On 2010/07/16 16:51:20, gagan.goku wrote:
Thanks for the pointer Jasvir. Seems we want the attributes with type = URI and uriEffect =
SAME_DOCUMENT.
If i do a grep over the html4-attributes-defs.json file in caja\src\com\google\caja\lang\html directory, i find the following attributes: body background object classid object codebase applet codebase object data link href img longdesc frame longdesc iframe longdesc head profile script src input src frame src iframe src img src
Sadly some (or most) of them (like longdesc etc) seem to be badly
supported
by browsers, and due to unexpected bugs we might not want to handle
all of
these. But maybe a blacklist of attributes will work better. So we go over
every
node and each of its attributes (or prepopulate a map of allowed node
and
attribute) to find attributes matching our criterion and rewrite them.
Thoughts ?
Agreed that this change to use the complete w3c spec list from the class pointed to by Jasvir, would be a good change. Kuntal, could you file a jira issue for tracking this? I think we should go ahead with the current change for now, and make the transition to the larger list in a subsequent change. Jasvir, Chirag - do you think this will be fine? Thanks, Anupama. http://codereview.appspot.com/1806044/show
