Close a few more holes (and make the tests pass again)

rubys · rubys · commit 93b4f1c73772 · 2007-06-11T19:08:02.000Z
--HG--
extra : convert_revision : svn%3Aacbfec75-9323-0410-a652-858a13e371e0/trunk%40705
diff --git a/src/sanitizer.py b/src/sanitizer.py
@@ -81,7 +81,7 @@ class HTMLSanitizer(HTMLTokenizer):
          'xmlns:xlink', 'y', 'y1', 'y2', 'zoomAndPan']
 
     attr_val_is_uri = ['href', 'src', 'cite', 'action', 'longdesc',
-         'xlink:href']
+         'xlink:href', 'xml:base']
   
     acceptable_css_properties = ['azimuth', 'background-color',
         'border-bottom-color', 'border-collapse', 'border-color',
@@ -138,7 +138,7 @@ def __iter__(self):
                         attrs = dict([(name,val) for name,val in token["data"][::-1] if name in self.allowed_attributes])
                         for attr in self.attr_val_is_uri:
                             if not attrs.has_key(attr): continue
-                            val_unescaped = re.sub("[\000-\040\177-\240\s]+", '', unescape(attrs[attr])).lower()
+                            val_unescaped = re.sub("[`\000-\040\177-\240\s]+", '', unescape(attrs[attr])).lower()
                             if re.match("^[a-z0-9][-+.a-z0-9]*:",val_unescaped) and (val_unescaped.split(':')[0] not in self.allowed_protocols):
                                 del attrs[attr]
                         if attrs.has_key('style'):
@@ -158,6 +158,8 @@ def __iter__(self):
                     token["type"] = "Characters"
                     del token["name"]
                     yield token
+            elif token["type"] == "Comment":
+                pass
             else:
                 yield token
 
