diff --git a/AUTHORS.rst b/AUTHORS.rst index c3820ef7..3097c725 100644 --- a/AUTHORS.rst +++ b/AUTHORS.rst @@ -42,3 +42,4 @@ Patches and suggestions - Michael[tm] Smith - Marc Abramowitz - Jon Dufresne +- Komal Dembla diff --git a/CHANGES.rst b/CHANGES.rst index 570c9605..93a5d221 100644 --- a/CHANGES.rst +++ b/CHANGES.rst @@ -1,6 +1,15 @@ Change Log ---------- +0.999999999/1.0b11 +~~~~~~~~~~~~~~~~~~ + +Released on XXX + +* Adds uppercase check (A-F) in the css regex to allow sanitizer to pass css + of the format: border: 1px solid #A2A2A2. + + 0.999999999/1.0b10 ~~~~~~~~~~~~~~~~~~ diff --git a/html5lib/filters/sanitizer.py b/html5lib/filters/sanitizer.py index b5ddcb93..9e3c1441 100644 --- a/html5lib/filters/sanitizer.py +++ b/html5lib/filters/sanitizer.py @@ -855,7 +855,7 @@ def sanitize_css(self, style): 'padding']: for keyword in value.split(): if keyword not in self.allowed_css_keywords and \ - not re.match("^(#[0-9a-f]+|rgb$\d+%?,\d*%?,?\d*%?$?|\d{0,2}\.?\d{0,2}(cm|em|ex|in|mm|pc|pt|px|%|,|\))?)$", keyword): # noqa + not re.match("^(#[0-9a-fA-F]+|rgb$\d+%?,\d*%?,?\d*%?$?|\d{0,2}\.?\d{0,2}(cm|em|ex|in|mm|pc|pt|px|%|,|\))?)$", keyword): # noqa break else: clean.append(prop + ': ' + value + ';') diff --git a/html5lib/tests/test_sanitizer.py b/html5lib/tests/test_sanitizer.py index e19deea8..ff86cf6c 100644 --- a/html5lib/tests/test_sanitizer.py +++ b/html5lib/tests/test_sanitizer.py @@ -113,3 +113,9 @@ def test_sanitizer(): yield (runSanitizerTest, "test_should_allow_uppercase_%s_uris" % protocol, "

foo" % (protocol, rest_of_uri), """

foo""" % (protocol, rest_of_uri)) + + +def test_should_handle_uppercase_color_codes_in_style(): + sanitized = sanitize_html("

") + expected = '

' + assert expected == sanitized pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.

Alternative Proxies: