In gluon.sanitizer.XssCleaner:
def handle_endtag(self, tag):
bracketed = '</%s>' % tag
self.in_disallowed.pop()
if tag not in self.permitted_tags:
if (not self.strip_disallowed):
self.result += xssescape(bracketed)
elif tag in self.open_tags:
self.result += bracketed
self.open_tags.remove(tag)
maybe change the third line to:
self.in_disallowed and self.in_disallowed.pop()
Note sure if that will cause any other problems.
Feel free to file a Github issue.
Anthony
On Tuesday, June 14, 2016 at 2:06:28 PM UTC-4, Kirill Shatalaev wrote:
>
> Hello.
>
> XML crashes while trying to sanitize some sorts of incorrect html.
>
> For example:
>
> a = '</em></em>' # wrong html
> b = XML(a, sanitize=True)
>
> <type 'exceptions.IndexError'> pop from empty list
>
> I suppose this is a severe bug.
>
--
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
---
You received this message because you are subscribed to the Google Groups
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
