Changeset 52692

Timestamp:

03/20/08 12:41:53 (2 years ago)

Author:

madarche

Message:

Fixed #1898: IllegalHTML exception blocking HTML rendering and indexing.

Files:

• Zope2/PortalTransforms/trunk/CHANGES (modified) (1 diff)
• Zope2/PortalTransforms/trunk/libtransforms/utils.py (modified) (5 diffs)

Zope2/PortalTransforms/trunk/CHANGES

@@ -7 +7 @@
-Bug fixes
-~~~~~~~~~
-
+ #1898: IllegalHTML exception blocking HTML rendering and indexing.
-New internal features
-~~~~~~~~~~~~~~~~~~~~~

Zope2/PortalTransforms/trunk/libtransforms/utils.py

@@ -1 +1 @@
-# $Id$
-
+from logging import getLogger
+import re
-import os
-import sys
-from os.path import basename, splitext, join
+from cStringIO import StringIO
-from sgmllib import SGMLParser
-
-
+
+
+
-
-HAVE_LXML = 0
@@ -128 +132 @@
-             }
-
-class IllegalHTML( ValueError ):
-    pass
-
-class StrippingParser( SGMLParser ):
-    """ Pass only allowed tags;  raise exception for known-bad.  """
@@ -171 +172 @@
-
-                if k.lower().startswith( 'on' ):
-raise IllegalHTML, 'Javascipt event "%s" not allowed.' % k
+logger.debug('Javascript event "%s" not allowed.' % k)
-
-                if v.lower().startswith( 'javascript:' ):
-raise IllegalHTML, 'Javascipt URI "%s" not allowed.' % v
+logger.debug('Javascript URI "%s" not allowed.' % v)
-
-                self.result = '%s %s="%s"' % (self.result, k, v)
@@ -185 +186 @@
-
-        elif NASTY_TAGS.get( tag ):
-raise IllegalHTML, 'Dynamic tag "%s" not allowed.' % tag
+logger.debug('Dynamic tag "%s" not allowed.' % tag)
-
-        else:
@@ -226 +227 @@
-            self.in_body = True
-        elif NASTY_TAGS.get( tag ):
-raise IllegalHTML, 'Dynamic tag "%s" not allowed.' % tag
+logger.debug('Dynamic tag "%s" not allowed.' % tag)
-        elif self.in_body:
-            self.result = '%s ' % self.result