mirror of
https://github.com/jupyter/notebook.git
synced 2025-01-24 12:05:22 +08:00
don't use result.safe
to communicate incomplete information
This commit is contained in:
parent
028ce17c62
commit
c49f04545a
@ -65,15 +65,17 @@ IPython.security = (function (IPython) {
|
||||
// {
|
||||
// src: original_html,
|
||||
// sanitized: the_sanitized_html,
|
||||
// safe: bool // false if the sanitizer made any changes
|
||||
// _maybe_safe: bool // false if the sanitizer definitely made changes.
|
||||
// This is an incomplete indication,
|
||||
// only used to indicate whether further verification is necessary.
|
||||
// }
|
||||
var result = {
|
||||
src : html,
|
||||
safe : true
|
||||
_maybe_safe : true
|
||||
};
|
||||
var record_messages = function (msg, opts) {
|
||||
console.log("HTML Sanitizer", msg, opts);
|
||||
result.safe = false;
|
||||
result._maybe_safe = false;
|
||||
};
|
||||
|
||||
var html4 = caja.html4;
|
||||
@ -106,8 +108,10 @@ IPython.security = (function (IPython) {
|
||||
|
||||
// caja can strip whole elements without logging,
|
||||
// so double-check that node structure didn't change
|
||||
if (result.safe) {
|
||||
if (result._maybe_safe) {
|
||||
result.safe = cmp_tree($(result.sanitized), $(html));
|
||||
} else {
|
||||
result.safe = false;
|
||||
}
|
||||
return result.safe;
|
||||
};
|
||||
|
Loading…
Reference in New Issue
Block a user