[Caja] [google-caja] r4224 committed - [?1034hCleanup of html-sanitizer...

Fri, 06 Aug 2010 13:45:24 -0700 

Revision: 4224
Author: [email protected]
Date: Fri Aug  6 13:44:11 2010
Log: [?1034hCleanup of html-sanitizer
http://codereview.appspot.com/1743058
This fixes a missing attribute type case so that IDREFs are rewritten properly. This affects some backward compatible APIs but not any actual production code. 

Also includes a parser fix in the in-tag-cruft regex.

[email protected]

http://code.google.com/p/google-caja/source/detail?r=4224

Modified:
 /trunk/src/com/google/caja/plugin/domita.js
 /trunk/src/com/google/caja/plugin/html-sanitizer.js

=======================================
--- /trunk/src/com/google/caja/plugin/domita.js Thu Aug  5 15:37:50 2010
+++ /trunk/src/com/google/caja/plugin/domita.js Fri Aug  6 13:44:11 2010
@@ -986,6 +986,8 @@
      */
     function rewriteAttribute(tagName, attribName, type, value) {
       switch (type) {
+        case html4.atype.NONE:
+          return String(value);
         case html4.atype.CLASSES:
           // note, className is arbitrary CDATA.
           value = String(value);
@@ -1066,11 +1068,10 @@
             css.push(propName + ' : ' + propValue);
           }
           return css.join(' ; ');
+        // Frames are ambient, so disallow reference.
         case html4.atype.FRAME_TARGET:
-          // Frames are ambient, so disallow reference.
-          return null;
         default:
-          return String(value);
+          return null;
       }
     }

=======================================
--- /trunk/src/com/google/caja/plugin/html-sanitizer.js Thu Aug 5 15:37:50 2010 +++ /trunk/src/com/google/caja/plugin/html-sanitizer.js Fri Aug 6 13:44:11 2010 
@@ -223,7 +223,7 @@
       // End of tag captured in group 3.
       + '|(/?>)'
       // Don't capture cruft
-      + '|.[^\\w\\s>]*)',
+      + '|.[^a-z\\s>]*)',
       'i');

   var OUTSIDE_TAG_TOKEN = new RegExp(
@@ -498,10 +498,12 @@
           }
           if (atype !== null) {
             switch (atype) {
+              case html4.atype.NONE: break;
               case html4.atype.SCRIPT:
               case html4.atype.STYLE:
                 value = null;
                 break;
+              case html4.atype.ID:
               case html4.atype.IDREF:
               case html4.atype.IDREFS:
               case html4.atype.GLOBAL_NAME:
@@ -519,6 +521,9 @@
                 } else {
                   value = null;
                 }
+                break;
+              default:
+                value = null;
                 break;
             }
           } else {

Reply via email to