Sanitizer: Allow <summary> (#423)

twm · ambv · web-flow · commit ff7fa3721e10 · 2023-03-01T22:55:52.000+01:00
Add tests that the sanitizer allows &lt;details open&gt; and &lt;summary&gt; and
update the implementation to allow &lt;summary&gt;.

Co-authored-by: Łukasz Langa &lt;lukasz@langa.pl&gt;
diff --git a/CHANGES.rst b/CHANGES.rst
@@ -1,6 +1,13 @@
 Change Log
 ----------
 
+1.2
+~~~
+
+Bug fixes:
+
+* The sanitizer now permits ``<summary>`` tags.
+
 1.1
 ~~~
 
@@ -22,7 +29,6 @@ Other changes:
   ``html5lib`` keeps working in future Python versions. (#403)
 * Drop optional ``datrie`` dependency. (#442)
 
-
 1.0.1
 ~~~~~
 
diff --git a/html5lib/filters/sanitizer.py b/html5lib/filters/sanitizer.py
@@ -113,6 +113,7 @@
     (namespaces['html'], 'strike'),
     (namespaces['html'], 'strong'),
     (namespaces['html'], 'sub'),
+    (namespaces['html'], 'summary'),
     (namespaces['html'], 'sup'),
     (namespaces['html'], 'table'),
     (namespaces['html'], 'tbody'),
diff --git a/html5lib/tests/test_sanitizer.py b/html5lib/tests/test_sanitizer.py
@@ -111,6 +111,18 @@ def param_sanitizer():
                """<img src="%s:%s">foo</a>""" % (protocol, rest_of_uri))
 
 
+def test_details_open_allowed():
+    sanitized = sanitize_html("<details open>.</details>")
+    expected = '<details open>.</details>'
+    assert expected == sanitized
+
+
+def test_details_summary_allowed():
+    sanitized = sanitize_html("<details><summary>.</summary><p>...</p></details>")
+    expected = '<details><summary>.</summary><p>...</p></details>'
+    assert expected == sanitized
+
+
 @pytest.mark.parametrize("expected, input",
                          (pytest.param(expected, input, id=id)
                           for id, expected, input in param_sanitizer()))
