From 88a230872ca2cd619cdd3817a36f30616148e7e6 Mon Sep 17 00:00:00 2001
From: Vincent Flyson <vflyson@uberspace.net>
Date: Sat, 21 Sep 2019 20:06:00 -0400
Subject: [PATCH] Add CSP isolation, no CSS, and no iframe options

---
 .travis.yml  |   4 +
 Cargo.toml   |   2 +-
 README.md    |   6 +-
 appveyor.yml |   4 +-
 src/html.rs  | 666 +++++++++++++++++++++++++++++++++++++++------------
 src/http.rs  |  17 +-
 src/main.rs  |  53 ++--
 src/utils.rs |   4 +-
 8 files changed, 572 insertions(+), 184 deletions(-)

diff --git a/.travis.yml b/.travis.yml
index 819dabc..050d3dd 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -12,6 +12,10 @@ rust:
     - beta 
     - nightly
 
+before_script:
+    - rustup component add rustfmt
+
 script:
     - cargo build --verbose
     - cargo test --verbose
+    - cargo fmt --all -- --check
diff --git a/Cargo.toml b/Cargo.toml
index f30d76c..65c715b 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -1,6 +1,6 @@
 [package]
 name = "monolith"
-version = "2.0.17"
+version = "2.0.18"
 authors = [
     "Sunshine <sunshine@uberspace.net>",
     "Mahdi Robatipoor <mahdi.robatipoor@gmail.com>",
diff --git a/README.md b/README.md
index 52253b8..6c91fd1 100644
--- a/README.md
+++ b/README.md
@@ -1,5 +1,6 @@
 [![Travis CI Build Status](https://travis-ci.org/Y2Z/monolith.svg?branch=master)](https://travis-ci.org/Y2Z/monolith)
-[![AppVeyor Build status](https://ci.appveyor.com/api/projects/status/j1v1d96sw952b1ch?svg=true)](https://ci.appveyor.com/project/vflyson/monolith)
+[![AppVeyor Build status](https://ci.appveyor.com/api/projects/status/ae7soyjih8jg2bv7/branch/master?svg=true)](https://ci.appveyor.com/project/snshn/monolith/branch/master)
+
 
 # monolith
 
@@ -21,7 +22,10 @@ If compared to saving websites with `wget -mpk`, this tool embeds all assets as
     $ monolith https://lyrics.github.io/db/p/portishead/dummy/roads/ > portishead-roads-lyrics.html
 
 ### Options
+ - `-c`: Ignore styles
+ - `-f`: Exclude iframes
  - `-i`: Remove images
+ - `-I`: Isolate document
  - `-j`: Exclude JavaScript
  - `-k`: Accept invalid X.509 (TLS) certificates
  - `-s`: Silent mode
diff --git a/appveyor.yml b/appveyor.yml
index 394334e..2b618fa 100644
--- a/appveyor.yml
+++ b/appveyor.yml
@@ -114,6 +114,7 @@ install:
   - if defined MINGW_PATH set PATH=%PATH%;%MINGW_PATH%
   - rustc -vV
   - cargo -vV
+  - rustup component add rustfmt
 
 ## Build Script ##
 
@@ -125,4 +126,5 @@ build: false
 #directly or perform other testing commands. Rust will automatically be placed in the PATH
 # environment variable.
 test_script:
-- cargo test --verbose %cargoflags%
+  - cargo test --verbose %cargoflags%
+  - cargo fmt --all -- --check
diff --git a/src/html.rs b/src/html.rs
index b3be66d..3f9f73e 100644
--- a/src/html.rs
+++ b/src/html.rs
@@ -1,23 +1,25 @@
+use html5ever::interface::QualName;
 use html5ever::parse_document;
 use html5ever::rcdom::{Handle, NodeData, RcDom};
 use html5ever::serialize::{serialize, SerializeOpts};
-use html5ever::tendril::TendrilSink;
+use html5ever::tendril::{format_tendril, TendrilSink};
+use html5ever::tree_builder::{Attribute, TreeSink};
+use html5ever::{local_name, namespace_url, ns};
 use http::{is_valid_url, resolve_url, retrieve_asset};
 use regex::Regex;
 use std::default::Default;
-use std::io;
 use utils::data_to_dataurl;
 
 lazy_static! {
     static ref EMPTY_STRING: String = String::new();
     static ref HAS_PROTOCOL: Regex = Regex::new(r"^[a-z0-9]+:").unwrap();
-    static ref ICON_VALUES: Regex = Regex::new(
-        r"^icon|shortcut icon|mask-icon|apple-touch-icon|fluid-icon$"
-    ).unwrap();
+    static ref ICON_VALUES: Regex =
+        Regex::new(r"^icon|shortcut icon|mask-icon|apple-touch-icon|fluid-icon$").unwrap();
 }
 
-const TRANSPARENT_PIXEL: &str = "data:image/png;base64,\
-iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAQAAAC1HAwCAAAAC0lEQVR42mNkYAAAAAYAAjCB0C8AAAAASUVORK5CYII=";
+const TRANSPARENT_PIXEL: &str =
+    "data:image/png;base64,\
+     iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAQAAAC1HAwCAAAAC0lEQVR42mNkYAAAAAYAAjCB0C8AAAAASUVORK5CYII=";
 
 const JS_DOM_EVENT_ATTRS: [&str; 21] = [
     // Input
@@ -47,53 +49,46 @@ const JS_DOM_EVENT_ATTRS: [&str; 21] = [
     "onresize",
 ];
 
