HTML sanitize: allow links

git-svn-id: svn://svn.cy55.de/Zope3/src/cybertools/trunk@3648 fd906abe-77d9-0310-91a1-e0d9ade77398
2009-12-10 09:28:55 +00:00 · 2009-12-10 09:28:55 +00:00 · ffaed6517a
commit ffaed6517a
parent 07ef19a946
2 changed files with 3 additions and 3 deletions
--- a/util/html.py
+++ b/util/html.py
@ -24,10 +24,10 @@ $Id$
 from cybertools.text.lib.BeautifulSoup import BeautifulSoup, Comment
-validTags = ('b br div em font h1 h2 h3 i li ol p pre span strong '
+validTags = ('a b br div em font h1 h2 h3 i li ol p pre span strong '
             'table td tr u ul').split()
-validAttrs = 'class style border cellspacing cellpadding align'.split()
+validAttrs = 'align border cellpadding cellspacing class href style title'.split()
 validStyles = 'font-style font-weight'.split()
 validStyleParts = 'border padding'.split()
--- a/util/html.txt
+++ b/util/html.txt
@ -13,7 +13,7 @@ $Id$
  ... </html>"""
  >>> sanitize(input, validAttrs=['style'])
-  u'\n<p style="font-weight: bold">\n<b>Text</b>\n</p>\n'
+  u'\n<p style="font-weight: bold">\n<a><b>Text</b></a>\n</p>\n'
  >>> sanitize(input, ['p', 'b'], ['class'])
  u'\n<p class="standard">\n<b>Text</b>\n</p>\n'