| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2011-03-28 | fixing lint warnings | Igor Minar | |
| 2011-02-04 | smarter normalization of value on option, and htmlParser fixes | Misko Hevery | |
| 2011-02-03 | fixed population of value attribute on option | Misko Hevery | |
| The value attribute must be populated manually, since different browsers default to different value of option when not explicitly defined. | |||
| 2011-01-24 | fixed example rendering, add tests for it. | Misko Hevery | |
| 2010-12-03 | Fix sanitization issues as suggested by evn | Misko Hevery | |
| 2010-11-29 | Fixed sanitization | Misko Hevery | |
| * explicitly require full URLs (ftp|https?://...) * list the URI attributes * remove a lot of unneeded attributes | |||
| 2010-10-26 | create HTML sanitizer to allow inclusion of untrusted HTML in safe manner. | Misko Hevery | |
| Sanitization works in two phases: 1) We parse the HTML into sax-like events (start, end, chars). HTML parsing is very complex, and so it may very well be that what most browser consider valid HTML may not pares properly here, but we do best effort. We treat this parser as untrusted. 2) We have safe sanitizeWriter which treats its input (start, end, chars) as untrusted content and escapes everything. It only allows elements in the whitelist and only allows attributes which are whitelisted. Any attribute value must not start with 'javascript:'. This check is performed after escaping for entity (&xAB; etc..) and ignoring any whitespace. - Correct linky filter to use safeHtmlWriter - Correct html filter to use safeHtmlWriter Close #33; Close #34 | |||
 |
index : angular.js | |
| aboutsummaryrefslogtreecommitdiffstats |