Skip to content

Commit 5e31bba

Browse files
committed
Fix pattern detection of URL schemes
Fix #2670.
1 parent 7842f81 commit 5e31bba

File tree

2 files changed

+16
-3
lines changed

2 files changed

+16
-3
lines changed

tests/test_api.py

Lines changed: 12 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -10,6 +10,7 @@
1010
import unicodedata
1111
import wsgiref.simple_server
1212
import zlib
13+
from base64 import b64encode
1314
from functools import partial
1415
from pathlib import Path
1516
from urllib.parse import urljoin, uses_relative
@@ -704,6 +705,17 @@ def test_allowed_protocols(command):
704705
_run(command, f'<img src="{path2url(resource_path("pattern.png"))}">'.encode())
705706

706707

708+
@assert_no_logs
709+
@pytest.mark.parametrize('command', [
710+
'- -',
711+
'--allowed-protocols data - -',
712+
'--allowed-protocols File,Data - -',
713+
])
714+
def test_allowed_protocols_data(command):
715+
data = b64encode(resource_path('pattern.png').read_bytes()).decode()
716+
_run(command, f'<img src="data:image/png;base64,{data}">'.encode())
717+
718+
707719
@pytest.mark.parametrize('command', [
708720
'--allowed-protocols http - -',
709721
'--allowed-protocols http,https - -',

weasyprint/urls.py

Lines changed: 4 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -330,17 +330,18 @@ def fetch(self, url, headers=None):
330330
331331
"""
332332
# Discard URLs with no or invalid protocol.
333-
if not UNICODE_SCHEME_RE.match(url): # pragma: no cover
333+
if not (match := UNICODE_SCHEME_RE.match(url)): # pragma: no cover
334334
raise ValueError(f'Not an absolute URI: {url}')
335+
scheme = match[1].lower()
335336

336337
# Discard URLs with forbidden protocol.
337338
if self._allowed_protocols is not None:
338-
if url.split('://', 1)[0].lower() not in self._allowed_protocols:
339+
if scheme not in self._allowed_protocols:
339340
raise ValueError(f'URI uses disallowed protocol: {url}')
340341

341342
# Remove query and fragment parts from file URLs.
342343
# See https://bugs.python.org/issue34702.
343-
if url.lower().startswith('file://'):
344+
if scheme == 'file':
344345
url = url.split('?')[0]
345346

346347
# Transform Unicode IRI to ASCII URI.

0 commit comments

Comments
 (0)