Daniel Jomphe DanielJomphe
DanielJomphe
/ MyCaja.java
Created
June 14, 2010 13:14
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /** | |
| * Applies a very default Google Caja HTML cajoling pipeline. | |
| * <p/> | |
| * There's three things we might not like about this naive, default implementation. | |
| * <ol> | |
| * <li>It rewrites URLs by prefixing them and suffixing them with stuff.</li> | |
| * <li>It uses Google Caja's default whitelists. They accept all valid markup that's not deemed insecure. We might prefer to provide more restrictive whitelists.</li> | |
| * <li>It will be slow in an app where there's many users concurrently using it. This is not the case for our first client's needs, so we don't care for now.</li> | |
| * </ol> | |
| */ |