xuyue/OnlineJudge
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

修改 xss filter 规则

Browse Source
This commit is contained in:
virusdefender
2015-10-08 11:13:53 +08:00
parent 246826139f
commit 85ab5adfe6
1 changed files with 2 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
utils/xss_filter.py
View File

@@ -38,7 +38,7 @@ class XssHtml(HTMLParser):
'p', 'div', 'em', 'span', 'h1', 'h2', 'h3', 'h4', 'p', 'div', 'em', 'span', 'h1', 'h2', 'h3', 'h4',
'h5', 'h6', 'blockquote', 'ul', 'ol', 'tr', 'th', 'td', 'h5', 'h6', 'blockquote', 'ul', 'ol', 'tr', 'th', 'td',
'hr', 'li', 'u', 'embed', 's', 'table', 'thead', 'tbody', 'hr', 'li', 'u', 'embed', 's', 'table', 'thead', 'tbody',
'caption', 'small', 'q', 'sup', 'sub'] 'caption', 'small', 'q', 'sup', 'sub', 'font']
common_attrs = ["style", "class", "name"] common_attrs = ["style", "class", "name"]
nonend_tags = ["img", "hr", "br", "embed"] nonend_tags = ["img", "hr", "br", "embed"]
tags_own_attrs = { tags_own_attrs = {
@@ -46,6 +46,7 @@ class XssHtml(HTMLParser):
"a": ["href", "target", "rel", "title"], "a": ["href", "target", "rel", "title"],
"embed": ["src", "width", "height", "type", "allowfullscreen", "loop", "play", "wmode", "menu"], "embed": ["src", "width", "height", "type", "allowfullscreen", "loop", "play", "wmode", "menu"],
"table": ["border", "cellpadding", "cellspacing"], "table": ["border", "cellpadding", "cellspacing"],
"font": ["color"]
} }
def __init__(self, allows=[]): def __init__(self, allows=[]):