Previously the sanitizer attributes dictionary was created by updating
the desired whitelist with `bleach.sanitizer.ALLOWED_ATTRIBUTES` which
is (at the time of this writing):
{'a': ['href', 'title'], 'abbr': ['title'], 'acronym': ['title']}
By updating the whitelist dictionary with a duplicated key (`a`), the
whitelist value is overwritten.
Instead, build a new dictionary by merging the two dictionaries with a
preference for the whitelisted values. To accommodate the overwrite
behavior the whitelist is expanded to include those default values.
---
srht/markdown.py | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)
diff --git a/srht/markdown.py b/srht/markdown.py
index a724e4f..df3d450 100644
--- a/srht/markdown.py+++ b/srht/markdown.py
@@ -139,7 +139,7 @@ def _wildcard_filter(tag, name, value):
return name in ["style", "class", "colspan", "rowspan"]
_sanitizer_attrs = {
- "a": ["id"],+ "a": ["id", "href", "title"], "h1": ["id"],
"h2": ["id"],
"h3": ["id"],
@@ -150,7 +150,6 @@ _sanitizer_attrs = {
"input": _input_filter,
"*": _wildcard_filter,
}
-_sanitizer_attrs.update(bleach.sanitizer.ALLOWED_ATTRIBUTES)_sanitizer = bleach.sanitizer.Cleaner(
tags=bleach.sanitizer.ALLOWED_TAGS + [
"p", "div", "span", "pre", "hr",
@@ -161,7 +160,7 @@ _sanitizer = bleach.sanitizer.Cleaner(
"q",
"h1", "h2", "h3", "h4", "h5", "h6",
],
- attributes=_sanitizer_attrs,+ attributes={**bleach.sanitizer.ALLOWED_ATTRIBUTES, **_sanitizer_attrs}, protocols=[
'ftp',
'gemini',
--
2.28.0