Mercurial > genshi > mirror
comparison ChangeLog @ 556:0d98569eaced trunk
The HTML sanitizer now strips any CSS comments in style attributes, which could previously be used to hide malicious property values.
| author | cmlenz |
|---|---|
| date | Tue, 03 Jul 2007 20:29:07 +0000 |
| parents | 35dababa28d6 |
| children | c17342ef9efb acf7c5ee36e7 |
comparison
equal
deleted
inserted
replaced
| 553:489a47873950 | 556:0d98569eaced |
|---|---|
| 30 template is loaded (ticket #130). Note that the value for this option can | 30 template is loaded (ticket #130). Note that the value for this option can |
| 31 not be specified as a string, only as an actual function object, which means | 31 not be specified as a string, only as an actual function object, which means |
| 32 it is not available for use through configuration files. | 32 it is not available for use through configuration files. |
| 33 * The I18n filter now extracts messages from gettext functions even inside | 33 * The I18n filter now extracts messages from gettext functions even inside |
| 34 ignored tags (ticket #132). | 34 ignored tags (ticket #132). |
| 35 * The HTML sanitizer now strips any CSS comments in style attributes, which | |
| 36 could previously be used to hide malicious property values. | |
| 35 | 37 |
| 36 | 38 |
| 37 Version 0.4.2 | 39 Version 0.4.2 |
| 38 http://svn.edgewall.org/repos/genshi/tags/0.4.2/ | 40 http://svn.edgewall.org/repos/genshi/tags/0.4.2/ |
| 39 (Jun 20, from branches/stable/0.4.x) | 41 (Jun 20, from branches/stable/0.4.x) |