On Jul 22, 2010, at 10:07 PM, mr.freeze wrote:
> That works. Thanks.
I think perhaps sanitizer could use some work. A bare <a> is harmless enough.
And <a name="something"> ought to be OK.
>
> On Jul 22, 11:23 pm, Jonathan Lundell <jlund...@pobox.com> wrote:
>> On Jul 22, 2010, at 7:41 PM, mr.freeze wrote:
>>
>>> Negative, it sanitizes those too:
>>>>>> XML('<a href="web2py.com">test</a>',sanitize=True,permitted_tags =
>>>>>> ['a']).xml()
>>> 'test'
>>
>> Only absolute URLs are acceptable. Tryhttp://web2py.com.
>>
>>
>>
>>> On Jul 22, 9:38 pm, Jonathan Lundell <jlund...@pobox.com> wrote:
>>>> On Jul 22, 2010, at 7:04 PM, mr.freeze wrote:
>>
>>>>>>>> XML('<b>test</b>',sanitize=True,permitted_tags = ['b']).xml()
>>>>> '<b>test</b>'
>>>>>>>> XML('<a>test</a>',sanitize=True,permitted_tags = ['a']).xml()
>>>>> 'test'
>>
>>>>> Why does the 'a' element get sanitized?
>>
>>>> At first glance, it looks like it might require an attribute from
>>>> allowed_attributes. Does it work if you give it an href or a title?
>>
>>>> Turning off allowed_attributes won't fix it, I think, because of this:
>>
>>>> if bt == '<a' or bt == '<img':
>>>> return
>>
>>>> Seems unfortunate to have those tags hard-coded.
