[IMP] mail_sanitize: simplification of the regular expression

bzr revid: chm@openerp.com-20130102162544-jfwdfqx2ruf0x1q2

diff --git a/openerp/tests/test_mail.py b/openerp/tests/test_mail.py
index d7b3e78..ddb8fc4 100644 (file)
--- a/openerp/tests/test_mail.py
+++ b/openerp/tests/test_mail.py
@@ -230,7 +230,7 @@ class TestSanitizer(unittest2.TestCase):
             self.assertNotIn(attr, sanitized_html, 'html_sanitize did not remove enough unwanted attributes')
 
         emails =[("Charles <charles.bidule@truc.fr>", "Charles &lt;charles.bidule@truc.fr&gt;"), 
-                ("Dupuis <'tr/-: ${dupuis><#><$'@truc.baz.fr>", "Dupuis &lt;'tr/-: ${dupuis&gt;&lt;#&gt;&lt;$'@truc.baz.fr&gt;"),
+                ("Dupuis <'tr/-: ${dupuis#$'@truc.baz.fr>", "Dupuis &lt;'tr/-: ${dupuis#$'@truc.baz.fr&gt;"),
                 ("Technical <service/technical+2@open.com>", "Technical &lt;service/technical+2@open.com&gt;"),
                 ("Div nico <div-nico@open.com>", "Div nico &lt;div-nico@open.com&gt;")]
         for email in emails:

diff --git a/openerp/tools/mail.py b/openerp/tools/mail.py
index 01b6a7c..7ca9dd7 100644 (file)
--- a/openerp/tools/mail.py
+++ b/openerp/tools/mail.py
@@ -50,7 +50,7 @@ def html_sanitize(src):
     src = ustr(src, errors='replace')
 
     # html encode email tags
-    part = re.compile(r"(<\s*([^\s]+|'([^']|(?:\\)\\(\\\\)*')+'|\"([^\"]|(?:\\)\\(\\\\)*\")+\")@[^\s]+\s*>)", re.IGNORECASE | re.DOTALL)
+    part = re.compile(r"(<[^<>]+@[^<>]+>)", re.IGNORECASE | re.DOTALL)
     src = part.sub(lambda m: cgi.escape(m.group(1)), src)
     
     # some corner cases make the parser crash (such as <SCRIPT/XSS SRC=\"http://ha.ckers.org/xss.js\"></SCRIPT> in test_mail)