Updates:
Labels: -Component-Other Component-Sanitizer
Comment #1 on issue 1922 by [email protected]: Caja does not strip
downlevel-revealed conditional comments [possible fix included]
http://code.google.com/p/google-caja/issues/detail?id=1922
I'm not sure what the issue here is. The stuff is _designed_ to be parsed
as junk tags by non-IE parsers, and in the particular case of Caja they'll
be discarded or rewritten by the whitelist. (Also, in general, when there's
doubt about how Caja should interpret HTML input, we currently prefer to
use the HTML5 / WHATWG rules.)
Is there a case where Caja fails to sanitize/sandbox/render content
properly due to this?
Is there a specific use case for Caja's parser you have in mind that would
benefit? You say you're parsing HTML email, but are you doing something
other than using the Caja sandbox for the results?
--
You received this message because this project is configured to send all
issue notifications to this address.
You may adjust your notification preferences at:
https://code.google.com/hosting/settings
--
---
You received this message because you are subscribed to the Google Groups "Google Caja Discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
