Skip to first unread message
Kirill Shatalaev
Jun 14, 2016, 2:06:28 PM6/14/16
to web2py-users
Hello.
XML crashes while trying to sanitize some sorts of incorrect html.
For example:
a = '</em></em>' # wrong html
b = XML(a, sanitize=True)
<type 'exceptions.IndexError'> pop from empty list
I suppose this is a severe bug.
Anthony
Jun 14, 2016, 2:25:05 PM6/14/16
to web2py-users, web2py-developers
In gluon.sanitizer.XssCleaner:
maybe change the third line to:
Feel free to file a Github issue.
Anthony
def handle_endtag(self, tag):
bracketed = '</%s>' % tag
self.in_disallowed.pop()
if tag not in self.permitted_tags:
if (not self.strip_disallowed):
self.result += xssescape(bracketed)
elif tag in self.open_tags:
self.result += bracketed
self.open_tags.remove(tag)maybe change the third line to:
self.in_disallowed and self.in_disallowed.pop()
Feel free to file a Github issue.
Anthony
Kirill Shatalaev
Jun 15, 2016, 3:29:53 AM6/15/16
to web2py-users, web2py-d...@googlegroups.com
Opened #1363
вторник, 14 июня 2016 г., 22:25:05 UTC+4 пользователь Anthony написал:
вторник, 14 июня 2016 г., 22:25:05 UTC+4 пользователь Anthony написал:
Massimo Di Pierro
Jun 18, 2016, 9:06:17 AM6/18/16
to web2py-users, web2py-d...@googlegroups.com
thanks for reporting this.
Reply all
Reply to author
Forward
0 new messages