-fn get_parent_node_name(node: &Handle) -> String {
+fn get_parent_node(node: &Handle) -> Handle {
     let parent = node.parent.take().clone();
-    let parent_node = parent.and_then(|node| node.upgrade()).unwrap();
-
-    match &parent_node.data {
-        NodeData::Document => { EMPTY_STRING.clone() }
-        NodeData::Doctype { .. } => { EMPTY_STRING.clone() }
-        NodeData::Text { .. } => { EMPTY_STRING.clone() }
-        NodeData::Comment { .. } => { EMPTY_STRING.clone() }
-        NodeData::Element { ref name, attrs: _, .. } => {
-            name.local.as_ref().to_string()
-        }
-        NodeData::ProcessingInstruction { .. } => unreachable!()
+    parent.and_then(|node| node.upgrade()).unwrap()
+}
+
+fn get_node_name(node: &Handle) -> String {
+    match &node.data {
+        NodeData::Element { ref name, .. } => name.local.as_ref().to_string(),
+        _ => EMPTY_STRING.clone(),
     }
 }
 
 pub fn walk_and_embed_assets(
     url: &str,
     node: &Handle,
+    opt_no_css: bool,
     opt_no_js: bool,
     opt_no_images: bool,
     opt_user_agent: &str,
     opt_silent: bool,
     opt_insecure: bool,
+    opt_no_frames: bool,
 ) {
     match node.data {
         NodeData::Document => {
             // Dig deeper
             for child in node.children.borrow().iter() {
                 walk_and_embed_assets(
-                        &url, child,
-                        opt_no_js,
-                        opt_no_images,
-                        opt_user_agent,
-                        opt_silent,
-                        opt_insecure,
-                    );
+                    &url,
+                    child,
+                    opt_no_css,
+                    opt_no_js,
+                    opt_no_images,
+                    opt_user_agent,
+                    opt_silent,
+                    opt_insecure,
+                    opt_no_frames,
+                );
             }
         }
-        NodeData::Doctype { .. } => {}
-        NodeData::Text { .. } => {}
-        NodeData::Comment { .. } => {
-            // Note: in case of opt_no_js being set to true, there's no need to worry about
-            //       getting rid of comments that may contain scripts, e.g. <!--[if IE]><script>...
-            //       since that's not part of W3C standard and therefore gets ignored
-            //       by browsers other than IE [5, 9]
-        }
         NodeData::Element {
             ref name,
             ref attrs,
@@ -103,7 +98,7 @@ pub fn walk_and_embed_assets(
 
             match name.local.as_ref() {
                 "link" => {
-                    let mut link_type = "";
+                    let mut link_type: &str = "";
 
