Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Commit52f9ca6

Browse files
mfagsnedders
authored andcommitted
refactor allowed_token and disallowed_token as new methods in HTMLSanitizerMixin for usage in subclass.
1 parent90aa9f4 commit52f9ca6

File tree

1 file changed

+51
-45
lines changed

1 file changed

+51
-45
lines changed

‎html5lib/sanitizer.py

Lines changed: 51 additions & 45 deletions
Original file line numberDiff line numberDiff line change
@@ -168,57 +168,63 @@ def sanitize_token(self, token):
168168
iftoken_typein (tokenTypes["StartTag"],tokenTypes["EndTag"],
169169
tokenTypes["EmptyTag"]):
170170
iftoken["name"]inself.allowed_elements:
171-
if"data"intoken:
172-
attrs=dict([(name,val)forname,valin
173-
token["data"][::-1]
174-
ifnameinself.allowed_attributes])
175-
forattrinself.attr_val_is_uri:
176-
ifattrnotinattrs:
177-
continue
178-
val_unescaped=re.sub("[`\000-\040\177-\240\s]+",'',
179-
unescape(attrs[attr])).lower()
180-
#remove replacement characters from unescaped characters
181-
val_unescaped=val_unescaped.replace("\ufffd","")
182-
if (re.match("^[a-z0-9][-+.a-z0-9]*:",val_unescaped)and
183-
(val_unescaped.split(':')[0]notin
184-
self.allowed_protocols)):
185-
delattrs[attr]
186-
forattrinself.svg_attr_val_allows_ref:
187-
ifattrinattrs:
188-
attrs[attr]=re.sub(r'url\s*\(\s*[^#\s][^)]+?\)',
189-
' ',
190-
unescape(attrs[attr]))
191-
if (token["name"]inself.svg_allow_local_hrefand
192-
'xlink:href'inattrsandre.search('^\s*[^#\s].*',
193-
attrs['xlink:href'])):
194-
delattrs['xlink:href']
195-
if'style'inattrs:
196-
attrs['style']=self.sanitize_css(attrs['style'])
197-
token["data"]= [[name,val]forname,valinlist(attrs.items())]
198-
returntoken
171+
returnself.allowed_token(token,token_type)
199172
else:
200-
iftoken_type==tokenTypes["EndTag"]:
201-
token["data"]="</%s>"%token["name"]
202-
eliftoken["data"]:
203-
attrs=''.join([' %s="%s"'% (k,escape(v))fork,vintoken["data"]])
204-
token["data"]="<%s%s>"% (token["name"],attrs)
205-
else:
206-
token["data"]="<%s>"%token["name"]
207-
iftoken.get("selfClosing"):
208-
token["data"]=token["data"][:-1]+"/>"
209-
210-
iftoken["type"]inlist(tokenTypes.keys()):
211-
token["type"]="Characters"
212-
else:
213-
token["type"]=tokenTypes["Characters"]
214-
215-
deltoken["name"]
216-
returntoken
173+
returnself.disallowed_token(token,token_type)
217174
eliftoken_type==tokenTypes["Comment"]:
218175
pass
219176
else:
220177
returntoken
221178

179+
defallowed_token(self,token,token_type):
180+
if"data"intoken:
181+
attrs=dict([(name,val)forname,valin
182+
token["data"][::-1]
183+
ifnameinself.allowed_attributes])
184+
forattrinself.attr_val_is_uri:
185+
ifattrnotinattrs:
186+
continue
187+
val_unescaped=re.sub("[`\000-\040\177-\240\s]+",'',
188+
unescape(attrs[attr])).lower()
189+
#remove replacement characters from unescaped characters
190+
val_unescaped=val_unescaped.replace("\ufffd","")
191+
if (re.match("^[a-z0-9][-+.a-z0-9]*:",val_unescaped)and
192+
(val_unescaped.split(':')[0]notin
193+
self.allowed_protocols)):
194+
delattrs[attr]
195+
forattrinself.svg_attr_val_allows_ref:
196+
ifattrinattrs:
197+
attrs[attr]=re.sub(r'url\s*\(\s*[^#\s][^)]+?\)',
198+
' ',
199+
unescape(attrs[attr]))
200+
if (token["name"]inself.svg_allow_local_hrefand
201+
'xlink:href'inattrsandre.search('^\s*[^#\s].*',
202+
attrs['xlink:href'])):
203+
delattrs['xlink:href']
204+
if'style'inattrs:
205+
attrs['style']=self.sanitize_css(attrs['style'])
206+
token["data"]= [[name,val]forname,valinlist(attrs.items())]
207+
returntoken
208+
209+
defdisallowed_token(self,token,token_type):
210+
iftoken_type==tokenTypes["EndTag"]:
211+
token["data"]="</%s>"%token["name"]
212+
eliftoken["data"]:
213+
attrs=''.join([' %s="%s"'% (k,escape(v))fork,vintoken["data"]])
214+
token["data"]="<%s%s>"% (token["name"],attrs)
215+
else:
216+
token["data"]="<%s>"%token["name"]
217+
iftoken.get("selfClosing"):
218+
token["data"]=token["data"][:-1]+"/>"
219+
220+
iftoken["type"]inlist(tokenTypes.keys()):
221+
token["type"]="Characters"
222+
else:
223+
token["type"]=tokenTypes["Characters"]
224+
225+
deltoken["name"]
226+
returntoken
227+
222228
defsanitize_css(self,style):
223229
# disallow urls
224230
style=re.compile('url\s*\(\s*[^\s)]+?\s*\)\s*').sub(' ',style)

0 commit comments

Comments
 (0)
[8]ページ先頭
©2009-2025 Movatter.jp