CommentCleaner letting nasty JS through #1

cjw296 opened this Issue Apr 27, 2011 · 0 comments


None yet

2 participants

from htmllaundry import sanitize
from htmllaundry.cleaners import CommentCleaner
from testfixtures import compare
from unittest import TestCase

def safe_html(text):
    return sanitize(text,CommentCleaner)

class TestSafeHTML(TestCase):
   def test_evil(self):
        # XXX - looks like htmllaundry doesn't sanitize!
            '<strong><a href="javascript:alert(" rel="nofollow" target="_blank">out</a></strong>',
                '<strong hello</strong><a href="javascript:alert("evil")">out</a>')
@wichert wichert was assigned Apr 27, 2011
@wichert wichert closed this in 66fd59a Apr 27, 2011
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment