angular.js/lib, branch v0.9.1 create HTML sanitizer to allow inclusion of untrusted HTML in safe manner. 2010-10-26T20:41:07+00:00 Misko Hevery 2010-10-19T04:20:47+00:00 4fdab3765919e9fffc6d2f84e74754b1012997be Sanitization works in two phases: 1) We parse the HTML into sax-like events (start, end, chars). HTML parsing is very complex, and so it may very well be that what most browser consider valid HTML may not pares properly here, but we do best effort. We treat this parser as untrusted. 2) We have safe sanitizeWriter which treats its input (start, end, chars) as untrusted content and escapes everything. It only allows elements in the whitelist and only allows attributes which are whitelisted. Any attribute value must not start with 'javascript:'. This check is performed after escaping for entity (&xAB; etc..) and ignoring any whitespace. - Correct linky filter to use safeHtmlWriter - Correct html filter to use safeHtmlWriter Close #33; Close #34 
Sanitization works in two phases:
 1) We parse the HTML into sax-like events (start, end, chars).
    HTML parsing is very complex, and so it may very well be that what
    most browser consider valid HTML may not pares properly here,
    but we do best effort. We treat this parser as untrusted.
 2) We have safe sanitizeWriter which treats its input (start, end, chars)
    as untrusted content and escapes everything. It only allows elements
    in the whitelist and only allows attributes which are whitelisted.
    Any attribute value must not start with 'javascript:'. This check
    is performed after escaping for entity (&xAB; etc..) and ignoring
    any whitespace.

 - Correct linky filter to use safeHtmlWriter
 - Correct html filter to use safeHtmlWriter

Close #33; Close #34
Fix issue where directories don't have a slash on the end and allow specifying a different port 2010-10-23T21:22:54+00:00 Elliott Sprehn 2010-10-22T02:24:03+00:00 64063b5d41c5ebac2835a83d9da40974da4d4820 






Fix test which was causing the Chrome runner to fail. Upgraded JSTD to latest. Cleanup whitespace.
2010-10-23T20:12:45+00:00

Misko Hevery

2010-10-23T20:10:42+00:00

6ddcf918610c1dd094a964fc03e129a67f17dfaa












Workaround for http://bugs.jquery.com/ticket/7292
2010-10-23T05:46:51+00:00

Misko Hevery

2010-10-23T05:46:51+00:00

8a867cee229b78f5bfde6a05fdbe0d7d3d608e11












Better nodeserver that implements an HTTP server more completely
2010-10-21T16:26:05+00:00

Elliott Sprehn

2010-10-21T03:26:34+00:00

b41bc98c54502cea070a8ca11b5d267e02f30701












fix some of the failing ie tests
2010-10-21T06:17:59+00:00

Misko Hevery

2010-10-21T06:17:59+00:00

05d4971abb5b8e21c5d33a71771a961c7932206b












upgrade jstd
2010-10-19T23:02:41+00:00

Misko Hevery

2010-10-19T23:02:41+00:00

977cb7e03e8cc81d2a1d05a723b51aa08999e10b












upgraded jasmine to 1.0.1
2010-10-18T04:13:28+00:00

Misko Hevery

2010-10-18T04:12:51+00:00

352dbfa38fca660a80d6fae2c6e810f820247791

Close #63





Close #63







fixed lint warnings and one flaky test
2010-10-15T20:44:53+00:00

Misko Hevery

2010-10-15T20:44:53+00:00

a36964799be3d21163ba6350d862fced2bbd3437












Updated JSTD
2010-10-15T18:58:55+00:00

Misko Hevery

2010-10-15T18:58:55+00:00

d320e3d2c3b72896603a3df3abd26adc0bfa3c10