Fix html5lib#189: fix the sanitizer to allow relative URLs again.

We regressed this when we added support for data URLs. Oops.
Sid532001 · Jul 7, 2015 · c0a6375 · c0a6375
1 parent 9e91591
commit c0a6375
Show file tree

Hide file tree

Showing 3 changed files with 14 additions and 1 deletion.
diff --git a/CHANGES.rst b/CHANGES.rst
@@ -1,6 +1,15 @@
 Change Log
 ----------
 
+0.999999/1.0b7
+~~~~~~~~~~~~~~
+
+Released on July 7, 2015
+
+* Fix #189: fix the sanitizer to allow relative URLs again (as it did
+ prior to 0.9999/1.0b5).
+
+
 0.99999/1.0b6
 ~~~~~~~~~~~~~
 

diff --git a/html5lib/sanitizer.py b/html5lib/sanitizer.py
@@ -208,7 +208,7 @@ def allowed_token(self, token, token_type):
  # remove replacement characters from unescaped characters
  val_unescaped = val_unescaped.replace("\ufffd", "")
  uri = urlparse.urlparse(val_unescaped)
- if uri:
+ if uri and uri.scheme:
  if uri.scheme not in self.allowed_protocols:
  del attrs[attr]
  if uri.scheme == 'data':

diff --git a/html5lib/tests/test_sanitizer.py b/html5lib/tests/test_sanitizer.py
@@ -40,6 +40,10 @@ def test_should_handle_astral_plane_characters():
  assert '<html:p xmlns:html="http:https://www.w3.org/1999/xhtml">\U0001d4b5 \U0001d538</html:p>' == sanitize_html("<p>&#x1d4b5; &#x1d538;</p>")
 
 
+def test_should_allow_relative_uris():
+ assert '<html:p xmlns:html="http:https://www.w3.org/1999/xhtml"><html:a href="/example.com" /></html:p>' == sanitize_html('<p><a href="/example.com"></a></p>')
+
+
 def test_sanitizer():
  toxml = toxmlFactory()
  for tag_name in sanitizer.HTMLSanitizer.allowed_elements: