Whitelist svg attribute 'stroke-opacity'
This commit is contained in:
Sam Ruby
parent
f8cdb907a8
commit
9d97a03d33
@ -11,8 +11,8 @@ Recommended: Python 2.3 or later
|
|||||||
Recommended: CJKCodecs and iconv_codec <http://cjkpython.i18n.org/>
|
Recommended: CJKCodecs and iconv_codec <http://cjkpython.i18n.org/>
|
||||||
"""
|
"""
|
||||||
|
|
||||||
__version__ = "4.2-pre-" + "$Revision: 1.150 $"[11:16] + "-cvs"
|
__version__ = "4.2-pre-" + "$Revision: 260 $"[11:14] + "-svn"
|
||||||
__license__ = """Copyright (c) 2002-2006, Mark Pilgrim, All rights reserved.
|
__license__ = """Copyright (c) 2002-2007, Mark Pilgrim, All rights reserved.
|
||||||
|
|
||||||
Redistribution and use in source and binary forms, with or without modification,
|
Redistribution and use in source and binary forms, with or without modification,
|
||||||
are permitted provided that the following conditions are met:
|
are permitted provided that the following conditions are met:
|
||||||
@ -39,7 +39,8 @@ __contributors__ = ["Jason Diamond <http://injektilo.org/>",
|
|||||||
"John Beimler <http://john.beimler.org/>",
|
"John Beimler <http://john.beimler.org/>",
|
||||||
"Fazal Majid <http://www.majid.info/mylos/weblog/>",
|
"Fazal Majid <http://www.majid.info/mylos/weblog/>",
|
||||||
"Aaron Swartz <http://aaronsw.com/>",
|
"Aaron Swartz <http://aaronsw.com/>",
|
||||||
"Kevin Marks <http://epeus.blogspot.com/>"]
|
"Kevin Marks <http://epeus.blogspot.com/>",
|
||||||
|
"Sam Ruby <http://intertwingly.net/>"]
|
||||||
_debug = 0
|
_debug = 0
|
||||||
|
|
||||||
# HTTP "User-Agent" header to send to servers when downloading feeds.
|
# HTTP "User-Agent" header to send to servers when downloading feeds.
|
||||||
@ -2250,27 +2251,41 @@ def _resolveRelativeURIs(htmlSource, baseURI, encoding, type):
|
|||||||
return p.output()
|
return p.output()
|
||||||
|
|
||||||
class _HTMLSanitizer(_BaseHTMLProcessor):
|
class _HTMLSanitizer(_BaseHTMLProcessor):
|
||||||
acceptable_elements = ['a', 'abbr', 'acronym', 'address', 'area', 'b',
|
acceptable_elements = ['a', 'abbr', 'acronym', 'address', 'area', 'article',
|
||||||
'big', 'blockquote', 'br', 'button', 'caption', 'center', 'cite',
|
'aside', 'audio', 'b', 'big', 'blockquote', 'br', 'button', 'canvas',
|
||||||
'code', 'col', 'colgroup', 'dd', 'del', 'dfn', 'dir', 'div', 'dl', 'dt',
|
'caption', 'center', 'cite', 'code', 'col', 'colgroup', 'command',
|
||||||
'em', 'fieldset', 'font', 'form', 'h1', 'h2', 'h3', 'h4', 'h5', 'h6',
|
'datagrid', 'datalist', 'dd', 'del', 'details', 'dfn', 'dialog', 'dir',
|
||||||
'hr', 'i', 'img', 'input', 'ins', 'kbd', 'label', 'legend', 'li', 'map',
|
'div', 'dl', 'dt', 'em', 'event-source', 'fieldset', 'figure', 'footer',
|
||||||
'menu', 'ol', 'optgroup', 'option', 'p', 'pre', 'q', 's', 'samp',
|
'font', 'form', 'header', 'h1', 'h2', 'h3', 'h4', 'h5', 'h6', 'hr', 'i',
|
||||||
'select', 'small', 'span', 'strike', 'strong', 'sub', 'sup', 'table',
|
'img', 'input', 'ins', 'keygen', 'kbd', 'label', 'legend', 'li', 'm', 'map',
|
||||||
'tbody', 'td', 'textarea', 'tfoot', 'th', 'thead', 'tr', 'tt', 'u',
|
'menu', 'meter', 'multicol', 'nav', 'nextid', 'ol', 'output', 'optgroup',
|
||||||
'ul', 'var']
|
'option', 'p', 'pre', 'progress', 'q', 's', 'samp', 'section', 'select',
|
||||||
|
'small', 'sound', 'source', 'spacer', 'span', 'strike', 'strong', 'sub',
|
||||||
|
'sup', 'table', 'tbody', 'td', 'textarea', 'time', 'tfoot', 'th', 'thead',
|
||||||
|
'tr', 'tt', 'u', 'ul', 'var', 'video', 'noscript']
|
||||||
|
|
||||||
acceptable_attributes = ['abbr', 'accept', 'accept-charset', 'accesskey',
|
acceptable_attributes = ['abbr', 'accept', 'accept-charset', 'accesskey',
|
||||||
'action', 'align', 'alt', 'axis', 'border', 'cellpadding',
|
'action', 'align', 'alt', 'autoplay', 'autocomplete', 'autofocus', 'axis',
|
||||||
'cellspacing', 'char', 'charoff', 'charset', 'checked', 'cite', 'class',
|
