From 8bf6e2227cc2641f16a6c1410c51a529bf84e4b9 Mon Sep 17 00:00:00 2001 From: Dmitry Agafonov Date: Mon, 19 May 2014 15:10:32 +0400 Subject: [PATCH 1/2] tel: protocol --- html5lib/sanitizer.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/html5lib/sanitizer.py b/html5lib/sanitizer.py index 469d9b40..f05fb2b9 100644 --- a/html5lib/sanitizer.py +++ b/html5lib/sanitizer.py @@ -138,7 +138,7 @@ class HTMLSanitizerMixin(object): acceptable_protocols = ['ed2k', 'ftp', 'http', 'https', 'irc', 'mailto', 'news', 'gopher', 'nntp', 'telnet', 'webcal', 'xmpp', 'callto', 'feed', 'urn', 'aim', 'rsync', 'tag', - 'ssh', 'sftp', 'rtsp', 'afs'] + 'ssh', 'sftp', 'rtsp', 'afs', 'tel'] # subclasses may define their own versions of these constants allowed_elements = acceptable_elements + mathml_elements + svg_elements From a970689bc1d5535366431cacdefd6439483d2e4a Mon Sep 17 00:00:00 2001 From: Dmitry Agafonov Date: Mon, 19 May 2014 15:11:23 +0400 Subject: [PATCH 2/2] data- attributes --- html5lib/sanitizer.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/html5lib/sanitizer.py b/html5lib/sanitizer.py index f05fb2b9..c84c43c5 100644 --- a/html5lib/sanitizer.py +++ b/html5lib/sanitizer.py @@ -181,7 +181,7 @@ def allowed_token(self, token, token_type): if "data" in token: attrs = dict([(name, val) for name, val in token["data"][::-1] - if name in self.allowed_attributes]) + if name in self.allowed_attributes or name.startswith('data-')]) for attr in self.attr_val_is_uri: if attr not in attrs: continue