On Jul 22, 2010, at 7:04 PM, mr.freeze wrote:
>>>> XML('<b>test</b>',sanitize=True,permitted_tags = ['b']).xml()
> '<b>test</b>'
>>>> XML('<a>test</a>',sanitize=True,permitted_tags = ['a']).xml()
> 'test'
>
> Why does the 'a' element get sanitized?
At first glance, it looks like it might require an attribute from
allowed_attributes. Does it work if you give it an href or a title?
Turning off allowed_attributes won't fix it, I think, because of this:
if bt == '<a' or bt == '<img':
return
Seems unfortunate to have those tags hard-coded.
