Status: New
Owner: ----
Labels: Type-Defect Priority-Medium Component-Other
New issue 1893 by [email protected]: uriPolicy.mitigate() does not
actually prevent mitigation
http://code.google.com/p/google-caja/issues/detail?id=1893
Using uriPolicy.mitigate, and returning a valid pre-mitigated version of
the requested resource does not prevent further mitigation.
I believe the issue is 'rewriteFunctionCalls' is defaulted to true when not
defined (startSES:resolveOptions), and
html-emitter:evaluateUntrustedExternalScript does not set a value.
--
You received this message because this project is configured to send all
issue notifications to this address.
You may adjust your notification preferences at:
https://code.google.com/hosting/settings
--
---
You received this message because you are subscribed to the Google Groups "Google Caja Discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/groups/opt_out.