                     for attr in attrs_mut.iter_mut() {
                         if &attr.name.local == "rel" {
@@ -122,22 +117,19 @@ pub fn walk_and_embed_assets(
                             if &attr.name.local == "href" {
                                 if opt_no_images {
                                     attr.value.clear();
-                                    attr.value.push_slice(TRANSPARENT_PIXEL);
                                 } else {
-                                    let href_full_url: String = resolve_url(
-                                            &url,
-                                            &attr.value.to_string()
-                                        )
-                                        .unwrap_or(EMPTY_STRING.clone());
+                                    let href_full_url: String =
+                                        resolve_url(&url, &attr.value.to_string())
+                                            .unwrap_or(EMPTY_STRING.clone());
                                     let favicon_datauri = retrieve_asset(
-                                            &href_full_url,
-                                            true,
-                                            "",
-                                            opt_user_agent,
-                                            opt_silent,
-                                            opt_insecure,
-                                        )
-                                        .unwrap_or(EMPTY_STRING.clone());
+                                        &href_full_url,
+                                        true,
+                                        "",
+                                        opt_user_agent,
+                                        opt_silent,
+                                        opt_insecure,
+                                    )
+                                    .unwrap_or(EMPTY_STRING.clone());
                                     attr.value.clear();
                                     attr.value.push_slice(favicon_datauri.as_str());
                                 }
@@ -146,12 +138,13 @@ pub fn walk_and_embed_assets(
                     } else if link_type == "stylesheet" {
                         for attr in attrs_mut.iter_mut() {
                             if &attr.name.local == "href" {
-                                let href_full_url: String = resolve_url(
-                                        &url,
-                                        &attr.value.to_string(),
-                                    )
-                                    .unwrap_or(EMPTY_STRING.clone());
-                                let css_datauri = retrieve_asset(
+                                if opt_no_css {
+                                    attr.value.clear();
+                                } else {
+                                    let href_full_url: String =
+                                        resolve_url(&url, &attr.value.to_string())
+                                            .unwrap_or(EMPTY_STRING.clone());
+                                    let css_datauri = retrieve_asset(
                                         &href_full_url,
                                         true,
                                         "text/css",
@@ -160,18 +153,17 @@ pub fn walk_and_embed_assets(
                                         opt_insecure,
                                     )
                                     .unwrap_or(EMPTY_STRING.clone());
-                                attr.value.clear();
-                                attr.value.push_slice(css_datauri.as_str());
+                                    attr.value.clear();
+                                    attr.value.push_slice(css_datauri.as_str());
+                                }
                             }
                         }
                     } else {
                         for attr in attrs_mut.iter_mut() {
                             if &attr.name.local == "href" {
-                                let href_full_url: String = resolve_url(
-                                        &url,
-                                        &attr.value.to_string(),
-                                    )
-                                    .unwrap_or(EMPTY_STRING.clone());
+                                let href_full_url: String =
+                                    resolve_url(&url, &attr.value.to_string())
+                                        .unwrap_or(EMPTY_STRING.clone());
                                 attr.value.clear();
                                 attr.value.push_slice(&href_full_url.as_str());
                             }
@@ -192,20 +184,17 @@ pub fn walk_and_embed_assets(
                                 attr.value.clear();
                                 attr.value.push_slice(TRANSPARENT_PIXEL);
                             } else {
-                                let src_full_url: String = resolve_url(
-                                        &url,
-                                        &value,
-                                    )
-                                    .unwrap_or(EMPTY_STRING.clone());
+                                let src_full_url: String =
+                                    resolve_url(&url, &value).unwrap_or(EMPTY_STRING.clone());
                                 let img_datauri = retrieve_asset(
-                                        &src_full_url,
-                                        true,
-                                        "",
-                                        opt_user_agent,
-                                        opt_silent,
-                                        opt_insecure,
-                                    )
-                                    .unwrap_or(EMPTY_STRING.clone());
+                                    &src_full_url,
+                                    true,
+                                    "",
+                                    opt_user_agent,
+                                    opt_silent,
+                                    opt_insecure,
+                                )
+                                .unwrap_or(EMPTY_STRING.clone());
                                 attr.value.clear();
                                 attr.value.push_slice(img_datauri.as_str());
                             }
@@ -215,25 +204,23 @@ pub fn walk_and_embed_assets(
                 "source" => {
                     for attr in attrs_mut.iter_mut() {
                         if &attr.name.local == "srcset" {
-                            if get_parent_node_name(&node) == "picture" {
+                            if get_node_name(&get_parent_node(&node)) == "picture" {
                                 if opt_no_images {
                                     attr.value.clear();
                                     attr.value.push_slice(TRANSPARENT_PIXEL);
                                 } else {
-                                    let srcset_full_url: String = resolve_url(
-                                            &url,
-                                            &attr.value.to_string(),
-                                        )
-                                        .unwrap_or(EMPTY_STRING.clone());
+                                    let srcset_full_url: String =
+                                        resolve_url(&url, &attr.value.to_string())
+                                            .unwrap_or(EMPTY_STRING.clone());
                                     let source_datauri = retrieve_asset(
-                                            &srcset_full_url,
-                                            true,
-                                            "",
-                                            opt_user_agent,
-                                            opt_silent,
-                                            opt_insecure,
-                                        )
-                                        .unwrap_or(EMPTY_STRING.clone());
+                                        &srcset_full_url,
+                                        true,
+                                        "",
+                                        opt_user_agent,
+                                        opt_silent,
+                                        opt_insecure,
+                                    )
+                                    .unwrap_or(EMPTY_STRING.clone());
                                     attr.value.clear();
                                     attr.value.push_slice(source_datauri.as_str());
                                 }
@@ -258,7 +245,7 @@ pub fn walk_and_embed_assets(
                 }
                 "script" => {
                     if opt_no_js {
-                        // Get rid of src and inner content of SCRIPT tags
+                        // Empty src and inner content of SCRIPT tags
                         for attr in attrs_mut.iter_mut() {
                             if &attr.name.local == "src" {
                                 attr.value.clear();
@@ -268,26 +255,30 @@ pub fn walk_and_embed_assets(
                     } else {
                         for attr in attrs_mut.iter_mut() {
                             if &attr.name.local == "src" {
-                                let src_full_url: String = resolve_url(
-                                        &url,
-                                        &attr.value.to_string(),
-                                    )
-                                    .unwrap_or(EMPTY_STRING.clone());
+                                let src_full_url: String =
+                                    resolve_url(&url, &attr.value.to_string())
+                                        .unwrap_or(EMPTY_STRING.clone());
                                 let js_datauri = retrieve_asset(
-                                        &src_full_url,
-                                        true,
-                                        "application/javascript",
-                                        opt_user_agent,
-                                        opt_silent,
-                                        opt_insecure,
-                                    )
-                                    .unwrap_or(EMPTY_STRING.clone());
+                                    &src_full_url,
+                                    true,
+                                    "application/javascript",
+                                    opt_user_agent,
+                                    opt_silent,
+                                    opt_insecure,
+                                )
+                                .unwrap_or(EMPTY_STRING.clone());
                                 attr.value.clear();
                                 attr.value.push_slice(js_datauri.as_str());
                             }
                         }
                     }
                 }
+                "style" => {
+                    if opt_no_css {
+                        // Empty  inner content of STYLE tags
+                        node.children.borrow_mut().clear();
+                    }
+                }
                 "form" => {
                     for attr in attrs_mut.iter_mut() {
                         if &attr.name.local == "action" {
@@ -304,18 +295,26 @@ pub fn walk_and_embed_assets(
                     }
                 }
                 "iframe" => {
-                    for attr in attrs_mut.iter_mut() {
-                        if &attr.name.local == "src" {
-                            let value = attr.value.to_string();
-
-                            // Ignore iframes with empty source (they cause infinite loops)
-                            if value == EMPTY_STRING.clone() {
-                                continue;
+                    if opt_no_frames {
+                        // Empty the src attribute
+                        for attr in attrs_mut.iter_mut() {
+                            if &attr.name.local == "src" {
+                                attr.value.clear();
                             }
+                        }
+                    } else {
+                        for attr in attrs_mut.iter_mut() {
+                            if &attr.name.local == "src" {
+                                let iframe_src = attr.value.to_string();
 
