[FIX] tools: mail: when cleaning, unescape mako specific symbols.
Indeed those are escaped when contained inside an href or mailto element of a tag, leading to mako not rendering the element. bzr revid: tde@openerp.com-20140123125137-4u4i88f1ajybg5f2
This commit is contained in:
parent
5528b9b2d8
commit
5f1ec49ecd
|
@ -29,6 +29,7 @@ import re
|
|||
import socket
|
||||
import threading
|
||||
import time
|
||||
import xml
|
||||
from email.utils import getaddresses
|
||||
|
||||
import openerp
|
||||
|
@ -95,6 +96,8 @@ def html_sanitize(src, silent=True, strict=False):
|
|||
# some corner cases make the parser crash (such as <SCRIPT/XSS SRC=\"http://ha.ckers.org/xss.js\"></SCRIPT> in test_mail)
|
||||
cleaner = clean.Cleaner(**kwargs)
|
||||
cleaned = cleaner.clean_html(src)
|
||||
# MAKO compatibility: $, { and } inside quotes are escaped, preventing correct mako execution
|
||||
cleaned = xml.sax.saxutils.unescape(cleaned, {'%24': '$', '%7B': '{', '%7D': '}', '%20': ' '})
|
||||
except etree.ParserError, e:
|
||||
if 'empty' in str(e):
|
||||
return ""
|
||||
|
|
Loading…
Reference in New Issue