vassili/seitime-frappe
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 4

[fix] IFrame included in html sanitizer svg elements

Browse source
This commit is contained in:
Nabin Hait 2016-02-24 17:41:59 +05:30
parent 5649950dd2
commit a84dfdb29c
1 changed files with 1 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
frappe/utils/__init__.py
View file

@ -412,7 +412,7 @@ def sanitize_html(html):
# retuns html with escaped tags, escaped orphan >, <, etc.
escaped_html = bleach.clean(html,
tags=HTMLSanitizer.acceptable_elements + HTMLSanitizer.svg_elements,
tags=HTMLSanitizer.acceptable_elements + HTMLSanitizer.svg_elements + ["iframe"],
attributes={"*": HTMLSanitizer.acceptable_attributes, "svg": HTMLSanitizer.svg_attributes},
styles=bleach_whitelist.all_styles,
strip_comments=False)