Comment parsing: in the generated XML file, mark HTML that is safe to pass

through to the output even if the input comment comes from an untrusted source Attribute filtering is currently based on a blacklist, which right now includes all event handler attributes (they contain JavaScipt code). It should be switched to a whitelist, but going over all of the HTML5 spec requires a significant amount of time. llvm-svn: 206882
author: Dmitri Gribenko <gribozavr@gmail.com> 2014-04-22 10:59:13 +0000
committer: Dmitri Gribenko <gribozavr@gmail.com> 2014-04-22 10:59:13 +0000
commit: 93043620bc63102f3316bfbec4aab33d06df334b (patch)
tree: 8f539a202bc6bdb17f37dbb365198ed4e6e1ae26 /clang/bindings/xml
parent: 6e647c13e451dc57f01e96d1d1dafc8c9b406959 (diff)
1 files changed, 6 insertions, 0 deletions
diff --git a/clang/bindings/xml/comment-xml-schema.rng b/clang/bindings/xml/comment-xml-schema.rng
index a8913a360b79..29a91bf674f6 100644
--- a/clang/bindings/xml/comment-xml-schema.rng
+++ b/clang/bindings/xml/comment-xml-schema.rng
@@ -580,6 +580,12 @@
         </data>
       </element>
       <element name="rawHTML">
+        <optional>
+          <!-- If not specified, the default value is 'false'. -->
+          <attribute name="isSafeToPassThrough">
+            <data type="boolean" />
+          </attribute>
+        </optional>
         <!-- Non-empty text content. -->
         <data type="string">
           <param name="pattern">.*\S.*</param>
author	Dmitri Gribenko <gribozavr@gmail.com>	2014-04-22 10:59:13 +0000
committer	Dmitri Gribenko <gribozavr@gmail.com>	2014-04-22 10:59:13 +0000
commit	93043620bc63102f3316bfbec4aab33d06df334b (patch)
tree	8f539a202bc6bdb17f37dbb365198ed4e6e1ae26 /clang/bindings/xml
parent	6e647c13e451dc57f01e96d1d1dafc8c9b406959 (diff)