Mercurial > genshi > mirror
comparison ChangeLog @ 571:f0461dc3939a trunk
* Cleaned up the implementation of the `HTMLSanitizer`.
* The sanitizer now properly strips HTML comments.
author | cmlenz |
---|---|
date | Tue, 17 Jul 2007 10:42:29 +0000 |
parents | c17342ef9efb |
children | 3014f14fc83d |
comparison
equal
deleted
inserted
replaced
569:c17342ef9efb | 571:f0461dc3939a |
---|---|
32 it is not available for use through configuration files. | 32 it is not available for use through configuration files. |
33 * The I18n filter now extracts messages from gettext functions even inside | 33 * The I18n filter now extracts messages from gettext functions even inside |
34 ignored tags (ticket #132). | 34 ignored tags (ticket #132). |
35 * The HTML sanitizer now strips any CSS comments in style attributes, which | 35 * The HTML sanitizer now strips any CSS comments in style attributes, which |
36 could previously be used to hide malicious property values. | 36 could previously be used to hide malicious property values. |
37 * The HTML sanitizer now also removes any HTML comments encountered, as those | |
38 may be used to hide malicious payloads targetting a certain "innovative" | |
39 browser that goes and interprets the content of specially prepared comments. | |
37 * Attribute access in template expressions no longer silently ignores | 40 * Attribute access in template expressions no longer silently ignores |
38 exceptions other than `AttributeError` raised in the attribute accessor. | 41 exceptions other than `AttributeError` raised in the attribute accessor. |
39 | 42 |
40 | 43 |
41 Version 0.4.2 | 44 Version 0.4.2 |