Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Appearance settings

Commit a5efb0e

Browse filesBrowse files
gsneddersgsnedders
committed
Fix #153: Sanitizer fails to treat some attributes as URLs
Despite how this sounds, this has no known security implications. No known version of IE (5.5 to current), Firefox (3 to current), Safari (6 to current), Chrome (1 to current), or Opera (12 to current) will run any script provided in these attributes.
1 parent e3bedc5 commit a5efb0e
Copy full SHA for a5efb0e

File tree

1 file changed

+2
-2
lines changed
Filter options

1 file changed

+2
-2
lines changed

‎html5lib/sanitizer.py

Copy file name to clipboardExpand all lines: html5lib/sanitizer.py
+2-2Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -115,8 +115,8 @@ class HTMLSanitizerMixin(object):
115115
'xml:base', 'xml:lang', 'xml:space', 'xmlns', 'xmlns:xlink', 'y',
116116
'y1', 'y2', 'zoomAndPan']
117117

118-
attr_val_is_uri = ['href', 'src', 'cite', 'action', 'longdesc', 'poster',
119-
'xlink:href', 'xml:base']
118+
attr_val_is_uri = ['href', 'src', 'cite', 'action', 'longdesc', 'poster', 'background', 'datasrc',
119+
'dynsrc', 'lowsrc', 'ping', 'poster', 'xlink:href', 'xml:base']
120120

121121
svg_attr_val_allows_ref = ['clip-path', 'color-profile', 'cursor', 'fill',
122122
'filter', 'marker', 'marker-start', 'marker-mid', 'marker-end',

0 commit comments

Comments
0 (0)
Morty Proxy This is a proxified and sanitized view of the page, visit original site.