-                            let src_full_url: String = resolve_url(&url, &value)
-                                .unwrap_or(EMPTY_STRING.clone());
-                            let iframe_data = retrieve_asset(
+                                // Ignore iframes with empty source (they cause infinite loops)
+                                if iframe_src == EMPTY_STRING.clone() {
+                                    continue;
+                                }
+
+                                let src_full_url: String =
+                                    resolve_url(&url, &iframe_src).unwrap_or(EMPTY_STRING.clone());
+                                let iframe_data = retrieve_asset(
                                     &src_full_url,
                                     false,
                                     "text/html",
@@ -324,27 +323,40 @@ pub fn walk_and_embed_assets(
                                     opt_insecure,
                                 )
                                 .unwrap_or(EMPTY_STRING.clone());
-                            let dom = html_to_dom(&iframe_data);
-                            walk_and_embed_assets(
+                                let dom = html_to_dom(&iframe_data);
+                                walk_and_embed_assets(
                                     &src_full_url,
                                     &dom.document,
+                                    opt_no_css,
                                     opt_no_js,
                                     opt_no_images,
                                     opt_user_agent,
                                     opt_silent,
                                     opt_insecure,
+                                    opt_no_frames,
                                 );
-                            let mut buf: Vec<u8> = Vec::new();
-                            serialize(&mut buf, &dom.document, SerializeOpts::default()).unwrap();
-                            let iframe_datauri = data_to_dataurl("text/html", &buf);
-                            attr.value.clear();
-                            attr.value.push_slice(iframe_datauri.as_str());
+                                let mut buf: Vec<u8> = Vec::new();
+                                serialize(&mut buf, &dom.document, SerializeOpts::default())
+                                    .unwrap();
+                                let iframe_datauri = data_to_dataurl("text/html", &buf);
+                                attr.value.clear();
+                                attr.value.push_slice(iframe_datauri.as_str());
+                            }
                         }
                     }
                 }
                 _ => {}
             }
 
+            if opt_no_css {
+                // Get rid of style attributes
+                for attr in attrs_mut.iter_mut() {
+                    if attr.name.local.to_lowercase() == "style" {
+                        attr.value.clear();
+                    }
+                }
+            }
+
             if opt_no_js {
                 // Get rid of JS event attributes
                 for attr in attrs_mut.iter_mut() {
@@ -357,17 +369,24 @@ pub fn walk_and_embed_assets(
             // Dig deeper
             for child in node.children.borrow().iter() {
                 walk_and_embed_assets(
-                        &url,
-                        child,
-                        opt_no_js,
-                        opt_no_images,
-                        opt_user_agent,
-                        opt_silent,
-                        opt_insecure,
-                    );
+                    &url,
+                    child,
+                    opt_no_css,
+                    opt_no_js,
+                    opt_no_images,
+                    opt_user_agent,
+                    opt_silent,
+                    opt_insecure,
+                    opt_no_frames,
+                );
             }
         }
-        NodeData::ProcessingInstruction { .. } => unreachable!()
+        _ => {
+            // Note: in case of opt_no_js being set to true, there's no need to worry about
+            //       getting rid of comments that may contain scripts, e.g. <!--[if IE]><script>...
+            //       since that's not part of W3C standard and therefore gets ignored
+            //       by browsers other than IE [5, 9]
+        }
     }
 }
 
@@ -382,8 +401,86 @@ pub fn html_to_dom(data: &str) -> html5ever::rcdom::RcDom {
         .unwrap()
 }
 
