diff options
| -rw-r--r-- | apioforum/mdrender.py | 20 |
1 files changed, 11 insertions, 9 deletions
diff --git a/apioforum/mdrender.py b/apioforum/mdrender.py index e9e2feb..db08637 100644 --- a/apioforum/mdrender.py +++ b/apioforum/mdrender.py @@ -39,19 +39,21 @@ class IFrameCSS: class IFrameSandboxFilter(Filter): def sanitize_token(self, token): - if token["type"] == "StartTag" and token["name"] == "iframe": + if token["type"] != "StartTag": + return + if token["name"] == "iframe": token["data"][(None, "sandbox")] = \ "allow-forms " + \ "allow-scripts " + \ "allow-top-navigation-by-user-activation " + \ "allow-top-navigation-to-custom-protocols" - for key in token["data"]: - if key[1] in ("height", "width"): - try: - if int(token["data"][key]) > 1000: - token["data"][key] = "800" - except ValueError: - del token["data"][key] + for key in token["data"]: + if key[1] in ("height", "width"): + try: + if int(token["data"][key]) > 1000: + token["data"][key] = "800" + except ValueError: + del token["data"][key] return token def __iter__(self): @@ -66,7 +68,7 @@ allowed_tags += ("mark" + c for c in csscolors) allowed_attributes = bleach.sanitizer.ALLOWED_ATTRIBUTES.copy() allowed_attributes.update( - img=['src','alt','title'], + img=['src','height','width','alt','title'], iframe=['src','height','width','srcdoc','style'], ol=['start'], details=['open'], |