Sanitizer: Allow <summary> (#423)

Add tests that the sanitizer allows <details open> and <summary> and update the implementation to allow <summary>. Co-authored-by: Łukasz Langa <lukasz@langa.pl>
html5lib · Mar 1, 2023 · ff7fa37 · ff7fa37
1 parent c64a111
commit ff7fa37
Show file tree

Hide file tree

Showing 3 changed files with 20 additions and 1 deletion.
diff --git a/CHANGES.rst b/CHANGES.rst
@@ -1,6 +1,13 @@
 Change Log
 ----------
 
+1.2
+~~~
+
+Bug fixes:
+
+* The sanitizer now permits ``<summary>`` tags.
+
 1.1
 ~~~
 
@@ -22,7 +29,6 @@ Other changes:
   ``html5lib`` keeps working in future Python versions. (#403)
 * Drop optional ``datrie`` dependency. (#442)
 
-
 1.0.1
 ~~~~~
 

diff --git a/html5lib/filters/sanitizer.py b/html5lib/filters/sanitizer.py
@@ -113,6 +113,7 @@
     (namespaces['html'], 'strike'),
     (namespaces['html'], 'strong'),
     (namespaces['html'], 'sub'),
+    (namespaces['html'], 'summary'),
     (namespaces['html'], 'sup'),
     (namespaces['html'], 'table'),
     (namespaces['html'], 'tbody'),

diff --git a/html5lib/tests/test_sanitizer.py b/html5lib/tests/test_sanitizer.py
@@ -111,6 +111,18 @@ def param_sanitizer():
                """<img src="%s:%s">foo</a>""" % (protocol, rest_of_uri))
 
 
+def test_details_open_allowed():
+    sanitized = sanitize_html("<details open>.</details>")
+    expected = '<details open>.</details>'
+    assert expected == sanitized
+
+
+def test_details_summary_allowed():
+    sanitized = sanitize_html("<details><summary>.</summary><p>...</p></details>")
+    expected = '<details><summary>.</summary><p>...</p></details>'
+    assert expected == sanitized
+
+
 @pytest.mark.parametrize("expected, input",
                          (pytest.param(expected, input, id=id)
                           for id, expected, input in param_sanitizer()))