My favorites | Sign in
Project Home Downloads Wiki Issues Source
New issue   Search
for
  Advanced search   Search tips   Subscriptions
Issue 180: CSS Sanitizer "gauntlet" filters style tags like font-family:"sans-serif"
1 person starred this issue and may be notified of changes. Back to list
Status:  GitHub
Owner:  ----
Closed:  Jun 2013


Sign in to add a comment
 
Reported by bjellem...@gmail.com, Mar 8, 2011
What steps will reproduce the problem?

Pass any html into the sanitizer with an inline style that includes a font-family with a dash (-) such as "sans-serif" and the entire style is stripped. Example html:
<span style='font-size:10.0pt;font-family:"Verdana","sans-serif";color:#1F497D'>Enjoy your day</span>

What is the expected output? What do you see instead?

The style tag should stay, but instead we see:
<span style="">Enjoy your day</span>

Please provide any additional information below.

I've solved this by changing line 197 in sanitizer.py from:
        if not re.match("""^([:,;#%.\sa-zA-Z0-9!]|\w-\w|'[\s\w]+'|"[\s\w]+"|\([\d,\s]+\))*$""", style): return ''
To:
        if not re.match("""^([:,;#%.\sa-zA-Z0-9!]|\w-\w|'[\s\w-]+'|"[\s\w-]+"|\([\d,\s]+\))*$""", style): return ''

Apr 10, 2013
Project Member #1 geoffers
(No comment was entered for this change.)
Labels: Port-Python
Jun 21, 2013
Project Member #2 geoffers
https://github.com/html5lib/html5lib-python/issues/69
Status: GitHub
Sign in to add a comment

Powered by Google Project Hosting