Issue 14086: Fix HTML renderer to prevent rendering of unrenderable CDATA content..

Keyboard Shortcuts

	File
u :	up to issue
m :	publish + mail comments
M :	edit review message
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line
<Enter> :	respond to / edit current comment
d :	mark current comment as done

	Issue
u :	up to list of issues
m :	publish + mail comments
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue
# :	close issue

	Comment/message editing
<Ctrl> + s or <Ctrl> + Enter :	save comment
<Esc> :	cancel edit

Issue 14086: Fix HTML renderer to prevent rendering of unrenderable CDATA content.. (Closed)

Can't Edit
Can't Publish+Mail
Start Review

Created:
17 years, 1 month ago by MikeSamuel

Modified:
16 years, 8 months ago

Reviewers:
Jasvir

CC:
google-caja-discuss_googlegroups.com

Base URL:
http://google-caja.googlecode.com/svn/trunk/

Visibility:
Public.

Description

The XHTML document <xmp> &lt/xmp> </xmp> is not translatable to an HTML document since the close equivalent <xmp> </xmp> </xmp> has a different meaning. This change fixes this to cause rendering CDATA content in HTML rendering mode that contains a sequence of characters that would close the CDATA element to fail with an IllegalStateException. This is not a breach vector since no CDATA content elements appear on our schema whitelist, hence no need for responsible disclosure, but it is a correctness and maintainability issue. Submitted @3273

Patch Set 1 #

Patch Set 2 : Fix HTML renderer to prevent rendering of unrenderable CDATA content.. #

Total comments: 1

Created: 17 years, 1 month ago

Download [raw] [tar.bz2]

		Unified diffs	Side-by-side diffs	Delta from patch set	Stats (+55 lines, -2 lines)			Patch
	M	src/com/google/caja/parser/html/DomTree.java	View		2 chunks	+16 lines, -2 lines	1 comment	Download
	M	tests/com/google/caja/parser/html/DomParserTest.java	View		1 chunk	+39 lines, -0 lines	0 comments	Download

Messages

Total messages: 1

Expand All Messages | Collapse All Messages

Jasvir

17 years, 1 month ago (2009-02-19 23:06:07 UTC) #1

LGTM

http://codereview.appspot.com/14086/diff/1001/7
File src/com/google/caja/parser/html/DomTree.java (right):

http://codereview.appspot.com/14086/diff/1001/7#newcode272
Line 272: if (Strings.toLowerCase(cdataContent).contains(canonCloseTag)) {
This works because cannonical form is lowercase.

Expand All Messages | Collapse All Messages