fix: flag raw HTML in policy bodies (#117)#122
Merged
Conversation
Raw/inline HTML renders on the Zola site but zigmark's Typst renderer silently drops it, so a policy's website page and its audit PDF could diverge with no warning. Make the divergence loud: the build pre-flight now parses each policy body and reports raw HTML as audit-critical (warn by default, fatal with --strict). Detection is AST-based via zigmark's own parser (the same one the PDF path uses), so raw HTML inside a code fence/span and <user@host> autolinks never false-positive; nested containers (lists, blockquotes, tables) are walked. Adds unit and integration coverage (findRawHtml, reviewPolicyFile, redaction-leak-check.sh), author-facing docs, and a CHANGELOG entry. This is the last open item of #117.
8 tasks
Contributor
Preview deploymentPreview environment deleted on PR close. |
sc2ben
approved these changes
Jul 8, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Closes the last open item of #117 — the site/PDF raw-HTML divergence.
Raw or inline HTML in a policy body renders on the Zola site (
page.content | safe) but zigmark's Typst renderer silently drops it (renderers/typst.zigomitshtml_block/html_in_line, confirmed at:238/:358). So a policy's website page and its audit PDF could diverge with no warning — an integrity problem for an ISMS tool.Rather than render HTML into PDFs (new attack surface) or strip it from the site, this makes the divergence loud: the build pre-flight added in #121 now also checks the body.
What changed
src/config.zig— newfindRawHtmlparses each policy body with zigmark's own parser and walks the AST (firstRawHtmlInBlocks/firstRawHtmlInInlines) forhtml_block/html_in_line.reviewPolicyFilenow callsreviewPolicyBodyand classifies raw HTML as critical (warn by default, fatal with--strict). AST-based, so:<div>inside a code fence or`<span>`inline code does not trip;<user@host>/<https://…>autolinks do not trip (they parse as autolinks, which the PDF renders);src/main.zig— wording only (validation is no longer front-matter-only);--stricthelp updated.src/test.zig; a build-level section intests/redaction-leak-check.shasserting warn-by-default,--strictfailure, and no false positives on the demo content.writing-policiesguide, starter README, CHANGELOG.Verification
zig build test— 47/47 (was 41).tests/redaction-leak-check.sh— passes, including the three new raw-HTML checks.zig build e2e— starter content clean under the new rule (3 policies)../zig-out/bin/policypress -c config.toml -o <tmp> --strict— exit 0, no raw-HTML warnings on demo content.nix fmt— 0 files changed.Related
Closes #117.