Comment #5 on issue 1669 by [email protected]: querySelector handles
selector sanitization poorly
http://code.google.com/p/google-caja/issues/detail?id=1669
mikesamuel, please don't think about this as “to generate node lists”, but
only in terms of the API for the CSS sanitizer.
What we need here is for the CSS sanitizer to distinguish the following
cases that it currently conflates — that is, it should give a result code
or other information sufficient to distinguish the good case:
1. The selector was fine, and has been rewritten appropriately.
from the bad cases:
2. Non-whitelisted/supported constructs have been discarded (the list
of selectors has been shortened).
3. There was a syntax error.
(I have the feeling there is value in distinguishing 2 and 3 but I'm not
sure they apply to this scenario.) Looking at it this way, I propose
specifically that the CSS selector sanitizer grow a _logging_ interface, 2
being a "warning"(like?) message and 3 being an "error" message. Then
querySelectorAll implements the needed behavior by throwing a syntax
exception if the log is nonempty.
The advantage of this is that we can then also provide the log for
troubleshooting of stylesheets by content authors.
--
You received this message because this project is configured to send all
issue notifications to this address.
You may adjust your notification preferences at:
https://code.google.com/hosting/settings
--
---
You received this message because you are subscribed to the Google Groups "Google Caja Discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/groups/opt_out.
