Drop blocked nodes instead of leaking their text

geeknik · geeknik · commit 70d167ad389e · 2025-12-06T21:04:07.000-06:00
diff --git a/crates/parser/src/html/converter.rs b/crates/parser/src/html/converter.rs
@@ -107,7 +107,7 @@ fn convert_node_recursive(
                 _metrics,
             )?;
         }
-    } else {
+    } else if matches!(kuchiki_node.data(), KuchikiNodeData::Document(_)) {
         // For document nodes, just process children directly
         for child in kuchiki_node.children() {
             convert_node_recursive(
@@ -120,6 +120,9 @@ fn convert_node_recursive(
                 _metrics,
             )?;
         }
+    } else {
+        // Blocked element: drop entire subtree to avoid leaking script/style contents
+        tracing::debug!("🚫 Dropping blocked node and its children");
     }
 
     Ok(())
@@ -386,4 +389,4 @@ mod tests {
             }
         }
     }
-}
+}
diff --git a/crates/parser/tests/test_servo_css_integration.rs b/crates/parser/tests/test_servo_css_integration.rs
@@ -105,7 +105,7 @@ mod tests {
         
         // Verify that security analysis was performed
         if let Some(analysis) = &result.security_analysis {
-            assert!(analysis.threat_level != css_security::ThreatLevel::Safe, "Should detect threats");
+            assert!(analysis.threat_level != css_security::CssThreatLevel::Safe, "Should detect threats");
             assert!(analysis.violations_count > 0, "Should detect violations");
         }
         

Original file line number	Diff line number	Diff line change
`@@ -107,7 +107,7 @@ fn convert_node_recursive(`
`107`	`107`	`_metrics,`
`108`	`108`	`)?;`
`109`	`109`	`}`
`110`		`- } else {`
	`110`	`+ } else if matches!(kuchiki_node.data(), KuchikiNodeData::Document(_)) {`
`111`	`111`	`// For document nodes, just process children directly`
`112`	`112`	`for child in kuchiki_node.children() {`
`113`	`113`	`convert_node_recursive(`
`@@ -120,6 +120,9 @@ fn convert_node_recursive(`
`120`	`120`	`_metrics,`
`121`	`121`	`)?;`
`122`	`122`	`}`
	`123`	`+ } else {`
	`124`	`+ // Blocked element: drop entire subtree to avoid leaking script/style contents`
	`125`	`+ tracing::debug!("🚫 Dropping blocked node and its children");`
`123`	`126`	`}`
`124`	`127`
`125`	`128`	`Ok(())`
`@@ -386,4 +389,4 @@ mod tests {`
`386`	`389`	`}`
`387`	`390`	`}`
`388`	`391`	`}`
`389`		`-}`
	`392`	`+}`
Original file line number	Diff line number	Diff line change
`@@ -105,7 +105,7 @@ mod tests {`
`105`	`105`
`106`	`106`	`// Verify that security analysis was performed`
`107`	`107`	`if let Some(analysis) = &result.security_analysis {`
`108`		`- assert!(analysis.threat_level != css_security::ThreatLevel::Safe, "Should detect threats");`
	`108`	`+ assert!(analysis.threat_level != css_security::CssThreatLevel::Safe, "Should detect threats");`
`109`	`109`	`assert!(analysis.violations_count > 0, "Should detect violations");`
`110`	`110`	`}`
`111`	`111`