[Caja] [google-caja] r5286 committed - Allow 'content' property values in CSS...

Wed, 13 Feb 2013 14:20:32 -0800 

Revision: 5286
Author:   ihab.awad
Date:     Wed Feb 13 14:19:54 2013
Log:      Allow 'content' property values in CSS
https://codereview.appspot.com/7308092



[email protected]

http://code.google.com/p/google-caja/source/detail?r=5286

Modified:
 /trunk/src/com/google/caja/lang/css/CssPropertyPatterns.java
 /trunk/src/com/google/caja/lang/css/css-extensions-defs.json
 /trunk/src/com/google/caja/lang/css/css21-whitelist.json
 /trunk/src/com/google/caja/plugin/CssRewriter.java
 /trunk/src/com/google/caja/plugin/sanitizecss.js
 /trunk/tests/com/google/caja/plugin/browser-test-case.js
 /trunk/tests/com/google/caja/plugin/css-stylesheet-tests.js
 /trunk/tests/com/google/caja/plugin/es53-test-domado-dom-guest.html

=======================================
--- /trunk/src/com/google/caja/lang/css/CssPropertyPatterns.java Fri Jun 22 09:42:32 2012 +++ /trunk/src/com/google/caja/lang/css/CssPropertyPatterns.java Wed Feb 13 14:19:54 2013 
@@ -545,6 +545,7 @@
         .put("hex-color", CssPropBit.HASH_VALUE)
         .put("specific-voice", CssPropBit.QSTRING_CONTENT)
         .put("family-name", CssPropBit.QSTRING_CONTENT)
+        .put("string", CssPropBit.QSTRING_CONTENT)
         .put("uri", CssPropBit.QSTRING_URL)
         .put("z-index", CssPropBit.QUANTITY)
         .build();
=======================================
--- /trunk/src/com/google/caja/lang/css/css-extensions-defs.json Tue Jul 20 20:41:35 2010 +++ /trunk/src/com/google/caja/lang/css/css-extensions-defs.json Wed Feb 13 14:19:54 2013 
@@ -161,12 +161,17 @@
       "as": "border-top-left-radius" },

     { "key": "content",
-      "signature": " \"\" | \" \" | \".\" ",
+      "signature": "normal | none | <string> +",
       "default": " \"\" ",
       "description": [
-          "Allow space and dot since YUI frequently uses those.",
-          "Allow the empty string since it is the default value."
-          ]
+        "Allow per CSS spec with some exceptions",
+        "Reject <counter> because it exposes global page state",
+ "Reject attr(<identifier>) because it circumvents Domado attribute value virtualizations", + "Reject inherit because of possible strange semantics with stuff outside the Domado container", + "Reject <uri> because, if we accept it, our CSS sanitizers assume any string is a URI", + "Reject no-open-quote and no-close-quote because they expose a global counter", + "Reject open-quote and close-quote because we cannot test for them yet" 
+      ]
     },

     { "key": "cursor",
=======================================
--- /trunk/src/com/google/caja/lang/css/css21-whitelist.json Thu Jan 14 12:01:51 2010 +++ /trunk/src/com/google/caja/lang/css/css21-whitelist.json Wed Feb 13 14:19:54 2013 
@@ -117,8 +117,6 @@
   ],

   "denied": [
-    { "key": "content",
- "reason": "Allows importing of content from another URI. Is this really problematic?" }, 
     { "key": "orphans",
       "reason": "Allows manipulation of page outside clipping region" },
     { "key": "widows",
=======================================
--- /trunk/src/com/google/caja/plugin/CssRewriter.java Tue Oct 30 16:18:53 2012 +++ /trunk/src/com/google/caja/plugin/CssRewriter.java Wed Feb 13 14:19:54 2013 
@@ -664,7 +664,7 @@
         }
       });

