diff options
author | Per Andersson <avtobiff@gmail.com> | 2013-06-09 19:45:54 +0200 |
---|---|---|
committer | Per Andersson <avtobiff@gmail.com> | 2013-06-09 19:45:54 +0200 |
commit | fac84c6d90e0875e6c1b10c5ef02d577ee008af4 (patch) | |
tree | 4080efdb87c814d5dc409e9e87aa449f4b273ff3 /bleach/sanitizer.py | |
parent | 38dc3b8f231cf36bcc771001318556d9e84c2889 (diff) | |
download | python-bleach-fac84c6d90e0875e6c1b10c5ef02d577ee008af4.tar python-bleach-fac84c6d90e0875e6c1b10c5ef02d577ee008af4.tar.gz |
Imported Upstream version 1.2.2upstream/1.2.2
Diffstat (limited to 'bleach/sanitizer.py')
-rw-r--r-- | bleach/sanitizer.py | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/bleach/sanitizer.py b/bleach/sanitizer.py index 677287e..4640012 100644 --- a/bleach/sanitizer.py +++ b/bleach/sanitizer.py @@ -6,6 +6,10 @@ from html5lib.sanitizer import HTMLSanitizerMixin from html5lib.tokenizer import HTMLTokenizer +PROTOS = HTMLSanitizerMixin.acceptable_protocols +PROTOS.remove('feed') + + class BleachSanitizerMixin(HTMLSanitizerMixin): """Mixin to replace sanitize_token() and sanitize_css().""" @@ -108,7 +112,7 @@ class BleachSanitizerMixin(HTMLSanitizerMixin): # TODO: Make sure this does what it's meant to - I *think* it wants to # validate style attribute contents. parts = style.split(';') - gauntlet = re.compile("""^([-/:,#%.'\sa-zA-Z0-9!]|\w-\w|'[\s\w]+'\s*""" + gauntlet = re.compile("""^([-/:,#%.'"\sa-zA-Z0-9!]|\w-\w|'[\s\w]+'\s*""" """|"[\s\w]+"|\([\d,%\.\s]+\))*$""") for part in parts: if not gauntlet.match(part): |