From 85ab5adfe629274ba782c9eb3c9a1f39e6d97364 Mon Sep 17 00:00:00 2001
From: virusdefender <1670873886@qq.com>
Date: Thu, 8 Oct 2015 11:13:53 +0800
Subject: [PATCH] =?UTF-8?q?=E4=BF=AE=E6=94=B9=20xss=20filter=20=E8=A7=84?=
 =?UTF-8?q?=E5=88=99?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 utils/xss_filter.py | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/utils/xss_filter.py b/utils/xss_filter.py
index 825fbc9..337f0a5 100644
--- a/utils/xss_filter.py
+++ b/utils/xss_filter.py
@@ -38,7 +38,7 @@ class XssHtml(HTMLParser):
                   'p', 'div', 'em', 'span', 'h1', 'h2', 'h3', 'h4',
                   'h5', 'h6', 'blockquote', 'ul', 'ol', 'tr', 'th', 'td',
                   'hr', 'li', 'u', 'embed', 's', 'table', 'thead', 'tbody',
-                  'caption', 'small', 'q', 'sup', 'sub']
+                  'caption', 'small', 'q', 'sup', 'sub', 'font']
     common_attrs = ["style", "class", "name"]
     nonend_tags = ["img", "hr", "br", "embed"]
     tags_own_attrs = {
@@ -46,6 +46,7 @@ class XssHtml(HTMLParser):
         "a": ["href", "target", "rel", "title"],
         "embed": ["src", "width", "height", "type", "allowfullscreen", "loop", "play", "wmode", "menu"],
         "table": ["border", "cellpadding", "cellspacing"],
+        "font": ["color"]
     }
 
     def __init__(self, allows=[]):