Move the sanitizer to purely be a filter.#110
Conversation
|
Critic review: https://critic.hoppipolla.co.uk/r/287 This is an external review system which you may optionally use for the code review of your pull request. |
gsnedders
force-pushed
the
sanitizer-fixes-72
branch
from
0fd13c6 to
80a1425
Compare
gsnedders
force-pushed
the
sanitizer-fixes-72
branch
from
80a1425 to
28bf43b
Compare
gsnedders
force-pushed
the
sanitizer-fixes-72
branch
from
28bf43b to
28fb733
Compare
|
|
|
I think when squashed this is now ready to land. |
|
|
As we no longer need the sanitizer to be shared between a filter and a tokenizer, move the entire sanitizer to the filter module.
This is imported into this repo as its expectations are very much implementation dependent, with expectations amended to match our actual behaviour.
gsnedders
force-pushed
the
sanitizer-fixes-72
branch
from
f582c58 to
57dfcae
Compare
|
|
| # Remove attributes with disallowed URL values | ||
| for attr in (attr_names & self.attr_val_is_uri): | ||
| assert attr in attrs | ||
| # I don't have a clue where this regexp comes from or why it matches those |
There was a problem hiding this comment.
It looks like this regex is trying to remove:
` Literal backtic...
\x00-\x20 Ascii table characters starting at NULL up to and including Space -- Mostly non-printable characters...
\x7f-\xa0 Bytes with values 127 (DELETE) -> 160. More non-printable characters...
\s Whitespace
I don't know why it would be doing these things ...
There was a problem hiding this comment.
My assumption is it's something to do with legacy attribute parsing in old UAs, for whom such characters can alter parsing.
This should be unneeded since the sanitizer changes (html5lib#110)
This should be unneeded since the sanitizer changes (html5lib#110)
4 participants
This drops support for the tokenizing side of thing, which is sadly the only side that works in previous releases. Fixes #72. See all discussion there.