'background', 'balance', 'bgcolor', 'bgproperties', 'border',
|
||||||
'clear', 'cols', 'colspan', 'color', 'compact', 'coords', 'datetime',
|
'bordercolor', 'bordercolordark', 'bordercolorlight', 'bottompadding',
|
||||||
'dir', 'disabled', 'enctype', 'for', 'frame', 'headers', 'height',
|
'cellpadding', 'cellspacing', 'ch', 'challenge', 'char', 'charoff',
|
||||||
'href', 'hreflang', 'hspace', 'id', 'ismap', 'label', 'lang',
|
'choff', 'charset', 'checked', 'cite', 'class', 'clear', 'color', 'cols',
|
||||||
'longdesc', 'maxlength', 'media', 'method', 'multiple', 'name',
|
'colspan', 'compact', 'contenteditable', 'coords', 'data', 'datafld',
|
||||||
'nohref', 'noshade', 'nowrap', 'prompt', 'readonly', 'rel', 'rev',
|
'datapagesize', 'datasrc', 'datetime', 'default', 'delay', 'dir',
|
||||||
'rows', 'rowspan', 'rules', 'scope', 'selected', 'shape', 'size',
|
'disabled', 'draggable', 'dynsrc', 'enctype', 'end', 'face', 'for',
|
||||||
'span', 'src', 'start', 'summary', 'tabindex', 'target', 'title',
|
'form', 'frame', 'galleryimg', 'gutter', 'headers', 'height', 'hidefocus',
|
||||||
'type', 'usemap', 'valign', 'value', 'vspace', 'width', 'xml:lang']
|
'hidden', 'high', 'href', 'hreflang', 'hspace', 'icon', 'id', 'inputmode',
|
||||||
|
'ismap', 'keytype', 'label', 'leftspacing', 'lang', 'list', 'longdesc',
|
||||||
|
'loop', 'loopcount', 'loopend', 'loopstart', 'low', 'lowsrc', 'max',
|
||||||
|
'maxlength', 'media', 'method', 'min', 'multiple', 'name', 'nohref',
|
||||||
|
'noshade', 'nowrap', 'open', 'optimum', 'pattern', 'ping', 'point-size',
|
||||||
|
'prompt', 'pqg', 'radiogroup', 'readonly', 'rel', 'repeat-max',
|
||||||
|
'repeat-min', 'replace', 'required', 'rev', 'rightspacing', 'rows',
|
||||||
|
'rowspan', 'rules', 'scope', 'selected', 'shape', 'size', 'span', 'src',
|
||||||
|
'start', 'step', 'summary', 'suppress', 'tabindex', 'target', 'template',
|
||||||
|
'title', 'toppadding', 'type', 'unselectable', 'usemap', 'urn', 'valign',
|
||||||
|
'value', 'variable', 'volume', 'vspace', 'vrml', 'width', 'wrap',
|
||||||
|
'xml:lang']
|
||||||
|
|
||||||
unacceptable_elements_with_end_tag = ['script', 'applet']
|
unacceptable_elements_with_end_tag = ['script', 'applet']
|
||||||
|
|
||||||
@ -2339,8 +2354,8 @@ class _HTMLSanitizer(_BaseHTMLProcessor):
|
|||||||
'stop-color', 'stop-opacity', 'strikethrough-position',
|
'stop-color', 'stop-opacity', 'strikethrough-position',
|
||||||
'strikethrough-thickness', 'stroke', 'stroke-dasharray',
|
'strikethrough-thickness', 'stroke', 'stroke-dasharray',
|
||||||
'stroke-dashoffset', 'stroke-linecap', 'stroke-linejoin',
|
'stroke-dashoffset', 'stroke-linecap', 'stroke-linejoin',
|
||||||
'stroke-miterlimit', 'stroke-width', 'systemLanguage', 'target',
|
'stroke-miterlimit', 'stroke-opacity', 'stroke-width', 'systemLanguage',
|
||||||
'text-anchor', 'to', 'transform', 'type', 'u1', 'u2',
|
'target', 'text-anchor', 'to', 'transform', 'type', 'u1', 'u2',
|
||||||
'underline-position', 'underline-thickness', 'unicode',
|
'underline-position', 'underline-thickness', 'unicode',
|
||||||
'unicode-range', 'units-per-em', 'values', 'version', 'viewBox',
|
'unicode-range', 'units-per-em', 'values', 'version', 'viewBox',
|
||||||
'visibility', 'width', 'widths', 'x', 'x-height', 'x1', 'x2',
|
'visibility', 'width', 'widths', 'x', 'x-height', 'x1', 'x2',
|
||||||
@ -3785,4 +3800,3 @@ if __name__ == '__main__':
|
|||||||
# currently supports rel-tag (maps to 'tags'), rel-enclosure (maps to
|
# currently supports rel-tag (maps to 'tags'), rel-enclosure (maps to
|
||||||
# 'enclosures'), XFN links within content elements (maps to 'xfn'),
|
# 'enclosures'), XFN links within content elements (maps to 'xfn'),
|
||||||
# and hCard (parses as vCard); bug [ 1481975 ] Misencoded utf-8/win-1252
|
# and hCard (parses as vCard); bug [ 1481975 ] Misencoded utf-8/win-1252
|
||||||
|
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user