http://codereview.appspot.com/4172053/diff/1/java/gadgets/src/main/java/org/apache/shindig/gadgets/parse/caja/CajaHtmlSerializer.java File java/gadgets/src/main/java/org/apache/shindig/gadgets/parse/caja/CajaHtmlSerializer.java (right):
http://codereview.appspot.com/4172053/diff/1/java/gadgets/src/main/java/org/apache/shindig/gadgets/parse/caja/CajaHtmlSerializer.java#newcode59 java/gadgets/src/main/java/org/apache/shindig/gadgets/parse/caja/CajaHtmlSerializer.java:59: protected String renderDocType(DocumentType docType) { I do not understand the threats associated with public ids and system ids (those that are javascript urls for example). Gadgets are not required to support doctypes other than standards mode and this is a safe value to render. On 2011/02/17 20:46:36, gagan.goku wrote:
shouldn't this be HtmlSerialization.outputDocType(docType, sw) ? or does caja not output system and public id at all ?
http://codereview.appspot.com/4172053/
