In gluon.sanitizer.XssCleaner:
def handle_endtag(self, tag):
bracketed = '</%s>' % tag
self.in_disallowed.pop()
if tag not in self.permitted_tags:
if (not self.strip_disallowed):
self.result += xssescape(bracketed)
elif tag in self.open_tags:
self.result += bracketed
self.open_tags.remove(tag)
maybe change the third line to:
self.in_disallowed and self.in_disallowed.pop()
Note sure if that will cause any other problems.
Feel free to file a Github issue.
Anthony
On Tuesday, June 14, 2016 at 2:06:28 PM UTC-4, Kirill Shatalaev wrote:
Hello.
XML crashes while trying to sanitize some sorts of incorrect html.
For example:
a = '</em></em>' # wrong html
b = XML(a, sanitize=True)
<type 'exceptions.IndexError'> pop from empty list
I suppose this is a severe bug.