From 50c170b59e765ca1cbbf3f194e654a7edba01af2 2014-03-04 00:10:17 From: MinRK Date: 2014-03-04 00:10:17 Subject: [PATCH] add cmp_tree, in case caja log can't be trusted (spoiler: it can't) --- diff --git a/IPython/html/static/base/js/security.js b/IPython/html/static/base/js/security.js index 183b4c5..96a0e75 100644 --- a/IPython/html/static/base/js/security.js +++ b/IPython/html/static/base/js/security.js @@ -17,6 +17,27 @@ IPython.security = (function (IPython) { var noop = function (x) { return x; }; + var cmp_tree = function (a, b) { + // compare two HTML trees + // only checks the tag structure is preserved, + // not any attributes or contents + if (a.length !== b.length) { + return false; + } + + for (var i = a.length - 1; i >= 0; i--) { + if (a[i].tagName && b[i].tagName && a[i].tagName.toLowerCase() != b[i].tagName.toLowerCase()) { + return false; + } + } + var ac = a.children(); + var bc = b.children(); + if (ac.length === 0 && bc.length === 0) { + return true; + } + return cmp_tree(ac, bc); + }; + var sanitize = function (html, log) { // sanitize HTML // returns a struct of @@ -34,6 +55,11 @@ IPython.security = (function (IPython) { result.safe = false; }; result.sanitized = window.html_sanitize(html, noop, noop, record_messages); + // caja can strip whole elements without logging, + // so double-check that node structure didn't change + if (result.safe) { + result.safe = cmp_tree($(result.sanitized), $(result.src)); + } return result; };