Fix handling of css sanitizer (#1940)

jupyter · Jan 24, 2023 · 14b1d7a · 14b1d7a
1 parent dab26e0
commit 14b1d7a
Show file tree

Hide file tree

Showing 2 changed files with 12 additions and 0 deletions.
diff --git a/nbconvert/filters/strings.py b/nbconvert/filters/strings.py
@@ -20,6 +20,8 @@
 # defusedxml does safe(r) parsing of untrusted XML data
 from defusedxml import ElementTree  # type:ignore
 
+from nbconvert.preprocessors.sanitize import _get_default_css_sanitizer
+
 __all__ = [
     "wrap_text",
     "html2text",
@@ -86,6 +88,10 @@ def clean_html(element):
         element = element.decode()
     else:
         element = str(element)
+    kwargs = {}
+    css_sanitizer = _get_default_css_sanitizer()
+    if css_sanitizer:
+        kwargs['css_sanitizer'] = css_sanitizer
     return bleach.clean(
         element,
         tags=[*bleach.ALLOWED_TAGS, *ALLOWED_SVG_TAGS, "div", "pre", "code", "span"],
@@ -95,6 +101,7 @@ def clean_html(element):
             **{svg_tag: list(ALLOWED_SVG_ATTRIBUTES) for svg_tag in ALLOWED_SVG_TAGS},
             "*": ["class", "id"],
         },
+        **kwargs,
     )
 
 

diff --git a/nbconvert/preprocessors/sanitize.py b/nbconvert/preprocessors/sanitize.py
@@ -168,3 +168,8 @@ def sanitize_html_tags(self, html_str):
             kwargs.update(styles=self.styles)
 
         return clean(html_str, **kwargs)
+
+
+def _get_default_css_sanitizer():
+    if _USE_BLEACH_CSS_SANITIZER:
+        return CSSSanitizer(allowed_css_properties=ALLOWED_STYLES)