On 10/4/12 7:49 PM, kcrisman wrote:
On Thursday, October 4, 2012 5:50:25 PM UTC-4, jason wrote:
(apologies for possible multiple posts--I've sent this twice to gmane
and it hasn't appeared)
I've implemented some sanitizing of public worksheets [1] and
applied it
to demo.sagenb.org <http://demo.sagenb.org> as a test. The concerns
from before were that
javascript was executing on the page, leading to malware being on
the page.
return text.replace('<', '<')
Wow, what a hammer; so does that just mean all the html structure
becomes visible? (In the event that branch is reached.)
Yep. I figure that's better than just returning an empty string. Do
you think an empty string is better? Note that this would only be for
output in an <html> block.
Thanks,
Jason
--
You received this message because you are subscribed to the Google Groups
"sage-devel" group.
To post to this group, send email to sage-devel@googlegroups.com.
To unsubscribe from this group, send email to
sage-devel+unsubscr...@googlegroups.com.
Visit this group at http://groups.google.com/group/sage-devel?hl=en.
