On Saturday 21 March 2009 05:17:37 Daniel Cheng wrote: > 2009/3/21 Matthew Toseland <[email protected]>: > > On Friday 20 March 2009 06:06:02 [email protected] wrote: > >> Author: j16sdiz > >> Date: 2009-03-20 06:06:00 +0000 (Fri, 20 Mar 2009) > >> New Revision: 26115 > >> > >> Modified: > >> trunk/freenet/src/freenet/clients/http/filter/CSSTokenizerFilter.java > >> trunk/freenet/src/freenet/clients/http/filter/CSSTokenizerFilter.jflex > >> Log: > >> More CSS fix > >> > > ... > >> Modified: > > trunk/freenet/src/freenet/clients/http/filter/CSSTokenizerFilter.jflex > >> =================================================================== > >> --- trunk/freenet/src/freenet/clients/http/filter/CSSTokenizerFilter.jflex > > 2009-03-20 02:56:03 UTC (rev 26114) > >> +++ trunk/freenet/src/freenet/clients/http/filter/CSSTokenizerFilter.jflex > > 2009-03-20 06:06:00 UTC (rev 26115) > >> @@ -438,7 +438,7 @@ > >> {IDENT}"(" { > >> String s = yytext(); > >> if(s.toLowerCase().startsWith("url")) > > throwError(l10n("invalidURLContents")); > >> - if(!s.toLowerCase().startsWith("rgb")) > > throwError(l10n("invalidURLContents")); > >> + if(!s.toLowerCase().startsWith("rgb") > > && !s.toLowerCase().startsWith("attr")) > > throwError(l10n("invalidURLContents")); > > > > Why startsWith? What functions are attr*? > > you can do something like this in css: > h1:after { content: attr(title) } > > <h1 title="xxxx"> ... </h1> > > would give xxxx in the text.
And this is always safe? The content is not parsed or mangled, it cannot contain markup, it is just displayed?
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ Devl mailing list [email protected] http://emu.freenetproject.org/cgi-bin/mailman/listinfo/devl
