From a84dfdb29c03f7e3e23445f4cec8a50ff2ffda57 Mon Sep 17 00:00:00 2001 From: Nabin Hait Date: Wed, 24 Feb 2016 17:41:59 +0530 Subject: [PATCH] [fix] IFrame included in html sanitizer svg elements --- frappe/utils/__init__.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/frappe/utils/__init__.py b/frappe/utils/__init__.py index f6d3552125..f22a0c782c 100644 --- a/frappe/utils/__init__.py +++ b/frappe/utils/__init__.py @@ -412,7 +412,7 @@ def sanitize_html(html): # retuns html with escaped tags, escaped orphan >, <, etc. escaped_html = bleach.clean(html, - tags=HTMLSanitizer.acceptable_elements + HTMLSanitizer.svg_elements, + tags=HTMLSanitizer.acceptable_elements + HTMLSanitizer.svg_elements + ["iframe"], attributes={"*": HTMLSanitizer.acceptable_attributes, "svg": HTMLSanitizer.svg_attributes}, styles=bleach_whitelist.all_styles, strip_comments=False)