From 6677b46cb40477f82b86ad6e30be957a3f216e2e Mon Sep 17 00:00:00 2001 From: Jacques Distler Date: Sun, 23 May 2010 23:22:45 -0500 Subject: [PATCH] A few more additions for the Sanitizer --- lib/sanitizer.rb | 15 ++++++++------- public/svg-edit/editor/svgcanvas.js | 5 +++-- 2 files changed, 11 insertions(+), 9 deletions(-) diff --git a/lib/sanitizer.rb b/lib/sanitizer.rb index 43e69b40..e89cf812 100644 --- a/lib/sanitizer.rb +++ b/lib/sanitizer.rb @@ -12,7 +12,7 @@ module Sanitizer acceptable_elements = Set.new %w[a abbr acronym address area article aside audio b big blockquote br button canvas caption center cite code - col colgroup command dd del details dfn dialog dir div dl dt + col colgroup command datalist dd del details dfn dialog dir div dl dt em fieldset figcaption figure font footer form h1 h2 h3 h4 h5 h6 header hgroup hr i img input ins kbd label legend li map mark menu meter nav ol optgroup option p pre progress q rp rt ruby s samp section select small @@ -30,13 +30,14 @@ module Sanitizer line marker mask metadata missing-glyph mpath path pattern polygon polyline radialGradient rect set stop svg switch text textPath title tspan use] - acceptable_attributes = Set.new %w[accept accept-charset accesskey action - align alt autocomplete axis border cellpadding cellspacing char charoff + acceptable_attributes = Set.new %w[abbr accept accept-charset accesskey action + align alt autocomplete axis bgcolor border cellpadding cellspacing char charoff checked cite class clear cols colspan color compact contenteditable contextmenu - controls coords datetime dir disabled draggable enctype for formaction frame - headers height href hreflang hspace icon id ismap label lang longdesc loop low - max maxlength media method min multiple name nohref open optimum pattern placeholder - poster preload pubdate readonly rel required reversed rows rowspan spellcheck scope + controls coords datetime dir disabled draggable enctype face for formaction frame + headers height high href hreflang hspace icon id ismap label list lang longdesc + loop low max maxlength media method min multiple name nohref noshade nowrap open + optimumpattern placeholder poster preload pubdate radiogroup readonly rel + required rev reversed rows rowspan rules spellcheck scope selected shape size span src start step style summary tabindex target title type usemap valign value vspace width wrap xml:lang] diff --git a/public/svg-edit/editor/svgcanvas.js b/public/svg-edit/editor/svgcanvas.js index d46357da..3bbb1aed 100644 --- a/public/svg-edit/editor/svgcanvas.js +++ b/public/svg-edit/editor/svgcanvas.js @@ -1,4 +1,4 @@ -/* +/* * svgcanvas.js * * Licensed under the Apache License, Version 2 @@ -1202,7 +1202,8 @@ function BatchCommand(text) { (function() { // TODO: make this string optional and set by the client var comment = svgdoc.createComment(" Created with SVG-edit - http://svg-edit.googlecode.com/ "); - svgcontent.appendChild(comment); + // Lead to invalid content with Instiki's Sanitizer + // svgcontent.appendChild(comment); // TODO For Issue 208: this is a start on a thumbnail // var svgthumb = svgdoc.createElementNS(svgns, "use");