DescriptionChanges the uriPolicy api to use uri.js and passes parsed URIs to policy functions.
This addresses potential vulnerabilities arising from differences between how browsers
parse urls that are malformed.
Added URI tests from WebKit but further normalization of URI domains are needed before
these tests can be run correctly.
@5288
Patch Set 1 #
Total comments: 4
Patch Set 2 : Use uri.js in html-sanitizer and caja uri policies #Patch Set 3 : Use uri.js in html-sanitizer and caja uri policies #Patch Set 4 : Use uri.js in html-sanitizer and caja uri policies #
Total comments: 2
Patch Set 5 : Use uri.js in html-sanitizer and caja uri policies #
Total comments: 3
MessagesTotal messages: 12
|