Better handling of SVG attributes which admit uri refs

Just strip out the URI ref, leaving alternates.
2007-10-27 23:08:13 -05:00 · 2007-10-27 23:08:13 -05:00 · f24c60c3fb
commit f24c60c3fb
parent 5208bbf0af
2 changed files with 11 additions and 11 deletions
--- a/vendor/plugins/HTML5lib/lib/html5/sanitizer.rb
+++ b/vendor/plugins/HTML5lib/lib/html5/sanitizer.rb
@ -123,9 +123,9 @@ module HTML5
                if val_unescaped =~ /^[a-z0-9][-+.a-z0-9]*:/ and !self.class.const_get("ALLOWED_PROTOCOLS").include?(val_unescaped.split(':')[0])
                  attrs.delete attr
                end
-                SVG_ATTR_VAL_ALLOWS_REF.each do |attr|
-                  attrs.delete attr if attrs[attr].to_s.downcase =~ /url\(\s*[^#]/m
-                end
+              end
+              SVG_ATTR_VAL_ALLOWS_REF.each do |attr|
+                attrs[attr] = attrs[attr].to_s.gsub(/url\s*\(\s*[^#\s][^)]+?\)/m, ' ') if attrs[attr]
              end
              if attrs['style']
                attrs['style'] = sanitize_css(attrs['style'])