allura-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From brond...@apache.org
Subject [10/12] allura git commit: Ignore only checkboxes from sanitization
Date Thu, 13 Sep 2018 19:24:14 GMT
Ignore only checkboxes from sanitization


Project: http://git-wip-us.apache.org/repos/asf/allura/repo
Commit: http://git-wip-us.apache.org/repos/asf/allura/commit/b01d26d6
Tree: http://git-wip-us.apache.org/repos/asf/allura/tree/b01d26d6
Diff: http://git-wip-us.apache.org/repos/asf/allura/diff/b01d26d6

Branch: refs/heads/master
Commit: b01d26d67dcf86745b484b56544565bc025b7124
Parents: 4d5a6c6
Author: Shalitha <shalithasuranga@gmail.com>
Authored: Mon Sep 10 22:36:31 2018 +0530
Committer: Dave Brondsema <dbrondsema@slashdotmedia.com>
Committed: Thu Sep 13 19:18:27 2018 +0000

----------------------------------------------------------------------
 Allura/allura/lib/utils.py | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/allura/blob/b01d26d6/Allura/allura/lib/utils.py
----------------------------------------------------------------------
diff --git a/Allura/allura/lib/utils.py b/Allura/allura/lib/utils.py
index cc413b8..020720d 100644
--- a/Allura/allura/lib/utils.py
+++ b/Allura/allura/lib/utils.py
@@ -577,7 +577,7 @@ class ForgeHTMLSanitizerFilter(html5lib.filters.sanitizer.Filter):
                           (ns_html, 'datalist'),
                           (ns_html, 'fieldset'),
                           (ns_html, 'form'),
-                          #(ns_html, 'input'),
+                          (ns_html, 'input'),
                           (ns_html, 'label'),
                           (ns_html, 'legend'),
                           (ns_html, 'meter'),
@@ -606,6 +606,9 @@ class ForgeHTMLSanitizerFilter(html5lib.filters.sanitizer.Filter):
         self.allowed_elements.discard(iframe_el)
         ok_opening_iframe = False
 
+        input_el = (html5lib.constants.namespaces['html'], 'input')
+        self.allowed_elements.discard(input_el)
+
         if token.get('name') == 'iframe':
             attrs = token.get('data') or {}
             if attrs.get((None, 'src'), '').startswith(self.valid_iframe_srcs):
@@ -615,6 +618,12 @@ class ForgeHTMLSanitizerFilter(html5lib.filters.sanitizer.Filter):
                 self.allowed_elements.add(iframe_el)
 
         self._prev_token_was_ok_iframe = ok_opening_iframe
+
+        if token.get('name') == 'input':
+            attrs = token.get('data') or {}
+            if attrs.get((None, 'type'), '') == "checkbox":
+                self.allowed_elements.add(input_el)
+
         return super(ForgeHTMLSanitizerFilter, self).sanitize_token(token)
 
 


Mime
View raw message