• Kazuhiko Shiozaki's avatar
    1.4.1-nexedi - 2009-03-03 · 5c5173aa
    Kazuhiko Shiozaki authored
    =========================
    
      * Allowed the abbr, acronym, var, dfn, samp, address, bdo, thead, tfoot,
        col, and colgroup tags by default, since they are harmless, valid XHTML
        and shouldn't be filtered. Fixes:
        http://dev.plone.org/plone/ticket/6712 and
        http://dev.plone.org/plone/ticket/7251
        [limi] (backport from 1.5.5-final)
    
      * Add another XSS fix from for handling extraneous brackets.
      [dunny] (backport from 1.5.3-final)
    
      * Add XSS fixes from Anton Stonor to safe_html transform.
      [alecm, stonor] (backport from 1.5.3-final)
    
      * casting to int is evil without previous check of the type. so we assume as
        in CMFPlone just zero for non-int-castable values.
        [jensens] (backport from 1.5.0-a1)
    
      * the values in the safe_html valid tag dictionary can become strings when
        modifying them via the ZMI. Explicitly convert them to integers before
        testing their value.
        [wichert] (backport from 1.5.0-a1)
    
    
    git-svn-id: https://svn.erp5.org/repos/public/erp5/trunk@25842 20353a03-c40f-0410-a6d1-a30d3c3de9de
    5c5173aa
HISTORY.txt 9.01 KB