Created a JIRA issue - https://issues.apache.org/jira/browse/SHINDIG-1390
On 2010/07/20 10:06:32, anupama.dutta wrote:
On 2010/07/16 16:51:20, gagan.goku wrote: > Thanks for the pointer Jasvir. > Seems we want the attributes with type = URI and uriEffect =
SAME_DOCUMENT.
> > If i do a grep over the html4-attributes-defs.json file > in caja\src\com\google\caja\lang\html directory, i find the
following
> attributes: > body background > object classid > object codebase > applet codebase > object data > link href > img longdesc > frame longdesc > iframe longdesc > head profile > script src > input src > frame src > iframe src > img src > > Sadly some (or most) of them (like longdesc etc) seem to be badly
supported
> by browsers, and due to unexpected bugs we might not want to handle
all of
> these. > But maybe a blacklist of attributes will work better. So we go over
every
> node and each of its attributes (or prepopulate a map of allowed
node and
> attribute) to find attributes matching our criterion and rewrite
them.
> > Thoughts ?
Agreed that this change to use the complete w3c spec list from the
class pointed
to by Jasvir, would be a good change. Kuntal, could you file a jira
issue for
tracking this?
I think we should go ahead with the current change for now, and make
the
transition to the larger list in a subsequent change. Jasvir, Chirag -
do you
think this will be fine?
Thanks, Anupama.
http://codereview.appspot.com/1806044/show
