Open
Description
http://code.google.com/p/html5lib/issues/detail?id=180
Reported by bjellema20, Mar 8, 2011
What steps will reproduce the problem?
Pass any html into the sanitizer with an inline style that includes a font-family with a dash (-) such as "sans-serif" and the entire style is stripped. Example html:
<span style='font-size:10.0pt;font-family:"Verdana","sans-serif";color:#1F497D'>Enjoy your day</span>What is the expected output? What do you see instead?
The style tag should stay, but instead we see:
<span style="">Enjoy your day</span>Please provide any additional information below.
I've solved this by changing line 197 in sanitizer.py from:
if not re.match("""^([:,;#%.\sa-zA-Z0-9!]|\w-\w|'[\s\w]+'|"[\s\w]+"|\([\d,\s]+\))*$""", style): return ''To:
if not re.match("""^([:,;#%.\sa-zA-Z0-9!]|\w-\w|'[\s\w-]+'|"[\s\w-]+"|\([\d,\s]+\))*$""", style): return ''