Mercurial > genshi > mirror
comparison ChangeLog @ 571:f0461dc3939a trunk
* Cleaned up the implementation of the `HTMLSanitizer`.
* The sanitizer now properly strips HTML comments.
| author | cmlenz |
|---|---|
| date | Tue, 17 Jul 2007 10:42:29 +0000 |
| parents | c17342ef9efb |
| children | 3014f14fc83d |
comparison
equal
deleted
inserted
replaced
| 569:c17342ef9efb | 571:f0461dc3939a |
|---|---|
| 32 it is not available for use through configuration files. | 32 it is not available for use through configuration files. |
| 33 * The I18n filter now extracts messages from gettext functions even inside | 33 * The I18n filter now extracts messages from gettext functions even inside |
| 34 ignored tags (ticket #132). | 34 ignored tags (ticket #132). |
| 35 * The HTML sanitizer now strips any CSS comments in style attributes, which | 35 * The HTML sanitizer now strips any CSS comments in style attributes, which |
| 36 could previously be used to hide malicious property values. | 36 could previously be used to hide malicious property values. |
| 37 * The HTML sanitizer now also removes any HTML comments encountered, as those | |
| 38 may be used to hide malicious payloads targetting a certain "innovative" | |
| 39 browser that goes and interprets the content of specially prepared comments. | |
| 37 * Attribute access in template expressions no longer silently ignores | 40 * Attribute access in template expressions no longer silently ignores |
| 38 exceptions other than `AttributeError` raised in the attribute accessor. | 41 exceptions other than `AttributeError` raised in the attribute accessor. |
| 39 | 42 |
| 40 | 43 |
| 41 Version 0.4.2 | 44 Version 0.4.2 |