	// Process the input text through each filter
+	result := input
+
+	// Remove invisible characters
+	result = invisibleCharsRegex.ReplaceAllString(result, "")
+
+	// Replace HTML comments with a marker
+	result = htmlCommentsRegex.ReplaceAllString(result, "[HTML_COMMENT]")
+
+	// Replace potentially dangerous HTML elements
+	result = htmlScriptRegex.ReplaceAllString(result, "[HTML_ELEMENT]")
+	result = htmlStyleRegex.ReplaceAllString(result, "[HTML_ELEMENT]")
+	result = htmlIframeRegex.ReplaceAllString(result, "[HTML_ELEMENT]")
+	result = htmlObjectRegex.ReplaceAllString(result, "[HTML_ELEMENT]")
+	result = htmlEmbedRegex.ReplaceAllString(result, "[HTML_ELEMENT]")
+	result = htmlSvgRegex.ReplaceAllString(result, "[HTML_ELEMENT]")
+	result = htmlMathRegex.ReplaceAllString(result, "[HTML_ELEMENT]")
+	result = htmlLinkRegex.ReplaceAllString(result, "[HTML_ELEMENT]")
+
+	// Replace HTML attributes that might be used for hiding
+	result = htmlAttributesRegex.ReplaceAllStringFunc(result, cleanHTMLAttributes)
+
+	// Replace collapsed sections with visible indicator
+	result = collapsedSectionsRegex.ReplaceAllStringFunc(result, makeCollapsedSectionVisible)
+
+	// Replace very small text with visible indicator
+	result = smallTextRegex.ReplaceAllString(result, "[SMALL_TEXT]")
+
+	// Normalize excessive whitespace
+	result = excessiveWhitespaceRegex.ReplaceAllString(result, "\n\n\n")
+
+	return result
+}
+
+// cleanHTMLAttributes removes potentially dangerous attributes from HTML tags
+func cleanHTMLAttributes(tag string) string {
+	// This is a simple implementation that removes style, data-* and hidden attributes
+	// A more sophisticated implementation would parse the HTML and selectively remove attributes
+	tagWithoutStyle := regexp.MustCompile(`\s+(?:style|data-[\w-]+|hidden|class)="[^"]*"`).ReplaceAllString(tag, "")
+	return tagWithoutStyle
+}
+
+// makeCollapsedSectionVisible transforms a <details> section to make it visible
+func makeCollapsedSectionVisible(detailsSection string) string {
+	// Extract the summary if present
+	summaryRegex := regexp.MustCompile(`<summary>(.*?)</summary>`)
+	summaryMatches := summaryRegex.FindStringSubmatch(detailsSection)
+	
+	summary := "Collapsed section"
+	if len(summaryMatches) > 1 {
+		summary = summaryMatches[1]
+	}
+
+	// Extract the content (everything after </summary> and before </details>)
+	parts := strings.SplitN(detailsSection, "</summary>", 2)
+	content := detailsSection
+	if len(parts) > 1 {
+		content = parts[1]
+		content = strings.TrimSuffix(content, "</details>")
+	} else {
+		// No summary tag found, remove the details tags
+		content = strings.TrimPrefix(content, "<details>")
+		content = strings.TrimSuffix(content, "</details>")
+	}
+
+	// Format as a visible section
+	return "\n\n**" + summary + ":**\n" + content + "\n\n"
+}
diff --git a/pkg/filtering/content_filter_test.go b/pkg/filtering/content_filter_test.go
@@ -0,0 +1,173 @@
+package filtering
+
+import (
+	"testing"
+)
+
+func TestFilterContent(t *testing.T) {
+	tests := []struct {
+		name     string
+		input    string
+		expected string
+		cfg      *Config
+	}{
+		{
+			name:     "Empty string",
+			input:    "",
+			expected: "",
+			cfg:      DefaultConfig(),
+		},
+		{
+			name:     "Normal text without hidden content",
+			input:    "This is normal text without any hidden content.",
+			expected: "This is normal text without any hidden content.",
+			cfg:      DefaultConfig(),
+		},
+		{
+			name:     "Text with invisible characters",
+			input:    "Hidden\u200Bcharacters\u200Bin\u200Bthis\u200Btext",
+			expected: "Hiddencharactersinthistext",
+			cfg:      DefaultConfig(),
+		},
+		{
+			name:     "Text with HTML comments",
+			input:    "This has a <!-- hidden comment --> in it.",
+			expected: "This has a [HTML_COMMENT] in it.",
+			cfg:      DefaultConfig(),
+		},
+		{
+			name:     "Text with HTML elements",
+			input:    "This has <script>alert('hidden')</script> scripts.",
+			expected: "This has [HTML_ELEMENT] scripts.",
+			cfg:      DefaultConfig(),
+		},
+		{
