Show More
| @@ -65,15 +65,17 b' IPython.security = (function (IPython) {' | |||
|
|
65 | 65 | // { |
|
|
66 | 66 | // src: original_html, |
|
|
67 | 67 | // sanitized: the_sanitized_html, |
|
|
68 |
// safe: bool // false if the sanitizer |
|
|
|
68 | // _maybe_safe: bool // false if the sanitizer definitely made changes. | |
|
|
69 | // This is an incomplete indication, | |
|
|
70 | // only used to indicate whether further verification is necessary. | |
|
|
69 | 71 | // } |
|
|
70 | 72 | var result = { |
|
|
71 | 73 | src : html, |
|
|
72 | safe : true | |
|
|
74 | _maybe_safe : true | |
|
|
73 | 75 | }; |
|
|
74 | 76 | var record_messages = function (msg, opts) { |
|
|
75 | 77 | console.log("HTML Sanitizer", msg, opts); |
|
|
76 | result.safe = false; | |
|
|
78 | result._maybe_safe = false; | |
|
|
77 | 79 | }; |
|
|
78 | 80 | |
|
|
79 | 81 | var html4 = caja.html4; |
| @@ -106,8 +108,10 b' IPython.security = (function (IPython) {' | |||
|
|
106 | 108 | |
|
|
107 | 109 | // caja can strip whole elements without logging, |
|
|
108 | 110 | // so double-check that node structure didn't change |
|
|
109 | if (result.safe) { | |
|
|
111 | if (result._maybe_safe) { | |
|
|
110 | 112 | result.safe = cmp_tree($(result.sanitized), $(html)); |
|
|
113 | } else { | |
|
|
114 | result.safe = false; | |
|
|
111 | 115 | } |
|
|
112 | 116 | return result.safe; |
|
|
113 | 117 | }; |
General Comments 0
You need to be logged in to leave comments.
Login now