Fossil

Diff
Login
Home Timeline Docs Branches Tickets Wiki DownloadMore...
Annotate Patch Unified Diff

Differences From Artifact [f60c1b4a22]:

To Artifact [8149a84fe2]:

2765
2766
2767
2768
2769
2770
2771
2772
2773
2774
2775
2776
2777
2778
2779
2780
2781
2782
2783
2784
2785
2786
2787
2788
2789
2790

** convert the input into "safe HTML".  The following modifications
** are made:
**
**    1.  Remove any elements that are not on the AllowedMarkup list.
**        (ex: <script>, <form>, etc.)
**
**    2.  Remove any attributes that are not on the AllowedMarkup list.
**        (ex: onload=, id=, etc.)
**
**    3.  Omit any surplus close-tags.  This prevents the script from
**        terminating an <div> or similar in the outer context.
**
**    4.  Insert additional close-tags as necessary so that any
**        tag in the input that needs a close-tag has one.  This
**        prevents tags in the embedded script from affecting the
**        display of content that follows this script in the enclosing
**        context.
**
** This modifications are intended to make the generated HTML safe
** to be embedded in a larger HTML document, such that the embedded
** HTML has no influence on the formatting and operation of the
** larger document.
**
** If safe-html is disabled, then this routine is a no-op.
*/
void safe_html(Blob *in){








|










|








2765
2766
2767
2768
2769
2770
2771
2772
2773
2774
2775
2776
2777
2778
2779
2780
2781
2782
2783
2784
2785
2786
2787
2788
2789
2790

** convert the input into "safe HTML".  The following modifications
** are made:
**
**    1.  Remove any elements that are not on the AllowedMarkup list.
**        (ex: <script>, <form>, etc.)
**
**    2.  Remove any attributes that are not on the AllowedMarkup list.
**        (ex: onload=, etc.)
**
**    3.  Omit any surplus close-tags.  This prevents the script from
**        terminating an <div> or similar in the outer context.
**
**    4.  Insert additional close-tags as necessary so that any
**        tag in the input that needs a close-tag has one.  This
**        prevents tags in the embedded script from affecting the
**        display of content that follows this script in the enclosing
**        context.
**
** These modifications are intended to make the generated HTML safe
** to be embedded in a larger HTML document, such that the embedded
** HTML has no influence on the formatting and operation of the
** larger document.
**
** If safe-html is disabled, then this routine is a no-op.
*/
void safe_html(Blob *in){
This page was generated in about 0.017s by Fossil 2.26 [1205ec86cb] 2025-04-30 16:57:32