Rietveld Code Review Tool
Help | Bug tracker | Discussion group | Source code | Sign in
(59)
Issues Repositories Search
Open Issues | Closed Issues | All Issues | Sign in with your Google Account to create issues and add comments

Issue 5305081: Copy of Ka-Ping's html sanitizer patch. (Closed)

Can't Edit
Can't Publish+Mail
Start Review
Created:
14 years, 7 months ago by MikeSamuel
Modified:
14 years, 7 months ago
Reviewers:
Jasvir
CC:
google-caja-discuss_googlegroups.com
Base URL:
http://google-caja.googlecode.com/svn/trunk/
Visibility:
Public.

Description

I LGTMed this at http://codereview.appspot.com/4641064/ Issue 4641064: Factor out a replaceable tagPolicy to enable customization of the sanitizer. This exposes a hook named 'tagPolicy' in the sanitizer so that the sanitizer can be customized to accept or transform particular tags, for example, to accept <iframe> tags with a specific SRC, or transform <embed> tags into <iframe> tags. makeTagPolicy, sanitizeAttribs, and sanitizeWithPolicy are factored out so that they can be easily reused in custom tagPolicy functions. Submitted @4658

Patch Set 1 #

Patch Set 2 : Copy of Ka-Ping's html sanitizer patch. #

Total comments: 3

Patch Set 3 : Copy of Ka-Ping's html sanitizer patch. #

Unified diffs Side-by-side diffs Delta from patch set Stats (+314 lines, -234 lines) Patch
M src/com/google/caja/ancillary/linter/Linter.java View 1 chunk +1 line, -0 lines 0 comments Download
M src/com/google/caja/plugin/html-sanitizer.js View 1 2 13 chunks +284 lines, -231 lines 0 comments Download
M tests/com/google/caja/plugin/es53-test-domado-special-guest.html View 1 1 chunk +1 line, -1 line 0 comments Download
M tests/com/google/caja/plugin/html-sanitizer-test.js View 3 chunks +28 lines, -2 lines 0 comments Download

Messages

Total messages: 5
MikeSamuel
14 years, 7 months ago (2011-10-31 16:15:57 UTC) #1
Jasvir
LGTM too.
14 years, 7 months ago (2011-10-31 16:25:20 UTC) #2
MikeSamuel
On 2011/10/31 16:25:20, Jasvir wrote: > LGTM too. Can you take a look at the ...
14 years, 7 months ago (2011-11-03 21:18:57 UTC) #3
Jasvir
LGTM++ http://codereview.appspot.com/5305081/diff/4001/src/com/google/caja/plugin/html-sanitizer.js File src/com/google/caja/plugin/html-sanitizer.js (right): http://codereview.appspot.com/5305081/diff/4001/src/com/google/caja/plugin/html-sanitizer.js#newcode24 src/com/google/caja/plugin/html-sanitizer.js:24: * \@requires html4 Why escape all the @ ...
14 years, 7 months ago (2011-11-03 21:49:22 UTC) #4
MikeSamuel
14 years, 7 months ago (2011-11-03 22:05:37 UTC) #5 
2011/11/3  <jasvir@gmail.com>:
> LGTM++
>
>
>
http://codereview.appspot.com/5305081/diff/4001/src/com/google/caja/plugin/ht...
> File src/com/google/caja/plugin/html-sanitizer.js (right):
>
>
http://codereview.appspot.com/5305081/diff/4001/src/com/google/caja/plugin/ht...
> src/com/google/caja/plugin/html-sanitizer.js:24: * \@requires html4
> Why escape all the @ in comments?

Because JSCompiler complains on them.

>
http://codereview.appspot.com/5305081/diff/4001/src/com/google/caja/plugin/ht...
> src/com/google/caja/plugin/html-sanitizer.js:172: return '"' + ('' +
> s).replace(ampRe, '&amp;').replace(ltRe, '&lt;')
> is it worth just calling escapeAttrib here?

Done.  Got rid of quoteAttrib by inlining it into call site.

>
http://codereview.appspot.com/5305081/diff/4001/src/com/google/caja/plugin/ht...
> src/com/google/caja/plugin/html-sanitizer.js:180: * $ quoteAttrib('')
> Copy and paste error

Fixed three places.

> http://codereview.appspot.com/5305081/
>
Sign in to reply to this message.

Powered by Google App Engine
RSS Feeds Recent Issues | This issue
This is Rietveld f62528b