Commit70fe97b

committed

Fix#188: the sanitizer should sanitize given a bogus data URL.

1 parent428cafa commit70fe97bCopy full SHA for 70fe97b

File tree

+20

-1

lines changed

+20

-1

lines changed

Lines changed: 9 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -1,6 +1,15 @@`
`1`	`1`	`Change Log`
`2`	`2`	`----------`
`3`	`3`
	`4`	`+0.9999.1/1.0b5.1`
	`5`	`+~~~~~~~~~~~~~~~~`
	`6`	`+`
	`7`	`+Released on April 30, 2015`
	`8`	`+`
	`9`	`+* Fix #188: fix the sanitizer to not throw an exception when sanitizing`
	`10`	`+ bogus data URLs.`
	`11`	`+`
	`12`	`+`
`4`	`13`	`0.9999/1.0b5`
`5`	`14`	`~~~~~~~~~~~~`
`6`	`15`

Lines changed: 1 addition & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -215,7 +215,7 @@ def allowed_token(self, token, token_type):`
`215`	`215`	`m=content_type_rgx.match(uri.path)`
`216`	`216`	`ifnotm:`
`217`	`217`	`delattrs[attr]`
`218`		`-ifm.group('content_type')notinself.allowed_content_types:`
	`218`	`+elifm.group('content_type')notinself.allowed_content_types:`
`219`	`219`	`delattrs[attr]`
`220`	`220`
`221`	`221`	`forattrinself.svg_attr_val_allows_ref:`

Lines changed: 10 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -104,6 +104,16 @@ def test_sanitizer():`
`104`	`104`	`"""<img src="%s:%s">foo</a>"""% (protocol,rest_of_uri),`
`105`	`105`	`toxml)`
`106`	`106`
	`107`	`+yield (runSanitizerTest,"test_invalid_data_uri",`
	`108`	`+"<audio controls=\"\"></audio>",`
	`109`	`+"<audio controls=\"\" src=\"data:foobar\"></audio>",`
	`110`	`+toxml)`
	`111`	`+`
	`112`	`+yield (runSanitizerTest,"test_data_uri_disallowed_type",`
	`113`	`+"<audio controls=\"\"></audio>",`
	`114`	`+"<audio controls=\"\" src=\"data:text/html,<html>\"></audio>",`
	`115`	`+toxml)`
	`116`	`+`
`107`	`117`	`forprotocolinsanitizer.HTMLSanitizer.allowed_protocols:`
`108`	`118`	`rest_of_uri='//sub.domain.tld/path/object.ext'`
`109`	`119`	`ifprotocol=='data':`

Comments

(0)