Status: New
Owner: ----
Labels: Type-Defect Priority-Medium Component-Other
New issue 1895 by [email protected]: allow calling sanitizeStylesheet on
style elements
http://code.google.com/p/google-caja/issues/detail?id=1895
What revision of the cajoler exhibits the problem? On what browser and OS?
r5670, using html-css-sanitizer-bundle.js
What steps will reproduce the problem?
1. sanitize HTML with style tags
What is the expected output? What do you see instead?
When CSS sanitization is defined (unless 'undefined' === typeof
parseCssDeclarations), style *attributes* are sanitized via
parseCssDeclarations. It seems logical that style *elements* would be
treated similarly, and sanitized with sanitizeStylesheet if it is defined.
However sanitizeStylesheet is never called.
The default behavior does not seem unreasonable, but the way handlers are
inaccessible behind closures makes it quite difficult to change this
behavior without rewriting the entirety of makeHtmlSanitizer. It seems
logical that the decision returned by tagPolicy should be able to affect
the processing of the content of the element (generically, not just style
elements).
--
You received this message because this project is configured to send all
issue notifications to this address.
You may adjust your notification preferences at:
https://code.google.com/hosting/settings
--
---
You received this message because you are subscribed to the Google Groups "Google Caja Discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/groups/opt_out.
