[Caja] Re: Add support to domita.js for myDomElement.style.cssText = '...'; (issue1862052)

mikesamuel Tue, 10 Aug 2010 21:38:11 -0700


http://codereview.appspot.com/1862052/diff/3001/4003
File src/com/google/caja/plugin/domita.js (right):


http://codereview.appspot.com/1862052/diff/3001/4003#newcode3619
src/com/google/caja/plugin/domita.js:3619: /**
http://www.w3.org/TR/DOM-Level-2-Style/css.html#CSS-CSSStyleDeclaration
*/
On 2010/08/10 21:29:41, jasvir wrote:

wrap


Done.

http://codereview.appspot.com/1862052/diff/3001/4002
File tests/com/google/caja/plugin/domita_test_untrusted.html (right):

http://codereview.appspot.com/1862052/diff/3001/4002#newcode2360
tests/com/google/caja/plugin/domita_test_untrusted.html:2360:
assertEquals('wait', cursor(el));
On 2010/08/10 21:29:41, jasvir wrote:

Can we add a test case for el.style.cssText = 'cssText: "cursor:wait"'

and

ensure that this fails.  I suspect this does since cssText is not

whitelisted

but I'd like to ensure that css whitelists can't be worked around

using aliases

that group css properties like this one.


Done.

http://codereview.appspot.com/1862052/show

[Caja] Re: Add support to domita.js for myDomElement.style.cssText = '...'; (issue1862052)

Reply via email to