Reviewers: kpreid2,
Description:
Modern browsers all implement history-sniff protection in basically
the same way Caja does, so this CL deletes the code in Caja.
This CL is for the es53 branch, because the java css sanitizer
is deleted in trunk. I'll port this to trunk in a separate CL.
css-stylesheet-tests.js has some error messages added. This is because
I moved an assertNoErrors() statement in CssRewriterTest.
Previously, CssRewriterTest only checked error messages if
css-stylesheet-tests declared a "messages" element.
I felt uncomfortable about swallowing unexpected errors,
so I modified it to always check errors, whether or not "messages"
is specified.
test-domado-special-guest had a testcase that checks that history
sniffing doesn't work. In principle, we could keep this test and
check the browser's history-sniffing defense. In practice, this
was a really complicated change, because the imaginary computed
style returned by Caja was nontrivially different from the
imaginary computed style returned by browsers. After spending
too long trying to fix the test, I decided to just delete it
instead, since it's not really checking Caja code.
Please review this at https://codereview.appspot.com/33640043/
Affected files (+139, -637 lines):
M src/com/google/caja/lang/css/CssPropBit.java
M src/com/google/caja/lang/css/CssPropertyPatterns.java
M src/com/google/caja/plugin/CssRewriter.java
D src/com/google/caja/plugin/LinkStyleWhitelist.java
M src/com/google/caja/plugin/domado.js
M src/com/google/caja/plugin/sanitizecss.js
M tests/com/google/caja/plugin/CssRewriterTest.java
M tests/com/google/caja/plugin/css-stylesheet-tests.js
M tests/com/google/caja/plugin/sanitizecss_test.js
M tests/com/google/caja/plugin/test-domado-special-guest.html
M tests/com/google/caja/plugin/test-domado-special-initial-state.html
--
---
You received this message because you are subscribed to the Google Groups "Google Caja Discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/groups/opt_out.
