Mercurial > genshi > mirror
diff ChangeLog @ 572:af249466c97e stable-0.4.x 0.4.3
Ported [682] to 0.4.x branch.
author | cmlenz |
---|---|
date | Tue, 17 Jul 2007 10:47:21 +0000 |
parents | 6058b239ebad |
children | 13244156cf01 |
line wrap: on
line diff
--- a/ChangeLog +++ b/ChangeLog @@ -13,6 +13,9 @@ ignored tags (ticket #132). * The HTML sanitizer now strips any CSS comments in style attributes, which could previously be used to hide malicious property values. + * The HTML sanitizer now also removes any HTML comments encountered, as those + may be used to hide malicious payloads targetting a certain "innovative" + browser that goes and interprets the content of specially prepared comments. * Attribute access in template expressions no longer silently ignores exceptions other than `AttributeError` raised in the attribute accessor.