Fix html5lib#188: the sanitizer should sanitize given a bogus data URL.

gsnedders · gsnedders · commit 70fe97b2cdff · 2015-04-30T16:30:44.000+01:00
diff --git a/CHANGES.rst b/CHANGES.rst
@@ -1,6 +1,15 @@
 Change Log
 ----------
 
+0.9999.1/1.0b5.1
+~~~~~~~~~~~~~~~~
+
+Released on April 30, 2015
+
+* Fix #188: fix the sanitizer to not throw an exception when sanitizing
+  bogus data URLs.
+
+
 0.9999/1.0b5
 ~~~~~~~~~~~~
 
diff --git a/html5lib/sanitizer.py b/html5lib/sanitizer.py
@@ -215,7 +215,7 @@ def allowed_token(self, token, token_type):
                         m = content_type_rgx.match(uri.path)
                         if not m:
                             del attrs[attr]
-                        if m.group('content_type') not in self.allowed_content_types:
+                        elif m.group('content_type') not in self.allowed_content_types:
                             del attrs[attr]
 
             for attr in self.svg_attr_val_allows_ref:
diff --git a/html5lib/tests/test_sanitizer.py b/html5lib/tests/test_sanitizer.py
@@ -104,6 +104,16 @@ def test_sanitizer():
                """<img src="%s:%s">foo</a>""" % (protocol, rest_of_uri),
                toxml)
 
+    yield (runSanitizerTest, "test_invalid_data_uri",
+           "<audio controls=\"\"></audio>",
+           "<audio controls=\"\" src=\"data:foobar\"></audio>",
+           toxml)
+
+    yield (runSanitizerTest, "test_data_uri_disallowed_type",
+           "<audio controls=\"\"></audio>",
+           "<audio controls=\"\" src=\"data:text/html,<html>\"></audio>",
+           toxml)
+
     for protocol in sanitizer.HTMLSanitizer.allowed_protocols:
         rest_of_uri = '//sub.domain.tld/path/object.ext'
         if protocol == 'data':
