dinislage/web2py
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge pull request #1732 from lkrn/master

Browse Source 
fixes #1724
This commit is contained in:
mdipierro
2017-08-13 13:55:09 -05:00
committed by GitHub
parent 1d0f322d09 135f41041d
commit 5e6c3dba81
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
gluon/sanitizer.py
+1 -1
View File
@@ -145,7 +145,7 @@ class XssCleaner(HTMLParser):
if url.startswith('#'):
return True
else:
parsed = urlparse(url)
parsed = urlparse.urlparse(url)
return ((parsed[0] in self.allowed_schemes and '.' in parsed[1]) or
(parsed[0] in self.allowed_schemes and '@' in parsed[2]) or
(parsed[0] == '' and parsed[2].startswith('/')))