Reviewers: ihab.awad,
Description:
<div class="!...@#$%"></div> is valid html, and it was accepted by
an earlier version of caja, but now it isn't.
This change removes the constraint.
Please review this at http://codereview.appspot.com/89073
Affected files:
M src/com/google/caja/plugin/templates/TemplateCompiler.java
M tests/com/google/caja/plugin/templates/TemplateCompilerTest.java
Index: tests/com/google/caja/plugin/templates/TemplateCompilerTest.java
===================================================================
--- tests/com/google/caja/plugin/templates/TemplateCompilerTest.java
(revision 3549)
+++ tests/com/google/caja/plugin/templates/TemplateCompilerTest.java
(working copy)
@@ -298,6 +298,14 @@
);
}
+ /** class= attributes are CDATA, non-alphanumerics should be allowed. */
+ public void test1057ClassNames() throws Exception {
+ assertSafeHtml(
+ htmlFragment(fromString("<div class='*...@$'></div>")),
+ htmlFragment(fromString("<div class='*...@$'></div>")),
+ new Block());
+ }
+
private void assertSafeHtml(
DocumentFragment input, DocumentFragment htmlGolden, Block jsGolden)
throws ParseException {
Index: src/com/google/caja/plugin/templates/TemplateCompiler.java
===================================================================
--- src/com/google/caja/plugin/templates/TemplateCompiler.java (revision
3549)
+++ src/com/google/caja/plugin/templates/TemplateCompiler.java (working
copy)
@@ -274,7 +274,6 @@
Expression dynamicValue;
switch (info.getType()) {
case CLASSES:
- if (!checkRestrictedNames(value, pos)) { return; }
dynamicValue = null;
break;
case FRAME_TARGET:
