Show More
| @@ -17,6 +17,27 b' IPython.security = (function (IPython) {' | |||||
| 17 |
|
17 | |||
| 18 | var noop = function (x) { return x; }; |
|
18 | var noop = function (x) { return x; }; | |
| 19 |
|
19 | |||
|
|
20 | var cmp_tree = function (a, b) { | |||
|
|
21 | // compare two HTML trees | |||
|
|
22 | // only checks the tag structure is preserved, | |||
|
|
23 | // not any attributes or contents | |||
|
|
24 | if (a.length !== b.length) { | |||
|
|
25 | return false; | |||
|
|
26 | } | |||
|
|
27 | ||||
|
|
28 | for (var i = a.length - 1; i >= 0; i--) { | |||
|
|
29 | if (a[i].tagName && b[i].tagName && a[i].tagName.toLowerCase() != b[i].tagName.toLowerCase()) { | |||
|
|
30 | return false; | |||
|
|
31 | } | |||
|
|
32 | } | |||
|
|
33 | var ac = a.children(); | |||
|
|
34 | var bc = b.children(); | |||
|
|
35 | if (ac.length === 0 && bc.length === 0) { | |||
|
|
36 | return true; | |||
|
|
37 | } | |||
|
|
38 | return cmp_tree(ac, bc); | |||
|
|
39 | }; | |||
|
|
40 | ||||
| 20 | var sanitize = function (html, log) { |
|
41 | var sanitize = function (html, log) { | |
| 21 | // sanitize HTML |
|
42 | // sanitize HTML | |
| 22 | // returns a struct of |
|
43 | // returns a struct of | |
| @@ -34,6 +55,11 b' IPython.security = (function (IPython) {' | |||||
| 34 | result.safe = false; |
|
55 | result.safe = false; | |
| 35 | }; |
|
56 | }; | |
| 36 | result.sanitized = window.html_sanitize(html, noop, noop, record_messages); |
|
57 | result.sanitized = window.html_sanitize(html, noop, noop, record_messages); | |
|
|
58 | // caja can strip whole elements without logging, | |||
|
|
59 | // so double-check that node structure didn't change | |||
|
|
60 | if (result.safe) { | |||
|
|
61 | result.safe = cmp_tree($(result.sanitized), $(result.src)); | |||
|
|
62 | } | |||
| 37 | return result; |
|
63 | return result; | |
| 38 | }; |
|
64 | }; | |
| 39 |
|
65 | |||
General Comments 0
You need to be logged in to leave comments.
Login now