Show More
| @@ -17,6 +17,27 b' IPython.security = (function (IPython) {' | |||
|
|
17 | 17 | |
|
|
18 | 18 | var noop = function (x) { return x; }; |
|
|
19 | 19 | |
|
|
20 | var cmp_tree = function (a, b) { | |
|
|
21 | // compare two HTML trees | |
|
|
22 | // only checks the tag structure is preserved, | |
|
|
23 | // not any attributes or contents | |
|
|
24 | if (a.length !== b.length) { | |
|
|
25 | return false; | |
|
|
26 | } | |
|
|
27 | ||
|
|
28 | for (var i = a.length - 1; i >= 0; i--) { | |
|
|
29 | if (a[i].tagName && b[i].tagName && a[i].tagName.toLowerCase() != b[i].tagName.toLowerCase()) { | |
|
|
30 | return false; | |
|
|
31 | } | |
|
|
32 | } | |
|
|
33 | var ac = a.children(); | |
|
|
34 | var bc = b.children(); | |
|
|
35 | if (ac.length === 0 && bc.length === 0) { | |
|
|
36 | return true; | |
|
|
37 | } | |
|
|
38 | return cmp_tree(ac, bc); | |
|
|
39 | }; | |
|
|
40 | ||
|
|
20 | 41 | var sanitize = function (html, log) { |
|
|
21 | 42 | // sanitize HTML |
|
|
22 | 43 | // returns a struct of |
| @@ -34,6 +55,11 b' IPython.security = (function (IPython) {' | |||
|
|
34 | 55 | result.safe = false; |
|
|
35 | 56 | }; |
|
|
36 | 57 | result.sanitized = window.html_sanitize(html, noop, noop, record_messages); |
|
|
58 | // caja can strip whole elements without logging, | |
|
|
59 | // so double-check that node structure didn't change | |
|
|
60 | if (result.safe) { | |
|
|
61 | result.safe = cmp_tree($(result.sanitized), $(result.src)); | |
|
|
62 | } | |
|
|
37 | 63 | return result; |
|
|
38 | 64 | }; |
|
|
39 | 65 | |
General Comments 0
You need to be logged in to leave comments.
Login now