lgtm
https://codereview.appspot.com/12699046/diff/1/src/com/google/caja/plugin/domado.js
File src/com/google/caja/plugin/domado.js (right):
https://codereview.appspot.com/12699046/diff/1/src/com/google/caja/plugin/domado.js#newcode4679
src/com/google/caja/plugin/domado.js:4679:
sanitizeCssProperty(cssPropertyName, tokens);
This looks fine. No need for URL rewriting stuff.
https://codereview.appspot.com/12699046/diff/1/src/com/google/caja/plugin/domado.js#newcode4683
src/com/google/caja/plugin/domado.js:4683: return
sanitizeCssValue('font', value);
Cool.
https://codereview.appspot.com/12699046/diff/1/src/com/google/caja/plugin/domado.js#newcode4691
src/com/google/caja/plugin/domado.js:4691: if
(/\binherit\b/.test(style)) { return ''; }
I believe the way we sanitize functions, tokens.length should be 1
because a color is either a hash token, or an rgb function call or a
call to rgba, so you could filter too if you passed a predicate that
examined the token list to sanitizeCssValue.
https://codereview.appspot.com/12699046/
--
---
You received this message because you are subscribed to the Google Groups "Google Caja Discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/groups/opt_out.
