Commitc0a6375

committed

Fix#189: fix the sanitizer to allow relative URLs again.

We regressed this when we added support for data URLs. Oops.

1 parent9e91591 commitc0a6375Copy full SHA for c0a6375

File tree

+14

-1

lines changed

+14

-1

lines changed

Lines changed: 9 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -1,6 +1,15 @@`
`1`	`1`	`Change Log`
`2`	`2`	`----------`
`3`	`3`
	`4`	`+0.999999/1.0b7`
	`5`	`+~~~~~~~~~~~~~~`
	`6`	`+`
	`7`	`+Released on July 7, 2015`
	`8`	`+`
	`9`	`+* Fix #189: fix the sanitizer to allow relative URLs again (as it did`
	`10`	`+ prior to 0.9999/1.0b5).`
	`11`	`+`
	`12`	`+`
`4`	`13`	`0.99999/1.0b6`
`5`	`14`	`~~~~~~~~~~~~~`
`6`	`15`

Lines changed: 1 addition & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -208,7 +208,7 @@ def allowed_token(self, token, token_type):`
`208`	`208`	`# remove replacement characters from unescaped characters`
`209`	`209`	`val_unescaped=val_unescaped.replace("\ufffd","")`
`210`	`210`	`uri=urlparse.urlparse(val_unescaped)`
`211`		`-ifuri:`
	`211`	`+ifurianduri.scheme:`
`212`	`212`	`ifuri.schemenotinself.allowed_protocols:`
`213`	`213`	`delattrs[attr]`
`214`	`214`	`ifuri.scheme=='data':`

Lines changed: 4 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -40,6 +40,10 @@ def test_should_handle_astral_plane_characters():`
`40`	`40`	`assert'<html:p xmlns:html="http://www.w3.org/1999/xhtml">\U0001d4b5\U0001d538</html:p>'==sanitize_html("<p>𝒵 𝔸</p>")`
`41`	`41`
`42`	`42`
	`43`	`+deftest_should_allow_relative_uris():`
	`44`	`+assert'<html:p xmlns:html="http://www.w3.org/1999/xhtml"><html:a href="/example.com" /></html:p>'==sanitize_html('<p><a href="/example.com"></a></p>')`
	`45`	`+`
	`46`	`+`
`43`	`47`	`deftest_sanitizer():`
`44`	`48`	`toxml=toxmlFactory()`
`45`	`49`	`fortag_nameinsanitizer.HTMLSanitizer.allowed_elements:`

Comments

(0)