On Jul 22, 2010, at 7:41 PM, mr.freeze wrote: > Negative, it sanitizes those too: >>>> XML('<a href="web2py.com">test</a>',sanitize=True,permitted_tags = >>>> ['a']).xml() > 'test'
Only absolute URLs are acceptable. Try http://web2py.com. > > On Jul 22, 9:38 pm, Jonathan Lundell <jlund...@pobox.com> wrote: >> On Jul 22, 2010, at 7:04 PM, mr.freeze wrote: >> >>>>>> XML('<b>test</b>',sanitize=True,permitted_tags = ['b']).xml() >>> '<b>test</b>' >>>>>> XML('<a>test</a>',sanitize=True,permitted_tags = ['a']).xml() >>> 'test' >> >>> Why does the 'a' element get sanitized? >> >> At first glance, it looks like it might require an attribute from >> allowed_attributes. Does it work if you give it an href or a title? >> >> Turning off allowed_attributes won't fix it, I think, because of this: >> >> if bt == '<a' or bt == '<img': >> return >> >> Seems unfortunate to have those tags hard-coded.