-pub fn print_dom(handle: &Handle) {
-    serialize(&mut io::stdout(), handle, SerializeOpts::default()).unwrap();
+fn get_child_node_by_name(handle: &Handle, node_name: &str) -> Handle {
+    let children = handle.children.borrow();
+    let matching_children = children.iter().find(|child| match child.data {
+        NodeData::Element { ref name, .. } => &*name.local == node_name,
+        _ => false,
+    });
+    match matching_children {
+        Some(node) => node.clone(),
+        _ => {
+            return handle.clone();
+        }
+    }
+}
+
+pub fn stringify_document(
+    handle: &Handle,
+    opt_no_css: bool,
+    opt_no_frames: bool,
+    opt_no_js: bool,
+    opt_no_images: bool,
+    opt_isolate: bool,
+) -> String {
+    let mut buf: Vec<u8> = Vec::new();
+    serialize(&mut buf, handle, SerializeOpts::default())
+        .expect("unable to serialize DOM into buffer");
+
+    let mut result: String = String::from_utf8(buf).unwrap();
+
+    if opt_isolate || opt_no_css || opt_no_frames || opt_no_js || opt_no_images {
+        let mut buf: Vec<u8> = Vec::new();
+        let mut dom = html_to_dom(&result);
+        let doc = dom.get_document();
+        let html = get_child_node_by_name(&doc, "html");
+        let head = get_child_node_by_name(&html, "head");
+        {
+            let mut content_attr = EMPTY_STRING.clone();
+            if opt_isolate {
+                content_attr += "default-src 'unsafe-inline' data:;"
+            }
+            if opt_no_css {
+                content_attr += "style-src 'none';"
+            }
+            if opt_no_frames {
+                content_attr += "frame-src 'none';child-src 'none';"
+            }
+            if opt_no_js {
+                content_attr += "script-src 'none';"
+            }
+            if opt_no_images {
+                content_attr += "img-src data:;"
+            }
+            let meta = dom.create_element(
+                QualName::new(None, ns!(), local_name!("meta")),
+                vec![
+                    Attribute {
+                        name: QualName::new(None, ns!(), local_name!("http-equiv")),
+                        value: format_tendril!("Content-Security-Policy"),
+                    },
+                    Attribute {
+                        name: QualName::new(None, ns!(), local_name!("content")),
+                        value: format_tendril!("{}", content_attr),
+                    },
+                ],
+                Default::default(),
+            );
+            head.children.borrow_mut().reverse();
+            head.children.borrow_mut().push(meta.clone());
+            head.children.borrow_mut().reverse();
+            // Note: the CSP meta-tag has to be prepended, never appended,
+            //       since there already may be one defined in the document,
+            //       and browsers don't allow re-defining them (for obvious reasons)
+        }
+        serialize(&mut buf, &doc, SerializeOpts::default())
+            .expect("unable to serialize DOM into buffer");
+        result = String::from_utf8(buf).unwrap();
+        // Note: we can't make it isolate the page right away since it may have no HEAD element,
+        //       ergo we have to serialize, parse DOM again, and then finally serialize the result
+    }
+
+    result
 }
 
 fn is_icon(attr_value: &str) -> bool {
@@ -407,7 +504,10 @@ mod tests {
 
     #[test]
     fn test_has_protocol() {
-        assert_eq!(has_protocol("mailto:somebody@somewhere.com?subject=hello"), true);
+        assert_eq!(
+            has_protocol("mailto:somebody@somewhere.com?subject=hello"),
+            true
+        );
         assert_eq!(has_protocol("tel:5551234567"), true);
         assert_eq!(has_protocol("ftp:user:password@some-ftp-server.com"), true);
         assert_eq!(has_protocol("javascript:void(0)"), true);
@@ -417,7 +517,10 @@ mod tests {
         assert_eq!(has_protocol("some-hostname.com/some-file.html"), false);
         assert_eq!(has_protocol("/some-file.html"), false);
         assert_eq!(has_protocol(""), false);
-        assert_eq!(has_protocol("MAILTO:somebody@somewhere.com?subject=hello"), true);
+        assert_eq!(
+            has_protocol("MAILTO:somebody@somewhere.com?subject=hello"),
+            true
+        );
     }
 
     #[test]
@@ -438,9 +541,9 @@ mod tests {
                 NodeData::Doctype { .. } => (),
                 NodeData::Text { .. } => (),
                 NodeData::Comment { .. } => (),
-                NodeData::Element { ref name, attrs: _, .. } => {
+                NodeData::Element { ref name, .. } => {
                     let node_name = name.local.as_ref().to_string();
-                    let parent_node_name = get_parent_node_name(node);
+                    let parent_node_name = get_node_name(&get_parent_node(node));
                     if node_name == "head" || node_name == "body" {
                         assert_eq!(parent_node_name, "html");
                     } else if node_name == "div" {
@@ -455,7 +558,7 @@ mod tests {
                         test_walk(child, &mut *i);
                     }
                 }
-                NodeData::ProcessingInstruction { .. } => unreachable!()
+                NodeData::ProcessingInstruction { .. } => unreachable!(),
             };
         }
 
@@ -470,7 +573,24 @@ mod tests {
         let dom = html_to_dom(&html);
         let url = "http://localhost";
 
-        walk_and_embed_assets(&url, &dom.document, true, true, "", true, true);
+        let opt_no_css: bool = false;
+        let opt_no_frames: bool = false;
+        let opt_no_js: bool = false;
+        let opt_no_images: bool = false;
+        let opt_silent = true;
+        let opt_insecure = false;
+
+        walk_and_embed_assets(
+            &url,
+            &dom.document,
+            opt_no_css,
+            opt_no_js,
+            opt_no_images,
+            "",
+            opt_silent,
+            opt_insecure,
+            opt_no_frames,
+        );
 
         let mut buf: Vec<u8> = Vec::new();
         serialize(&mut buf, &dom.document, SerializeOpts::default()).unwrap();
@@ -482,12 +602,29 @@ mod tests {
     }
 
     #[test]
-    fn test_walk_and_embed_assets_iframe() {
+    fn test_walk_and_embed_assets_no_recursive_iframe() {
         let html = "<div><P></P><iframe src=\"\"></iframe></div>";
         let dom = html_to_dom(&html);
         let url = "http://localhost";
 
