Reviewers: felix8a,
Description:
Prior to this CL we turned CSS signatures into regular expressions.
This code was tricky, required shipping lots of (opaque and
hard-to-debug) JS,
and the regular expressions blew up in size when functions (like
rgb(...))
nest.
This changes our CSS sanitization to a simple token filtering, but with
functions treated as top-level entities.
Changes include
- Getting rid of JS regex generation and optimization code
- Revamping the CSS property bits to support unicode ranges, and make
the
distinction between quoted strings, URLs, and unreserved-words more
obvious.
- Add a cssFns property to the css-defs.js property value maps.
- Gets rid of the cssExtras property in the css-defs.js property value
maps.
NOT READY FOR COMMIT
This includes a rewrite of the code-generator which turns our CSS JSON
into
a form that the client-side CSS rewriter can use but does not yet wire
it
into sanitizecss.js.
Please review this at https://codereview.appspot.com/10943044/
Affected files:
M src/com/google/caja/lang/css/CssPropBit.java
M src/com/google/caja/lang/css/CssPropertyPatterns.java
D src/com/google/caja/lang/css/JSRE.java
M src/com/google/caja/parser/css/CssPropertySignature.java
M src/com/google/caja/plugin/CssRewriter.java
M src/com/google/caja/plugin/stages/ValidateCssStage.java
M src/com/google/caja/plugin/templates/HtmlAttributeRewriter.java
M src/com/google/caja/util/Bag.java
M tests/com/google/caja/lang/css/CssPropertyPatternsTest.java
D tests/com/google/caja/lang/css/JSRETest.java
M tests/com/google/caja/plugin/CssDynamicExpressionRewriterTest.java
M tests/com/google/caja/plugin/CssRewriterTest.java
M tests/com/google/caja/plugin/templates/TemplateCompilerTest.java
--
---
You received this message because you are subscribed to the Google Groups "Google Caja Discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/groups/opt_out.
