@@ -782,7 +782,7 @@ def allowed_token(self, token):
782782# characters, nor why we call unescape. I just know it's always been here.
783783# Should you be worried by this comment in a sanitizer? Yes. On the other hand, all
784784# this will do is remove *more* than it otherwise would.
785- val_unescaped = re .sub ("[`\x00 -\x20 \x7f -\xa0 \s]+" ,'' ,
785+ val_unescaped = re .sub ("[`\x00 -\x20 \x7f -\xa0 \\ s]+" ,'' ,
786786unescape (attrs [attr ])).lower ()
787787# remove replacement characters from unescaped characters
788788val_unescaped = val_unescaped .replace ("\ufffd " ,"" )
@@ -807,7 +807,7 @@ def allowed_token(self, token):
807807' ' ,
808808unescape (attrs [attr ]))
809809if (token ["name" ]in self .svg_allow_local_href and
810- (namespaces ['xlink' ],'href' )in attrs and re .search ('^\s*[^#\s].*' ,
810+ (namespaces ['xlink' ],'href' )in attrs and re .search (r '^\s*[^#\s].*'
811811attrs [(namespaces ['xlink' ],'href' )])):
812812del attrs [(namespaces ['xlink' ],'href' )]
813813if (None ,'style' )in attrs :
@@ -837,16 +837,16 @@ def disallowed_token(self, token):
837837
838838def sanitize_css (self ,style ):
839839# disallow urls
840- style = re .compile ('url\s*\(\s*[^\s)]+?\s*\)\s*' ).sub (' ' ,style )
840+ style = re .compile (r 'url\s*\(\s*[^\s)]+?\s*\)\s*'sub (' ' ,style )
841841
842842# gauntlet
843- if not re .match ("""^([:,;#%.\sa-zA-Z0-9!]|\w-\w|'[\s\w]+'|"[\s\w]+"|\([\d,\s]+\))*$""" ,style ):
843+ if not re .match (r """^([:,;#%.\sa-zA-Z0-9!]|\w-\w|'[\s\w]+'|"[\s\w]+"|\([\d,\s]+\))*$"""style ):
844844return ''
845- if not re .match ("^\s*([-\w]+\s*:[^:;]*(;\s*|$))*$" ,style ):
845+ if not re .match (r "^\s*([-\w]+\s*:[^:;]*(;\s*|$))*$"style ):
846846return ''
847847
848848clean = []
849- for prop ,value in re .findall ("([-\w]+)\s*:\s*([^:;]*)" ,style ):
849+ for prop ,value in re .findall (r "([-\w]+)\s*:\s*([^:;]*)"style ):
850850if not value :
851851continue
852852if prop .lower ()in self .allowed_css_properties :
@@ -855,7 +855,7 @@ def sanitize_css(self, style):
855855'padding' ]:
856856for keyword in value .split ():
857857if keyword not in self .allowed_css_keywords and \
858- not re .match ("^(#[0-9a-f]+|rgb\(\d+%?,\d*%?,?\d*%?\)?|\d{0,2}\.?\d{0,2}(cm|em|ex|in|mm|pc|pt|px|%|,|\))?)$" ,keyword ):# noqa
858+ not re .match (r "^(#[0-9a-f]+|rgb\(\d+%?,\d*%?,?\d*%?\)?|\d{0,2}\.?\d{0,2}(cm|em|ex|in|mm|pc|pt|px|%|,|\))?)$"keyword ):# noqa
859859break
860860else :
861861clean .append (prop + ': ' + value + ';' )