Skip to content
This repository

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP

CommentCleaner letting nasty JS through #1

Closed
cjw296 opened this Issue April 27, 2011 · 0 comments

2 participants

Chris Withers Wichert Akkerman
Chris Withers
from htmllaundry import sanitize
from htmllaundry.cleaners import CommentCleaner
from testfixtures import compare
from unittest import TestCase

def safe_html(text):
    return sanitize(text,CommentCleaner)

class TestSafeHTML(TestCase):
   def test_evil(self):
        # XXX - looks like htmllaundry doesn't sanitize!
        compare(
            '<strong><a href="javascript:alert(" rel="nofollow" target="_blank">out</a></strong>',
            safe_html(
                '<strong hello</strong><a href="javascript:alert("evil")">out</a>')
            )
Wichert Akkerman wichert closed this in 66fd59a April 27, 2011
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.