From 9396619f9dd2b77ec728c02a4889035e671fff08 Mon Sep 17 00:00:00 2001
From: MinRK <benjaminrk@gmail.com>
Date: Tue, 4 Mar 2014 15:38:11 -0800
Subject: [PATCH] security.js docstrings

---
 IPython/html/static/base/js/security.js | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/IPython/html/static/base/js/security.js b/IPython/html/static/base/js/security.js
index 7552d23de..ecdcb5b8a 100644
--- a/IPython/html/static/base/js/security.js
+++ b/IPython/html/static/base/js/security.js
@@ -25,7 +25,8 @@ IPython.security = (function (IPython) {
     }
     
     var sanitizeAttribs = function (tagName, attribs, opt_naiveUriRewriter, opt_nmTokenPolicy, opt_logger) {
-        // wrap sanitizeAttribs into trusting data-attributes
+        // add trusting data-attributes to the default sanitizeAttribs from caja
+        // this function is mostly copied from the caja source
         var ATTRIBS = caja.html4.ATTRIBS;
         for (var i = 0; i < attribs.length; i += 2) {
             var attribName = attribs[i];
@@ -40,6 +41,9 @@ IPython.security = (function (IPython) {
     };
     
     var sanitize_css = function (css, tagPolicy) {
+        // sanitize CSS
+        // like sanitize_html, but for CSS
+        // called by sanitize_stylesheets
         return caja.sanitizeStylesheet(
             window.location.pathname,
             css,
@@ -54,6 +58,8 @@ IPython.security = (function (IPython) {
     };
     
     var sanitize_stylesheets = function (html, tagPolicy) {
+        // sanitize just the css in style tags in a block of html
+        // called by sanitize_html, if allow_css is true
         var h = $("<div/>").append(html);
         var style_tags = h.find("style");
         if (!style_tags.length) {