Anand Doshi
9 年前
共有 1 个文件被更改,包括 16 次插入 和 7 次删除
合并视图
Diff 选项
-
+16 -7frappe/utils/__init__.py
+ 16
- 7
frappe/utils/__init__.py
查看文件
| @@ -436,18 +436,27 @@ def sanitize_html(html, linkify=False): | |||||
| elif is_json(html): | elif is_json(html): | ||||
| return html | return html | ||||
| whitelisted_tags = (HTMLSanitizer.acceptable_elements + HTMLSanitizer.svg_elements | |||||
| tags = (HTMLSanitizer.acceptable_elements + HTMLSanitizer.svg_elements | |||||
| + ["html", "head", "meta", "link", "body", "iframe", "style", "o:p"]) | + ["html", "head", "meta", "link", "body", "iframe", "style", "o:p"]) | ||||
| attributes = {"*": HTMLSanitizer.acceptable_attributes, "svg": HTMLSanitizer.svg_attributes} | |||||
| styles = bleach_whitelist.all_styles | |||||
| protocols = ['http', 'https', 'mailto'] | |||||
| strip_comments = False | |||||
| # retuns html with escaped tags, escaped orphan >, <, etc. | # retuns html with escaped tags, escaped orphan >, <, etc. | ||||
| escaped_html = bleach.clean(html, | |||||
| tags=whitelisted_tags, | |||||
| attributes={"*": HTMLSanitizer.acceptable_attributes, "svg": HTMLSanitizer.svg_attributes}, | |||||
| styles=bleach_whitelist.all_styles, | |||||
| strip_comments=False) | |||||
| escaped_html = bleach.clean(html, tags=tags, attributes=attributes, styles=styles, strip_comments=strip_comments) | |||||
| if linkify: | if linkify: | ||||
| escaped_html = bleach.linkify(escaped_html) | |||||
| # based on bleach.clean | |||||
| class s(bleach.BleachSanitizer): | |||||
| allowed_elements = tags | |||||
| allowed_attributes = attributes | |||||
| allowed_css_properties = styles | |||||
| allowed_protocols = protocols | |||||
| strip_disallowed_elements = False | |||||
| strip_html_comments = strip_comments | |||||
| escaped_html = bleach.linkify(escaped_html, tokenizer=s) | |||||
| return escaped_html | return escaped_html | ||||