+			name:     "Text with details/summary",
+			input:    "Collapsed content: <details><summary>Click me</summary>Hidden content</details>",
+			expected: "Collapsed content: \n\n**Click me:**\nHidden content\n\n",
+			cfg:      DefaultConfig(),
+		},
+		{
+			name:     "Text with small font",
+			input:    "This has <span style=\"font-size:1px\">hidden tiny text</span> in it.",
+			expected: "This has <span>hidden tiny text</span> in it.",
+			cfg:      DefaultConfig(),
+		},
+		{
+			name:     "Text with excessive whitespace",
+			input:    "Line 1\n\n\n\n\n\nLine 2",
+			expected: "Line 1\n\n\nLine 2",
+			cfg:      DefaultConfig(),
+		},
+		{
+			name:     "Text with HTML attributes",
+			input:    "<p data-hidden=\"true\" style=\"display:none\">Hidden paragraph</p>",
+			expected: "<p>Hidden paragraph</p>",
+			cfg:      DefaultConfig(),
+		},
+		{
+			name:     "Filtering disabled",
+			input:    "Hidden\u200Bcharacters and <!-- comments -->",
+			expected: "Hidden\u200Bcharacters and <!-- comments -->",
+			cfg:      &Config{DisableContentFiltering: true},
+		},
+		{
+			name:     "Nil config uses default (filtering enabled)",
+			input:    "Hidden\u200Bcharacters",
+			expected: "Hiddencharacters",
+			cfg:      nil,
+		},
+		{
+			name:     "Normal markdown with code blocks",
+			input:    "# Title\n\n```go\nfunc main() {\n    fmt.Println(\"Hello, world!\")\n}\n```",
+			expected: "# Title\n\n```go\nfunc main() {\n    fmt.Println(\"Hello, world!\")\n}\n```",
+			cfg:      DefaultConfig(),
+		},
+		{
+			name:     "GitHub flavored markdown with tables",
+			input:    "| Header 1 | Header 2 |\n| -------- | -------- |\n| Cell 1   | Cell 2   |",
+			expected: "| Header 1 | Header 2 |\n| -------- | -------- |\n| Cell 1   | Cell 2   |",
+			cfg:      DefaultConfig(),
+		},
+	}
+
+	for _, tc := range tests {
+		t.Run(tc.name, func(t *testing.T) {
+			result := FilterContent(tc.input, tc.cfg)
+			if result != tc.expected {
+				t.Errorf("FilterContent() = %q, want %q", result, tc.expected)
+			}
+		})
+	}
+}
+
+func TestMakeCollapsedSectionVisible(t *testing.T) {
+	tests := []struct {
+		name     string
+		input    string
+		expected string
+	}{
+		{
+			name:     "Simple details/summary",
+			input:    "<details><summary>Click me</summary>Hidden content</details>",
+			expected: "\n\n**Click me:**\nHidden content\n\n",
+		},
+		{
+			name:     "Details without summary",
+			input:    "<details>Hidden content</details>",
+			expected: "\n\n**Collapsed section:**\nHidden content\n\n",
+		},
+		{
+			name:     "Nested content",
+			input:    "<details><summary>Outer</summary>Content<details><summary>Inner</summary>Nested</details></details>",
+			expected: "\n\n**Outer:**\nContent<details><summary>Inner</summary>Nested</details>\n\n",
+		},
+	}
+
+	for _, tc := range tests {
+		t.Run(tc.name, func(t *testing.T) {
+			result := makeCollapsedSectionVisible(tc.input)
+			if result != tc.expected {
+				t.Errorf("makeCollapsedSectionVisible() = %q, want %q", result, tc.expected)
+			}
+		})
+	}
+}
+
+func TestCleanHTMLAttributes(t *testing.T) {
+	tests := []struct {
+		name     string
+		input    string
+		expected string
+	}{
+		{
+			name:     "Tag with style attribute",
+			input:    "<p style=\"display:none\">Hidden</p>",
+			expected: "<p>Hidden</p>",
+		},
+		{
+			name:     "Tag with data attribute",
+			input:    "<p data-hidden=\"true\">Hidden</p>",
+			expected: "<p>Hidden</p>",
+		},
+		{
+			name:     "Tag with multiple attributes",
+			input:    "<p id=\"para\" style=\"display:none\" data-test=\"value\">Hidden</p>",
+			expected: "<p id=\"para\">Hidden</p>",
+		},
+		{
+			name:     "Tag with allowed attributes",
+			input:    "<a href=\"https://example.com\" target=\"_blank\">Link</a>",
+			expected: "<a href=\"https://example.com\" target=\"_blank\">Link</a>",
+		},
+	}
+
+	for _, tc := range tests {
+		t.Run(tc.name, func(t *testing.T) {
+			result := cleanHTMLAttributes(tc.input)
+			if result != tc.expected {
+				t.Errorf("cleanHTMLAttributes() = %q, want %q", result, tc.expected)
+			}
+		})
+	}
+}