-        walk_and_embed_assets(&url, &dom.document, true, true, "", true, true);
+        let opt_no_css: bool = false;
+        let opt_no_frames: bool = false;
+        let opt_no_js: bool = false;
+        let opt_no_images: bool = false;
+        let opt_silent = true;
+        let opt_insecure = false;
+
+        walk_and_embed_assets(
+            &url,
+            &dom.document,
+            opt_no_css,
+            opt_no_js,
+            opt_no_images,
+            "",
+            opt_silent,
+            opt_insecure,
+            opt_no_frames,
+        );
 
         let mut buf: Vec<u8> = Vec::new();
         serialize(&mut buf, &dom.document, SerializeOpts::default()).unwrap();
@@ -499,19 +636,74 @@ mod tests {
     }
 
     #[test]
-    fn test_walk_and_embed_assets_img() {
-        let html = "<div><img src=\"http://localhost/assets/mono_lisa.png\" /></div>";
+    fn test_walk_and_embed_assets_no_css() {
+        let html = "<link rel=\"stylesheet\" href=\"main.css\">\
+                    <style>html{background-color: #000;}</style>\
+                    <div style=\"display: none;\"></div>";
         let dom = html_to_dom(&html);
         let url = "http://localhost";
 
-        walk_and_embed_assets(&url, &dom.document, true, true, "", true, true);
+        let opt_no_css: bool = true;
+        let opt_no_frames: bool = false;
+        let opt_no_js: bool = false;
+        let opt_no_images: bool = false;
+        let opt_silent = true;
+        let opt_insecure = false;
+
+        walk_and_embed_assets(
+            &url,
+            &dom.document,
+            opt_no_css,
+            opt_no_js,
+            opt_no_images,
+            "",
+            opt_silent,
+            opt_insecure,
+            opt_no_frames,
+        );
 
         let mut buf: Vec<u8> = Vec::new();
         serialize(&mut buf, &dom.document, SerializeOpts::default()).unwrap();
 
         assert_eq!(
             buf.iter().map(|&c| c as char).collect::<String>(),
-            "<html><head></head><body><div>\
+            "<html><head><link rel=\"stylesheet\" href=\"\"><style></style></head>\
+             <body><div style=\"\"></div></body></html>"
+        );
+    }
+
+    #[test]
+    fn test_walk_and_embed_assets_no_images() {
+        let html = "<link rel=\"icon\" href=\"favicon.ico\">\
+                    <div><img src=\"http://localhost/assets/mono_lisa.png\" /></div>";
+        let dom = html_to_dom(&html);
+        let url = "http://localhost";
+
+        let opt_no_css: bool = false;
+        let opt_no_frames: bool = false;
+        let opt_no_js: bool = false;
+        let opt_no_images: bool = true;
+        let opt_silent = true;
+        let opt_insecure = false;
+
+        walk_and_embed_assets(
+            &url,
+            &dom.document,
+            opt_no_css,
+            opt_no_js,
+            opt_no_images,
+            "",
+            opt_silent,
+            opt_insecure,
+            opt_no_frames,
+        );
+
+        let mut buf: Vec<u8> = Vec::new();
+        serialize(&mut buf, &dom.document, SerializeOpts::default()).unwrap();
+
+        assert_eq!(
+            buf.iter().map(|&c| c as char).collect::<String>(),
+            "<html><head><link rel=\"icon\" href=\"\"></head><body><div>\
              <img src=\"data:image/png;base64,\
              iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAQAAAC1HAwCAAAAC0\
              lEQVR42mNkYAAAAAYAAjCB0C8AAAAASUVORK5CYII=\">\
@@ -520,21 +712,199 @@ mod tests {
     }
 
     #[test]
-    fn test_walk_and_embed_assets_js() {
-        let html = "<div><script src=\"http://localhost/assets/some.js\"></script>\
-                    <script>alert(1)</script></div>";
+    fn test_walk_and_embed_assets_no_frames() {
+        let html = "<iframe src=\"http://trackbook.com\"></iframe>";
         let dom = html_to_dom(&html);
         let url = "http://localhost";
 
-        walk_and_embed_assets(&url, &dom.document, true, true, "", true, true);
+        let opt_no_css: bool = false;
+        let opt_no_frames: bool = true;
+        let opt_no_js: bool = false;
+        let opt_no_images: bool = false;
+        let opt_silent = true;
+        let opt_insecure = false;
+
+        walk_and_embed_assets(
+            &url,
+            &dom.document,
+            opt_no_css,
+            opt_no_js,
+            opt_no_images,
+            "",
+            opt_silent,
+            opt_insecure,
+            opt_no_frames,
+        );
 
         let mut buf: Vec<u8> = Vec::new();
         serialize(&mut buf, &dom.document, SerializeOpts::default()).unwrap();
 
