Jonathan Frederic
|
b53386b37b
|
Ran function comment conversion tool
|
11 years ago |
Jonathan Frederic
|
2d7a4a7879
|
Some JS test fixes
|
12 years ago |
|
Jonathan Frederic
|
0e9e1dd5a3
|
MWE,
Fixed LOTS of bugs
|
12 years ago |
|
Jonathan Frederic
|
516958ac07
|
Almost done!
Still need to check IPython uses in the widgets.
|
12 years ago |
|
Jonathan Frederic
|
152e23dc76
|
Progress...
|
12 years ago |
MinRK
|
9396619f9d
|
security.js docstrings
|
12 years ago |
|
MinRK
|
46665483ed
|
remove struct-returning sanitize
only keep str-str sanitization
|
12 years ago |
|
MinRK
|
d4780c2cfc
|
remove security.is_safe
|
12 years ago |
|
MinRK
|
d59e44a190
|
default to allow_css = false
|
12 years ago |
|
MinRK
|
4d35660f3c
|
sanitize CSS
rather than removing it entirely
|
12 years ago |
|
MinRK
|
c49f04545a
|
don't use `result.safe` to communicate incomplete information
|
12 years ago |
|
MinRK
|
028ce17c62
|
fix tagName comparison
|
12 years ago |
|
MinRK
|
3897b1c39f
|
don't populate sanitized.safe by default
since it's potentially expensive.
walk nodes in is_safe
|
12 years ago |
|
MinRK
|
367b4f85c2
|
wrap caja.sanitizeAttribs to trust data-* attributes
|
12 years ago |
|
MinRK
|
eec5d427a4
|
add cmp_tree, in case caja log can't be trusted
(spoiler: it can't)
|
12 years ago |
|
MinRK
|
2a0451fdde
|
use google-caja for sanitization
|
12 years ago |
Brian E. Granger
|
07cdb1e195
|
Adding first round of security tests of is_safe.
|
12 years ago |
|
Brian E. Granger
|
fa3f998295
|
Adding security.js with 1st attempt at is_safe.
|
12 years ago |
