def handle_starttag(self, tag, method, attrs):
if tag not in self.permitted_tags:
self.result += xssescape("<%s>" % tag)
else:
bt = "<" + tag
if tag in self.allowed_attributes:
attrs = dict(attrs)
self.allowed_attributes_here = \
[x for x in self.allowed_attributes[tag] if x in attrs \
and len(attrs[x]) > 0]
for attribute in self.allowed_attributes_here:
if attribute in ['href', 'src', 'background']:
if self.url_is_acceptable(attrs[attribute]):
bt += ' %s="%s"' % (attribute, attrs[attribute])
else:
bt += ' %s=%s' % \
(xssescape(attribute), quoteattr(attrs[attribute]))
if bt == "<a" or bt == "<img":
return
if tag in self.requires_no_close:
bt += "/"
bt += ">"
self.result += bt
self.open_tags.insert(0, tag)
评论列表
文章目录
