Comment parsing: in the generated XML file, mark HTML that is safe to pass

through to the output even if the input comment comes from an untrusted source Attribute filtering is currently based on a blacklist, which right now includes all event handler attributes (they contain JavaScipt code). It should be switched to a whitelist, but going over all of the HTML5 spec requires a significant amount of time. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@206882 91177308-0d34-0410-b5e6-96231b3b80d8
author: Dmitri Gribenko <gribozavr@gmail.com> 2014-04-22 10:59:13 +0000
committer: Dmitri Gribenko <gribozavr@gmail.com> 2014-04-22 10:59:13 +0000
commit: e36bbd1eec01bfb06927de7791ec13135198fa68 (patch)
tree: 2a00df55fdd92ced2765d39d9cd44ff7cd2ca60d /bindings
parent: 059bec7acc616e2fd9e39ccbfdb8c363cc5b719c (diff)
1 files changed, 6 insertions, 0 deletions
diff --git a/bindings/xml/comment-xml-schema.rng b/bindings/xml/comment-xml-schema.rng
index a8913a360b..29a91bf674 100644
--- a/bindings/xml/comment-xml-schema.rng
+++ b/bindings/xml/comment-xml-schema.rng
@@ -580,6 +580,12 @@
         </data>
       </element>
       <element name="rawHTML">
+        <optional>
+          <!-- If not specified, the default value is 'false'. -->
+          <attribute name="isSafeToPassThrough">
+            <data type="boolean" />
+          </attribute>
+        </optional>
         <!-- Non-empty text content. -->
         <data type="string">
           <param name="pattern">.*\S.*</param>
author	Dmitri Gribenko <gribozavr@gmail.com>	2014-04-22 10:59:13 +0000
committer	Dmitri Gribenko <gribozavr@gmail.com>	2014-04-22 10:59:13 +0000
commit	e36bbd1eec01bfb06927de7791ec13135198fa68 (patch)
tree	2a00df55fdd92ced2765d39d9cd44ff7cd2ca60d /bindings
parent	059bec7acc616e2fd9e39ccbfdb8c363cc5b719c (diff)