##// END OF EJS Templates
don't populate sanitized.safe by default...
MinRK -
Show More
@@ -92,11 +92,6 b' IPython.security = (function (IPython) {'
92 };
92 };
93
93
94 result.sanitized = caja.sanitizeWithPolicy(html, policy);
94 result.sanitized = caja.sanitizeWithPolicy(html, policy);
95 // caja can strip whole elements without logging,
96 // so double-check that node structure didn't change
97 if (result.safe) {
98 result.safe = cmp_tree($(result.sanitized), $(result.src));
99 }
100 return result;
95 return result;
101 };
96 };
102
97
@@ -107,7 +102,14 b' IPython.security = (function (IPython) {'
107
102
108 var is_safe = function (html) {
103 var is_safe = function (html) {
109 // just return bool for whether an HTML string is safe
104 // just return bool for whether an HTML string is safe
110 return sanitize(html).safe;
105 var result = sanitize(html);
106
107 // caja can strip whole elements without logging,
108 // so double-check that node structure didn't change
109 if (result.safe) {
110 result.safe = cmp_tree($(result.sanitized), $(html));
111 }
112 return result.safe;
111 };
113 };
112
114
113 return {
115 return {
General Comments 0
You need to be logged in to leave comments. Login now