Fix #189: fix the sanitizer to allow relative URLs again.

gsnedders · gsnedders · commit c0a63754555a · 2015-07-07T02:37:17.000+01:00
We regressed this when we added support for data URLs. Oops.
diff --git a/CHANGES.rst b/CHANGES.rst
@@ -1,6 +1,15 @@
 Change Log
 ----------
 
+0.999999/1.0b7
+~~~~~~~~~~~~~~
+
+Released on July 7, 2015
+
+* Fix #189: fix the sanitizer to allow relative URLs again (as it did
+  prior to 0.9999/1.0b5).
+
+
 0.99999/1.0b6
 ~~~~~~~~~~~~~
 
diff --git a/html5lib/sanitizer.py b/html5lib/sanitizer.py
@@ -208,7 +208,7 @@ def allowed_token(self, token, token_type):
                 # remove replacement characters from unescaped characters
                 val_unescaped = val_unescaped.replace("\ufffd", "")
                 uri = urlparse.urlparse(val_unescaped)
-                if uri:
+                if uri and uri.scheme:
                     if uri.scheme not in self.allowed_protocols:
                         del attrs[attr]
                     if uri.scheme == 'data':
diff --git a/html5lib/tests/test_sanitizer.py b/html5lib/tests/test_sanitizer.py
@@ -40,6 +40,10 @@ def test_should_handle_astral_plane_characters():
     assert '<html:p xmlns:html="http://www.w3.org/1999/xhtml">\U0001d4b5 \U0001d538</html:p>' == sanitize_html("<p>&#x1d4b5; &#x1d538;</p>")
 
 
+def test_should_allow_relative_uris():
+    assert '<html:p xmlns:html="http://www.w3.org/1999/xhtml"><html:a href="/example.com" /></html:p>' == sanitize_html('<p><a href="/example.com"></a></p>')
+
+
 def test_sanitizer():
     toxml = toxmlFactory()
     for tag_name in sanitizer.HTMLSanitizer.allowed_elements:
