Mercurial > genshi > mirror

diff ChangeLog @ 572:af249466c97e stable-0.4.x 0.4.3

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Ported [682] to 0.4.x branch.
author cmlenz
date Tue, 17 Jul 2007 10:47:21 +0000
parents 6058b239ebad
children 13244156cf01
line wrap: on
line diff
--- a/ChangeLog
+++ b/ChangeLog
@@ -13,6 +13,9 @@
    ignored tags (ticket #132).
  * The HTML sanitizer now strips any CSS comments in style attributes, which
    could previously be used to hide malicious property values.
+ * The HTML sanitizer now also removes any HTML comments encountered, as those
+   may be used to hide malicious payloads targetting a certain "innovative"
+   browser that goes and interprets the content of specially prepared comments.
  * Attribute access in template expressions no longer silently ignores
    exceptions other than `AttributeError` raised in the attribute accessor.
Copyright (C) 2012-2017 Edgewall Software