Skip to content

CommentCleaner letting nasty JS through #1

Closed
cjw296 opened this Issue Apr 27, 2011 · 0 comments

2 participants

@cjw296
cjw296 commented Apr 27, 2011
from htmllaundry import sanitize
from htmllaundry.cleaners import CommentCleaner
from testfixtures import compare
from unittest import TestCase

def safe_html(text):
    return sanitize(text,CommentCleaner)

class TestSafeHTML(TestCase):
   def test_evil(self):
        # XXX - looks like htmllaundry doesn't sanitize!
        compare(
            '<strong><a href="javascript:alert(" rel="nofollow" target="_blank">out</a></strong>',
            safe_html(
                '<strong hello</strong><a href="javascript:alert("evil")">out</a>')
            )
@wichert wichert was assigned Apr 27, 2011
@wichert wichert closed this in 66fd59a Apr 27, 2011
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.