Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

sanitizer does not normalize tagName or attribute #49

Closed
bantic opened this issue Mar 2, 2017 · 0 comments · Fixed by #50
Closed

sanitizer does not normalize tagName or attribute #49

bantic opened this issue Mar 2, 2017 · 0 comments · Fixed by #50
Assignees
@bantic

Comments

@bantic
Copy link
Contributor

bantic commented Mar 2, 2017

The existing sanitizer doesn't lower-case tagName and attributeName before comparing, so the following markup will be sanitized: ['a', ['href', 'javascript:evil']] but these won't: ['A', ['href', 'javascript:evil']] and ['a', ['HREF', 'javascript:evil']]
@bantic bantic self-assigned this Mar 2, 2017
bantic added a commit that referenced this issue Mar 2, 2017
@bantic
downcase tagName and attributeName when sanitizing
4462308 
fixes #49
bantic added a commit that referenced this issue Mar 2, 2017
@bantic
Accept markupSanitizer option, downcase tagName and attributeName
b51fb85 
Add npm 'start' script, note in readme how to run tests in browser.
Refactor tests to be more DRY (use mobiledoc creation helpers).
Refactor renderers to share more helper functions.
Refactor renderer shape to remove some conditionals

fixes #49
fixes #48
bantic added a commit that referenced this issue Mar 2, 2017
@bantic
Accept markupSanitizer option, downcase tagName and attributeName
63c187d 
Add npm 'start' script, note in readme how to run tests in browser.
Refactor tests to be more DRY (use mobiledoc creation helpers).
Refactor renderers to share more helper functions.
Refactor renderer shape to remove some conditionals (adds
`#sectionElementRendererFor` and `#markupElementRendererFor`).

fixes #49
fixes #48
@bantic bantic mentioned this issue Mar 2, 2017
Merged
bantic added a commit that referenced this issue Mar 6, 2017
@bantic
Accept markupSanitizer option, downcase tagName and attributeName
2c5d7b8 
Add npm 'start' script, note in readme how to run tests in browser.
Refactor tests to be more DRY (use mobiledoc creation helpers).
Refactor renderers to share more helper functions.
Refactor renderer shape to remove some conditionals (adds
`#sectionElementRendererFor` and `#markupElementRendererFor`).

fixes #49
fixes #48
bantic added a commit that referenced this issue Mar 6, 2017
@bantic
Accept markupSanitizer option, downcase tagName and attributeName
1815c4d 
Add npm 'start' script, note in readme how to run tests in browser.
Refactor tests to be more DRY (use mobiledoc creation helpers).
Refactor renderers to share more helper functions.
Refactor renderer shape to remove some conditionals (adds
`#sectionElementRendererFor` and `#markupElementRendererFor`).

fixes #49
fixes #48
@bantic bantic closed this as completed in #50 Mar 6, 2017
bantic added a commit that referenced this issue Mar 6, 2017
@bantic
fix(href-sanitization): Accept markupSanitizer option, downcase tagNa…
aa1aedc 
…me and attributeName (#50)

Add npm 'start' script, note in readme how to run tests in browser.
Refactor tests to be more DRY (use mobiledoc creation helpers).
Refactor renderers to share more helper functions.
Refactor renderer shape to remove some conditionals (adds
`#sectionElementRendererFor` and `#markupElementRendererFor`).

fixes #49
fixes #48
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@bantic bantic

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Accept markupSanitizer option, downcase tagName and attributeName bustle/mobiledoc-dom-renderer
1 participant
@bantic