The proposal to merge lp:~openerp-dev/openobject-server/7.0-sanitize-template-tde into lp:openobject-server/7.0 has been updated.
Description changed to: [IMP] HTML Sanitizer upgrade. Make it more tolerant to allow using style. Server branch: html_sanitize now uses the builtin cleaner of lxml.html.clean. Style attribute is now allowed; the cleaner ensures no javascript or malicious code goes through those attributes. The old code is replaced by the use of the cleaner, called inside the current html_sanitize function. Updated and added tests for the sanitizer. Malicious code injection is tested (mainly XSS). EDI-like html code is also tested. For more details, see: https://code.launchpad.net/~openerp-dev/openobject-server/7.0-sanitize-template-tde/+merge/141270 -- https://code.launchpad.net/~openerp-dev/openobject-server/7.0-sanitize-template-tde/+merge/141270 Your team OpenERP R&D Team is subscribed to branch lp:~openerp-dev/openobject-server/7.0-sanitize-template-tde. _______________________________________________ Mailing list: https://launchpad.net/~openerp-dev-gtk Post to : openerp-dev-gtk@lists.launchpad.net Unsubscribe : https://launchpad.net/~openerp-dev-gtk More help : https://help.launchpad.net/ListHelp
