[freenet-cvs] r26111 - trunk/freenet/src/freenet/clients/http/filter

Thu, 19 Mar 2009 19:45:57 -0700 

Author: j16sdiz
Date: 2009-03-20 02:45:44 +0000 (Fri, 20 Mar 2009)
New Revision: 26111

Modified:
   trunk/freenet/src/freenet/clients/http/filter/CSSTokenizerFilter.java
   trunk/freenet/src/freenet/clients/http/filter/CSSTokenizerFilter.jflex
Log:
More retrictive CSS filter (bug 2921)

No longer allow functions other then rgb() and url() in style.
Large java diff is due to JFlex version change.

Modified: trunk/freenet/src/freenet/clients/http/filter/CSSTokenizerFilter.java
===================================================================
--- trunk/freenet/src/freenet/clients/http/filter/CSSTokenizerFilter.java       
2009-03-19 10:42:06 UTC (rev 26110)
+++ trunk/freenet/src/freenet/clients/http/filter/CSSTokenizerFilter.java       
2009-03-20 02:45:44 UTC (rev 26111)
@@ -1,4 +1,4 @@
-/* The following code was generated by JFlex 1.4.1 on 2/13/09 11:03 PM */
+/* The following code was generated by JFlex 1.4.2 on 3/20/09 10:36 AM */
 
 /* This code is part of Freenet. It is distributed under the GNU General
  * Public License, version 2 (or at your option any later version). See
@@ -17,8 +17,8 @@
 
 /**
  * This class is a scanner generated by 
- * <a href="http://www.jflex.de/";>JFlex</a> 1.4.1
- * on 2/13/09 11:03 PM from the specification file
+ * <a href="http://www.jflex.de/";>JFlex</a> 1.4.2
+ * on 3/20/09 10:36 AM from the specification file
  * <tt>src/freenet/clients/http/filter/CSSTokenizerFilter.jflex</tt>
  */
 class CSSTokenizerFilter {
@@ -32,6 +32,16 @@
   /** lexical states */
   public static final int YYINITIAL = 0;
 
+  /**
+   * ZZ_LEXSTATE[l] is the state in the DFA for the lexical state l
+   * ZZ_LEXSTATE[l+1] is the state in the DFA for the lexical state l
+   *                  at the beginning of a line
+   * l is of the form l = 2*k, k a non negative integer
+   */
+  private static final int ZZ_LEXSTATE[] = { 
+     0, 0
+  };
+
   /** 
    * Translates characters to character classes
    */
@@ -868,9 +878,6 @@
   /** the textposition at the last accepting state */
   private int zzMarkedPos;
 
-  /** the textposition at the last state to be included in yytext */
-  private int zzPushbackPos;
-
   /** the current text position in the buffer */
   private int zzCurrentPos;
 
@@ -1140,7 +1147,6 @@
       zzEndRead-= zzStartRead;
       zzCurrentPos-= zzStartRead;
       zzMarkedPos-= zzStartRead;
-      zzPushbackPos-= zzStartRead;
       zzStartRead = 0;
     }
 
@@ -1156,13 +1162,23 @@
     int numRead = zzReader.read(zzBuffer, zzEndRead,
                                             zzBuffer.length-zzEndRead);
 
-    if (numRead < 0) {
-      return true;
-    }
-    else {
+    if (numRead > 0) {
       zzEndRead+= numRead;
       return false;
     }
+    // unlikely but not impossible: read 0 characters, but not at end of 
stream    
+    if (numRead == 0) {
+      int c = zzReader.read();
+      if (c == -1) {
+        return true;
+      } else {
+        zzBuffer[zzEndRead++] = (char) c;
+        return false;
+      }     
+    }
+
+       // numRead < 0
+    return true;
   }
 
     
@@ -1193,7 +1209,7 @@
     zzAtBOL  = true;
     zzAtEOF  = false;
     zzEndRead = zzStartRead = 0;
-    zzCurrentPos = zzMarkedPos = zzPushbackPos = 0;
+    zzCurrentPos = zzMarkedPos = 0;
     yyline = yychar = yycolumn = 0;
     zzLexicalState = YYINITIAL;
   }
@@ -1321,7 +1337,7 @@
 
       zzCurrentPosL = zzCurrentPos = zzStartRead = zzMarkedPosL;
   
-      zzState = zzLexicalState;
+      zzState = ZZ_LEXSTATE[zzLexicalState];
 
 
       zzForAction: {
@@ -1621,7 +1637,10 @@
         case 60: break;
         case 9: 
           { String s = yytext();
-       if(s.startsWith("url")) throwError(l10n("invalidURLContents"));
+       if(s.toLowerCase().startsWith("url")) 
throwError(l10n("invalidURLContents"));
+       if(!s.toLowerCase().startsWith("rgb") &&
+                       !s.toLowerCase().startsWith("not")      // hack for 
css3 support
+               ) throwError(l10n("invalidURLContents"));
        w.write(s);
        if(debug) log("Matched function start: "+s);
           }

Modified: trunk/freenet/src/freenet/clients/http/filter/CSSTokenizerFilter.jflex
===================================================================
--- trunk/freenet/src/freenet/clients/http/filter/CSSTokenizerFilter.jflex      
2009-03-19 10:42:06 UTC (rev 26110)
+++ trunk/freenet/src/freenet/clients/http/filter/CSSTokenizerFilter.jflex      
2009-03-20 02:45:44 UTC (rev 26111)
@@ -437,7 +437,10 @@
 }
 {IDENT}"(" {
        String s = yytext();
-       if(s.startsWith("url")) throwError(l10n("invalidURLContents"));
+       if(s.toLowerCase().startsWith("url")) 
throwError(l10n("invalidURLContents"));
+       if(!s.toLowerCase().startsWith("rgb") &&
+                       !s.toLowerCase().startsWith("not")      // hack for 
css3 support
+               ) throwError(l10n("invalidURLContents"));
        w.write(s);
        if(debug) log("Matched function start: "+s);
 }

_______________________________________________
cvs mailing list
[email protected]
http://emu.freenetproject.org/cgi-bin/mailman/listinfo/cvs

Reply via email to