Using the default goals for the PluginCompiler ( PipelineMaker.ONE_CAJOLED_MODULE.with(PipelineMaker.HTML_SAFE_STATIC.with(PipelineMaker.SANITY_CHECK))), I'm getting static html that is mostly namespaced/sandboxed correctly, except for at least one case. If I have <div id='blah' onclick='someFunction();'></div>, the DIV's id is changed to something like id_4___, instead of blah-<idClass>. Only when the cajoled JS is loaded does the id get set correctly using the idClass I provide.
If I don't include the onclick attribute, then the static html is correct by itself. So basically I'm wondering if there is a configuration that will yield safe static html that disregards javascript completely. I figured out that removing "onclick" from the html schema transforms onclick into data-caja-onclick and my DIV id is correct. I could just modify the schema files to remove all attributes related to scripting, but does that cover all cases where cajoled JS is required to render the static html correctly? Is there a better way? As usual, thank you for your time. -- --- You received this message because you are subscribed to the Google Groups "Google Caja Discuss" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
