From f864d432a57b1d59f4827a8236ba51e47cde6381 2014-03-04 00:10:19
From: MinRK <benjaminrk@gmail.com>
Date: 2014-03-04 00:10:19
Subject: [PATCH] don't use `result.safe` to communicate incomplete information

---

diff --git a/IPython/html/static/base/js/security.js b/IPython/html/static/base/js/security.js
index a9d8504..3ccdeb6 100644
--- a/IPython/html/static/base/js/security.js
+++ b/IPython/html/static/base/js/security.js
@@ -65,15 +65,17 @@ IPython.security = (function (IPython) {
         // {
         //   src: original_html,
         //   sanitized: the_sanitized_html,
-        //   safe: bool // false if the sanitizer made any changes
+        //   _maybe_safe: bool // false if the sanitizer definitely made changes.
+        //                        This is an incomplete indication,
+        //                        only used to indicate whether further verification is necessary.
         // }
         var result = {
             src : html,
-            safe : true
+            _maybe_safe : true
         };
         var record_messages = function (msg, opts) {
             console.log("HTML Sanitizer", msg, opts);
-            result.safe = false;
+            result._maybe_safe = false;
         };
         
         var html4 = caja.html4;
@@ -106,8 +108,10 @@ IPython.security = (function (IPython) {
         
         // caja can strip whole elements without logging,
         // so double-check that node structure didn't change
-        if (result.safe) {
+        if (result._maybe_safe) {
             result.safe = cmp_tree($(result.sanitized), $(html));
+        } else {
+            result.safe = false;
         }
         return result.safe;
     };