llvm-project

History

Dmitri Gribenko 93043620bc Comment parsing: in the generated XML file, mark HTML that is safe to pass through to the output even if the input comment comes from an untrusted source Attribute filtering is currently based on a blacklist, which right now includes all event handler attributes (they contain JavaScipt code). It should be switched to a whitelist, but going over all of the HTML5 spec requires a significant amount of time. llvm-svn: 206882	2014-04-22 10:59:13 +00:00
..
python	cindex.py: Avoid deprecated function	2014-04-20 01:07:03 +00:00
xml	Comment parsing: in the generated XML file, mark HTML that is safe to pass	2014-04-22 10:59:13 +00:00

Dmitri Gribenko 93043620bc Comment parsing: in the generated XML file, mark HTML that is safe to pass

through to the output even if the input comment comes from an untrusted source

Attribute filtering is currently based on a blacklist, which right now includes
all event handler attributes (they contain JavaScipt code).  It should be
switched to a whitelist, but going over all of the HTML5 spec requires a
significant amount of time.

llvm-svn: 206882

2014-04-22 10:59:13 +00:00

python

cindex.py: Avoid deprecated function

2014-04-20 01:07:03 +00:00

xml

Comment parsing: in the generated XML file, mark HTML that is safe to pass

2014-04-22 10:59:13 +00:00