Opened 16 years ago
Closed 16 years ago
#274 closed defect (fixed)
HTMLSanitizer.is_safe_uri() fails for relative URIs containing a ':'
| Reported by: | Remy Blank <remy.blank@…> | Owned by: | cmlenz |
|---|---|---|---|
| Priority: | major | Milestone: | 0.6 |
| Component: | General | Version: | 0.5.1 |
| Keywords: | Cc: |
Description
The method HTMLSanitizer.is_safe_uri() returns False for relative URIs like the following:
#fragment:with:colon
Note that RFC-3986 explicitly allows ':' in fragments.
The current implementation splits the URI at the first ':' and checks the first part against a list of safe schemes. This is insufficient.
A fix might be to check the part of the URI prior to the first ':' against the specification for a scheme:
scheme = ALPHA *( ALPHA / DIGIT / "+" / "-" / "." )
If it doesn't fit, the URI can be considered as being relative.
This issue has been reported in Trac ticket #T7530.
Change History (1)
comment:1 Changed 16 years ago by cmlenz
- Resolution set to fixed
- Status changed from new to closed
Note: See
TracTickets for help on using
tickets.
Should be fixed in [1046].