+class_blacklist:
 default_encoding: utf-8
 disable_transform: 0
 inputs: text/html
 nasty_tags:
   applet: 1
   embed: 1
+  meta: 1
   object: 1
   script: 1
+  style: 1
 output: text/x-safe-html
 remove_javascript: 1
+stripped_attributes:
+  lang
+  valign
+  halign
+  border
+  frame
+  rules
+  cellspacing
+  cellpadding
+  bgcolor
+stripped_combinations:
+  table th td:width height
+style_whitelist:
+  text-align
+  list-style-type
+  float
 valid_tags:
   a: 1
   abbr: 1
   acronym: 1
   address: 1
-  area: 1
+  area: 0
   article: 1
+  aside: 1
   audio: 1
   b: 1
   base: 0
   bdo: 1
   big: 1
   blockquote: 1
   body: 1
   br: 0
+  canvas: 1
   caption: 1
   cite: 1
   code: 1
   col: 1
   colgroup: 1
+  command: 1
+  datalist: 1
   dd: 1
   del: 1
   details: 1
   dfn: 1
   dialog: 1
   div: 1
   dl: 1
   dt: 1
   em: 1
+  figure: 1
   font: 1
   footer: 1
   h1: 1
   h2: 1
   h3: 1
   h4: 1
   h5: 1
   h6: 1
   head: 1
   header: 1
+  hgroup: 1
   hr: 0
   html: 1
   i: 1
   img: 0
   ins: 1
   kbd: 1
   keygen: 1
   li: 1
   map: 1
   mark: 1
   meta: 0
+  meter: 1
+  nav: 1
   ol: 1
+  output: 1
   p: 1
   pre: 1
   progress: 1
   q: 1
+  rp: 1
+  rt: 1
+  ruby: 1
   samp: 1
   section: 1
   small: 1
+  source: 1
   span: 1
   strong: 1
   sub: 1
-  summary: 1
   sup: 1
   table: 1
   tbody: 1
   td: 1
+  tfoot: 1
   th: 1
   thead: 1
+  time: 1
   title: 1
   tr: 1
   tt: 1
   u: 1
   ul: 1
   var: 1
   video: 1

just test for truth instead of checking in [list of false instance]

fix typos and remove unused variables.

Login_isPasswordValid is no longer used.

When reseting password through portal_password, we should check new
password comply with policy.

Because user is not logged in at this stage, we expose a new method
`PasswordTool.analyzePassword` that checks the password is valid for
this reset key.

This is a change in the API, previously only "messages id" were
returned. To make it easier to reuse analyzePassword in other contexts,
we now return the message directly.

isPasswordValid returns a boolean value, so we should check it's true
rather than <= 0

method signature should not contain self

If it is the case *and* the action script does not redirect, the password will be
in user's browser history.
There can be two different reasons to not redirect:
- not following the API (ie, intentionally not redirecting)
- letting an exception reach ZPublisher
Also, if the non-redirection causes an HTML page to be rendered, resources
loaded by that page will have a referrer containing the password, leaking it
to potentially foreign servers.

obj.convert(format="png") != obj.convert(format=u"png")

When checking constraints, ignore lines where the node is an acquired
organisation, we should only consider lines where node is an account.

erp5_travel_expense: Improve Front page and fix CSS on image modal

erp5_travel_expense: Router redirect to front page

erp5_travel_request: Add missing Preference PropertySheet

erp5_travel_expense: Add mission Administration

erp5_travel_expense: Add missing category

erp5_travel_expense: Make Expense document publication customizable by script

erp5_travel_expense: Add mission jio_view action on Service

erp5_travel_expense: Also remove Title from expense view in app

erp5_travel_expense: Remove all form of titles

erp5_web_renderjs_ui: Wait the jio database creation before render the panel because createJio is an asynchronous method

In erp5_launcher_nojqm.js, panel is rendered without wait the jio database
creation. Then, if we call any jio method in panel, the application raises an
exception because there is no storage.