https://codereview.appspot.com/10892043/diff/1/src/com/google/caja/plugin/sanitizecss.js
File src/com/google/caja/plugin/sanitizecss.js (right):
https://codereview.appspot.com/10892043/diff/1/src/com/google/caja/plugin/sanitizecss.js#newcode320
src/com/google/caja/plugin/sanitizecss.js:320: * When a "compound"
or "complex" selector
Why is this not "When a selector..."? Attribute selectors may be
untranslatable and are themselves neither complex nor compound according
to the definitions given.
https://codereview.appspot.com/10892043/diff/1/src/com/google/caja/plugin/sanitizecss.js#newcode321
src/com/google/caja/plugin/sanitizecss.js:321: * (see
dev.w3.org/csswg/selectors4/#structure)
Please add http:// so that this is more programmatically recognizable as
a URL.
https://codereview.appspot.com/10892043/diff/1/src/com/google/caja/plugin/sanitizecss.js#newcode359
src/com/google/caja/plugin/sanitizecss.js:359: // affect others.
...except as directed by opt_onUntranslatableSelector.
https://codereview.appspot.com/10892043/diff/1/src/com/google/caja/plugin/sanitizecss.js#newcode535
src/com/google/caja/plugin/sanitizecss.js:535: // We disallow absolute
positions relative to html.
Is this special case necessary any longer? Mentions of "html" will be
either virtualized or (in a future iframe-using world) entirely correct.
If there is a browser bug this avoids, please mention it.
Also, I notice that elSelector is never assigned anything but '', so
this code is broken — please look at whether this is indicating some
further confusion.
https://codereview.appspot.com/10892043/
--
---
You received this message because you are subscribed to the Google Groups "Google Caja Discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/groups/opt_out.
