Edgewall Software

Ticket #274 (closed defect: fixed)

Opened 8 months ago

Last modified 4 months ago

HTMLSanitizer.is_safe_uri() fails for relative URIs containing a ':'

Reported by: Remy Blank <remy.blank@…> Owned by: cmlenz
Priority: major Milestone: 0.6
Component: General Version: 0.5.1
Keywords: Cc:

Description

The method HTMLSanitizer.is_safe_uri() returns False for relative URIs like the following: 

#fragment:with:colon

Note that RFC-3986 explicitly allows ':' in fragments.

The current implementation splits the URI at the first ':' and checks the first part against a list of safe schemes. This is insufficient.

A fix might be to check the part of the URI prior to the first ':' against the specification for a scheme: 

scheme        = ALPHA *( ALPHA / DIGIT / "+" / "-" / "." )

If it doesn't fit, the URI can be considered as being relative.

This issue has been reported in Trac ticket  #T7530.

Attachments

Change History

Changed 4 months ago by cmlenz

  • status changed from new to closed
  • resolution set to fixed

Should be fixed in [1046].

Add/Change #274 (HTMLSanitizer.is_safe_uri() fails for relative URIs containing a ':')

Author


E-mail address and user name can be saved in the Preferences.


Change Properties
<Author field>
Action
as closed
Next status will be 'reopened'
 
Note: See TracTickets for help on using tickets.