         assert_eq!(
             buf.iter().map(|&c| c as char).collect::<String>(),
-            "<html><head></head><body><div><script src=\"\"></script>\
+            "<html><head></head><body><iframe src=\"\"></iframe></body></html>"
+        );
+    }
+
+    #[test]
+    fn test_walk_and_embed_assets_no_js() {
+        let html =
+            "<div onClick=\"void(0)\"><script src=\"http://localhost/assets/some.js\"></script>\
+             <script>alert(1)</script></div>";
+        let dom = html_to_dom(&html);
+        let url = "http://localhost";
+
+        let opt_no_css: bool = false;
+        let opt_no_frames: bool = false;
+        let opt_no_js: bool = true;
+        let opt_no_images: bool = false;
+        let opt_silent = true;
+        let opt_insecure = false;
+
+        walk_and_embed_assets(
+            &url,
+            &dom.document,
+            opt_no_css,
+            opt_no_js,
+            opt_no_images,
+            "",
+            opt_silent,
+            opt_insecure,
+            opt_no_frames,
+        );
+
+        let mut buf: Vec<u8> = Vec::new();
+        serialize(&mut buf, &dom.document, SerializeOpts::default()).unwrap();
+
+        assert_eq!(
+            buf.iter().map(|&c| c as char).collect::<String>(),
+            "<html><head></head><body><div onclick=\"\"><script src=\"\"></script>\
              <script></script></div></body></html>"
         );
     }
+
+    #[test]
+    fn test_stringify_document() {
+        let html = "<div><script src=\"some.js\"></script></div>";
+        let dom = html_to_dom(&html);
+
+        let opt_no_css: bool = false;
+        let opt_no_frames: bool = false;
+        let opt_no_js: bool = false;
+        let opt_no_images: bool = false;
+        let opt_isolate: bool = false;
+
+        assert_eq!(
+            stringify_document(
+                &dom.document,
+                opt_no_css,
+                opt_no_frames,
+                opt_no_js,
+                opt_no_images,
+                opt_isolate,
+            ),
+            "<html><head></head><body><div><script src=\"some.js\"></script></div></body></html>"
+        );
+    }
+
+    #[test]
+    fn test_stringify_document_isolate() {
+        let html = "<title>Isolated document</title><link rel=\"something\"/>\
+                    <div><script src=\"some.js\"></script></div>";
+        let dom = html_to_dom(&html);
+
+        let opt_no_css: bool = false;
+        let opt_no_frames: bool = false;
+        let opt_no_js: bool = false;
+        let opt_no_images: bool = false;
+        let opt_isolate: bool = true;
+
+        assert_eq!(
+            stringify_document(
+                &dom.document,
+                opt_no_css,
+                opt_no_frames,
+                opt_no_js,
+                opt_no_images,
+                opt_isolate,
+            ),
+            "<html>\
+             <head>\
+             <meta \
+             http-equiv=\"Content-Security-Policy\" \
+             content=\"default-src 'unsafe-inline' data:;\"></meta>\
+             <title>Isolated document</title>\
+             <link rel=\"something\">\
+             </head>\
+             <body><div><script src=\"some.js\"></script></div></body>\
+             </html>"
+        );
+    }
+
+    #[test]
+    fn test_stringify_document_no_css() {
+        let html = "<!doctype html>\
+                    <title>Unstyled document</title>\
+                    <link rel=\"stylesheet\" href=\"main.css\"/>\
+                    <div style=\"display: none;\"></div>";
+        let dom = html_to_dom(&html);
+
+        let opt_no_css: bool = true;
+        let opt_no_frames: bool = false;
+        let opt_no_js: bool = false;
+        let opt_no_images: bool = false;
+        let opt_isolate: bool = false;
+
+        assert_eq!(
+            stringify_document(
+                &dom.document,
+                opt_no_css,
+                opt_no_frames,
+                opt_no_js,
+                opt_no_images,
+                opt_isolate,
+            ),
+            "<!DOCTYPE html>\
+             <html>\
+             <head>\
+             <meta http-equiv=\"Content-Security-Policy\" content=\"style-src 'none';\"></meta>\
+             <title>Unstyled document</title>\
+             <link rel=\"stylesheet\" href=\"main.css\">\
+             </head>\
+             <body><div style=\"display: none;\"></div></body>\
+             </html>"
+        );
+    }
+
+    #[test]
+    fn test_stringify_document_no_frames() {
+        let html = "<!doctype html><title>Frameless document</title><link rel=\"something\"/>\
+                    <div><script src=\"some.js\"></script></div>";
+        let dom = html_to_dom(&html);
+
+        let opt_no_css: bool = false;
+        let opt_no_frames: bool = true;
+        let opt_no_js: bool = false;
+        let opt_no_images: bool = false;
+        let opt_isolate: bool = false;
+
+        assert_eq!(
+            stringify_document(
+                &dom.document,
+                opt_no_css,
+                opt_no_frames,
+                opt_no_js,
+                opt_no_images,
+                opt_isolate,
+            ),
+            "<!DOCTYPE html>\
+             <html>\
+             <head>\
+             <meta http-equiv=\"Content-Security-Policy\" content=\"frame-src 'none';child-src 'none';\"></meta>\
+             <title>Frameless document</title>\
+             <link rel=\"something\">\
+             </head>\
+             <body><div><script src=\"some.js\"></script></div></body>\
+             </html>"
+        );
+    }
 }
diff --git a/src/http.rs b/src/http.rs
index 54034b3..50d686b 100644
--- a/src/http.rs
+++ b/src/http.rs
@@ -1,6 +1,6 @@
 use regex::Regex;
-use reqwest::Client;
 use reqwest::header::{CONTENT_TYPE, USER_AGENT};
+use reqwest::Client;
 use std::time::Duration;
 use url::{ParseError, Url};
 use utils::data_to_dataurl;
@@ -46,10 +46,7 @@ pub fn retrieve_asset(
             .timeout(Duration::from_secs(10))
             .danger_accept_invalid_certs(opt_insecure)
             .build()?;
-        let mut response = client
-            .get(url)
-            .header(USER_AGENT, opt_user_agent)
-            .send()?;
+        let mut response = client.get(url).header(USER_AGENT, opt_user_agent).send()?;
         let final_url = response.url().as_str();
 
         if !opt_silent {
@@ -102,19 +99,13 @@ mod tests {
 
     #[test]
     fn test_resolve_url() -> Result<(), ParseError> {
-        let resolved_url = resolve_url(
-            "https://www.kernel.org",
-            "../category/signatures.html",
-        )?;
+        let resolved_url = resolve_url("https://www.kernel.org", "../category/signatures.html")?;
         assert_eq!(
             resolved_url.as_str(),
             "https://www.kernel.org/category/signatures.html"
         );
 
