-
Kazuhiko Shiozaki authored
========================= * Allowed the abbr, acronym, var, dfn, samp, address, bdo, thead, tfoot, col, and colgroup tags by default, since they are harmless, valid XHTML and shouldn't be filtered. Fixes: http://dev.plone.org/plone/ticket/6712 and http://dev.plone.org/plone/ticket/7251 [limi] (backport from 1.5.5-final) * Add another XSS fix from for handling extraneous brackets. [dunny] (backport from 1.5.3-final) * Add XSS fixes from Anton Stonor to safe_html transform. [alecm, stonor] (backport from 1.5.3-final) * casting to int is evil without previous check of the type. so we assume as in CMFPlone just zero for non-int-castable values. [jensens] (backport from 1.5.0-a1) * the values in the safe_html valid tag dictionary can become strings when modifying them via the ZMI. Explicitly convert them to integers before testing their value. [wichert] (backport from 1.5.0-a1) git-svn-id: https://svn.erp5.org/repos/public/erp5/trunk@25842 20353a03-c40f-0410-a6d1-a30d3c3de9de
5c5173aa