[Caja] Re: Add support to domita.js for myDomElement.style.cssText = '...'; (issue1862052)

jasvir Tue, 10 Aug 2010 14:29:44 -0700

LGTM


http://codereview.appspot.com/1862052/diff/3001/4003
File src/com/google/caja/plugin/domita.js (right):

http://codereview.appspot.com/1862052/diff/3001/4003#newcode3619
src/com/google/caja/plugin/domita.js:3619: /**
http://www.w3.org/TR/DOM-Level-2-Style/css.html#CSS-CSSStyleDeclaration
*/
wrap

http://codereview.appspot.com/1862052/diff/3001/4002
File tests/com/google/caja/plugin/domita_test_untrusted.html (right):

http://codereview.appspot.com/1862052/diff/3001/4002#newcode2360
tests/com/google/caja/plugin/domita_test_untrusted.html:2360:
assertEquals('wait', cursor(el));
Can we add a test case for el.style.cssText = 'cssText: "cursor:wait"'
and ensure that this fails.  I suspect this does since cssText is not
whitelisted but I'd like to ensure that css whitelists can't be worked
around using aliases that group css properties like this one.

http://codereview.appspot.com/1862052/show

[Caja] Re: Add support to domita.js for myDomElement.style.cssText = '...'; (issue1862052)

Reply via email to