-    // 2) Ban content properties, and attr pseudo classes, and any other
+    // 2) Ban attr pseudo classes, and any other
     //    pseudo selectors that don't match the whitelist
     t.node.acceptPreOrder(new Visitor() {
         public boolean visit(AncestorChain<?> ancestors) {
=======================================
--- /trunk/src/com/google/caja/plugin/sanitizecss.js Tue Oct 23 10:12:27 2012 +++ /trunk/src/com/google/caja/plugin/sanitizecss.js Wed Feb 13 14:19:54 2013 
@@ -398,7 +398,11 @@
           }
           historySensitive = true;
           pseudoSelector = ':' + tok;
+          ++start;
           element = 'a';
+        } else if (tok === 'before' || tok === 'after') {
+          historySensitive = false;
+          pseudoSelector = ':' + tok;
           ++start;
         }
       }
=======================================
--- /trunk/tests/com/google/caja/plugin/browser-test-case.js Fri Feb 1 16:54:41 2013 +++ /trunk/tests/com/google/caja/plugin/browser-test-case.js Wed Feb 13 14:19:54 2013 
@@ -443,17 +443,19 @@
     getBodyNode: function () {
       return frame.domicile.tameNode(frame.innerContainer);
     },
-    getComputedStyle: function (tameNode, styleProp) {
+    getComputedStyle: function (tameNode, styleProp, opt_pseudoElement) {
       var node = frame.domicile.feralNode(tameNode);
-      if (node.currentStyle) {
+      if (node.currentStyle && !opt_pseudoElement) {
         return node.currentStyle[styleProp.replace(
             /-([a-z])/g,
             function (_, letter) {
               return letter.toUpperCase();
             })];
       } else if (window.getComputedStyle) {
-        return window.getComputedStyle(node, null)
-            .getPropertyValue(styleProp);
+        var cs = window.getComputedStyle(
+            node,
+            opt_pseudoElement || null);
+        return cs.getPropertyValue(styleProp);
       } else {
         return null;
       }
=======================================
--- /trunk/tests/com/google/caja/plugin/css-stylesheet-tests.js Wed Oct 3 15:58:36 2012 +++ /trunk/tests/com/google/caja/plugin/css-stylesheet-tests.js Wed Feb 13 14:19:54 2013 
@@ -111,12 +111,25 @@
     ]
   },
   {
-    "test_name": "ContentRemoved",
+    "test_name": "UrlContentRemoved",
+    "tests": [
+      {
+        "cssText":
+ "a { color: blue; content: url(x.png); text-decoration: underline; }", 
+        "golden":
+          ".namespace__ a{color:blue;text-decoration:underline}"
+      }
+    ]
+  },
+  {
+    "test_name": "LiteralContentPreserved",
     "tests": [
       {
         "cssText":
"a { color: blue; content: 'booyah'; text-decoration: underline; }", 
-        "golden": ".namespace__ a{color:blue;text-decoration:underline}"
+        "golden":
+          ".namespace__ a{color:blue;content:\"booyah\";"
+              + "text-decoration:underline}"
       }
     ]
   },
=======================================
--- /trunk/tests/com/google/caja/plugin/es53-test-domado-dom-guest.html Thu Jan 24 11:09:28 2013 +++ /trunk/tests/com/google/caja/plugin/es53-test-domado-dom-guest.html Wed Feb 13 14:19:54 2013 
@@ -3099,6 +3099,32 @@
   });
 </script>

+<p id="testCssContent" class="testcontainer">testCssContent</p>
+<style type="text/css">
+  #testCssContent:before {
+    content: 'text before via css';
+  }
+  #testCssContent:after {
+    content: 'text after via css';
+  }
+</style>
+<script type="text/javascript">
+  jsunitRegister('testCssContent',
+                 function testCssContent() {
+    function getPseudoContent(element, pseudo) {
+      var s = directAccess.getComputedStyle(element, 'content', pseudo);
+      // Firefox encloses the reported value of style property 'content' in
+      // double quotes, while Chrome encloses it in single quotes.
+      return s.substring(1, s.length - 1);
+    }
+
+    var t = document.getElementById('testCssContent');
+    assertEquals('text before via css', getPseudoContent(t, ':before'));
+    assertEquals('text after via css', getPseudoContent(t, ':after'));
+    pass('testCssContent');
+  });
+</script>
+
 <p class="testcontainer" id="testDocumentBodyAppendChild"
>I should be the last element until something is appended to document.body</p> 
 <script type="text/javascript">

--
--- You received this message because you are subscribed to the Google Groups "Google Caja Discuss" group. 
To unsubscribe from this group and stop receiving emails from it, send an email 
to [email protected].
For more options, visit https://groups.google.com/groups/opt_out.

Reply via email to