Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

Merge pull request #960 from lmorchard/800548-strip-html-comments

fix bug 801046: Strip HTML comments from rendered wiki content
  • Loading branch information...
commit 5c361db6c53d61dfc44d9efc4ae45fbbd97f5eb7 2 parents da61c71 + ddd0512
@groovecoder groovecoder authored
Showing with 16 additions and 2 deletions.
  1. +1 −2  apps/wiki/models.py
  2. +15 −0 apps/wiki/tests/test_content.py
View
3  apps/wiki/models.py
@@ -374,8 +374,7 @@ def clean_content(self, content_in, use_constance_bleach_whitelists=False):
styles = ALLOWED_STYLES
out = bleach.clean(out, attributes=attributes, tags=tags,
- styles=styles, strip_comments=False,
- skip_gauntlet=True)
+ styles=styles, skip_gauntlet=True)
return out
def get_by_natural_key(self, locale, slug):
View
15 apps/wiki/tests/test_content.py
@@ -777,6 +777,21 @@ def test_allowed_attributes(self):
eq_(html_str, bleach.clean(html_str, attributes=ALLOWED_ATTRIBUTES,
tags=ALLOWED_TAGS))
+ def test_stripped_ie_comment(self):
+ """bug 801046: strip IE conditional comments"""
+ content = """
+ <p>Hi there.</p>
+ <!--[if]><script>alert(1)</script -->
+ <!--[if<img src=x onerror=alert(2)//]> -->
+ <p>Goodbye</p>
+ """
+ expected = """
+ <p>Hi there.</p>
+ <p>Goodbye</p>
+ """
+ result = Document.objects.clean_content(content)
+ eq_(normalize_html(expected), normalize_html(result))
+
class GetSEODescriptionTests(TestCase):
Please sign in to comment.
Something went wrong with that request. Please try again.