Mercurial > genshi > genshi-test

diff ChangeLog @ 571:5815ad5f75a4

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
* Cleaned up the implementation of the `HTMLSanitizer`. * The sanitizer now properly strips HTML comments.
author cmlenz
date Tue, 17 Jul 2007 10:42:29 +0000
parents 4cbd8031ed76
children 15a1137ecfd7
line wrap: on
line diff
--- a/ChangeLog
+++ b/ChangeLog
@@ -34,6 +34,9 @@
    ignored tags (ticket #132).
  * The HTML sanitizer now strips any CSS comments in style attributes, which
    could previously be used to hide malicious property values.
+ * The HTML sanitizer now also removes any HTML comments encountered, as those
+   may be used to hide malicious payloads targetting a certain "innovative"
+   browser that goes and interprets the content of specially prepared comments.
  * Attribute access in template expressions no longer silently ignores
    exceptions other than `AttributeError` raised in the attribute accessor.
Copyright (C) 2012-2017 Edgewall Software