-        let resolved_url = resolve_url(
-            "https://www.kernel.org",
-            "category/signatures.html",
-        )?;
+        let resolved_url = resolve_url("https://www.kernel.org", "category/signatures.html")?;
         assert_eq!(
             resolved_url.as_str(),
             "https://www.kernel.org/category/signatures.html"
diff --git a/src/main.rs b/src/main.rs
index 1d25991..b4d83e2 100644
--- a/src/main.rs
+++ b/src/main.rs
@@ -3,7 +3,7 @@ extern crate clap;
 extern crate monolith;
 
 use clap::{App, Arg};
-use monolith::html::{html_to_dom, print_dom, walk_and_embed_assets};
+use monolith::html::{html_to_dom, stringify_document, walk_and_embed_assets};
 use monolith::http::{is_valid_url, retrieve_asset};
 
 static DEFAULT_USER_AGENT: &str =
@@ -21,43 +21,60 @@ fn main() {
                 .index(1)
                 .help("URL to download"),
         )
-        .args_from_usage("-i, --no-images 'Removes images'")
-        .args_from_usage("-j, --no-js 'Excludes JavaScript'")
+        .args_from_usage("-c, --no-css 'Ignore styles'")
+        .args_from_usage("-f, --no-frames 'Exclude iframes'")
+        .args_from_usage("-i, --no-images 'Remove images'")
+        .args_from_usage("-I, --isolate 'Cut off from the Internet'")
+        .args_from_usage("-j, --no-js 'Exclude JavaScript'")
         .args_from_usage("-k, --insecure 'Accept invalid X.509 (TLS) certificates'")
         .args_from_usage("-s, --silent 'Suppress verbosity'")
         .args_from_usage("-u, --user-agent=[Iceweasel] 'Custom User-Agent string'")
         .get_matches();
 
     // Process the command
-    let arg_target = command.value_of("url").unwrap();
-    let opt_no_images = command.is_present("no-images");
-    let opt_no_js = command.is_present("no-js");
-    let opt_insecure = command.is_present("insecure");
-    let opt_silent = command.is_present("silent");
-    let opt_user_agent = command.value_of("user-agent").unwrap_or(DEFAULT_USER_AGENT);
+    let arg_target: &str = command.value_of("url").unwrap();
+    let opt_no_css: bool = command.is_present("no-css");
+    let opt_no_frames: bool = command.is_present("no-frames");
+    let opt_no_images: bool = command.is_present("no-images");
+    let opt_no_js: bool = command.is_present("no-js");
+    let opt_insecure: bool = command.is_present("insecure");
+    let opt_isolate: bool = command.is_present("isolate");
+    let opt_silent: bool = command.is_present("silent");
+    let opt_user_agent: &str = command.value_of("user-agent").unwrap_or(DEFAULT_USER_AGENT);
 
     if is_valid_url(arg_target) {
         let data = retrieve_asset(
-                &arg_target,
-                false,
-                "",
-                opt_user_agent,
-                opt_silent,
-                opt_insecure,
-            ).unwrap();
+            &arg_target,
+            false,
+            "",
+            opt_user_agent,
+            opt_silent,
+            opt_insecure,
+        )
+        .unwrap();
         let dom = html_to_dom(&data);
 
         walk_and_embed_assets(
             &arg_target,
             &dom.document,
+            opt_no_css,
             opt_no_js,
             opt_no_images,
             opt_user_agent,
             opt_silent,
             opt_insecure,
+            opt_no_frames,
+        );
+
+        let html: String = stringify_document(
+            &dom.document,
+            opt_no_css,
+            opt_no_frames,
+            opt_no_js,
+            opt_no_images,
+            opt_isolate,
         );
 
-        print_dom(&dom.document);
-        println!(); // Ensure newline at end of output
+        println!("{}", html);
     }
 }
diff --git a/src/utils.rs b/src/utils.rs
index 2f91337..8f1e653 100644
--- a/src/utils.rs
+++ b/src/utils.rs
@@ -2,7 +2,7 @@ extern crate base64;
 
 use self::base64::encode;
 
-static MAGIC: [[&[u8]; 2]; 19]  = [
+static MAGIC: [[&[u8]; 2]; 19] = [
     // Image
     [b"GIF87a", b"image/gif"],
     [b"GIF89a", b"image/gif"],
@@ -39,7 +39,7 @@ pub fn data_to_dataurl(mime: &str, data: &[u8]) -> String {
 fn detect_mimetype(data: &[u8]) -> String {
     let mut re = String::new();
 
-    for item in MAGIC.iter()  {
+    for item in MAGIC.iter() {
         if data.starts_with(item[0]) {
             re = String::from_utf8(item[1].to_vec()).unwrap();
             break;