[Caja] Pass ID suffix to sanitizeCssProperty for use with s. (issue 11938045)

Fri, 26 Jul 2013 13:42:53 -0700 

Reviewers: felix8a,

Description:
This supercedes CL 11883043 and just adds an optional parameter to
sanitizeCssProperty so that we can use the proper ID suffix with
global names like "foo" in

   p { animation-name: foo; animation-... }
   @keyframes foo { ... }

Please review this at https://codereview.appspot.com/11938045/

Affected files:
  M     src/com/google/caja/plugin/domado.js
  M     src/com/google/caja/plugin/html-emitter.js
  M     src/com/google/caja/plugin/html-sanitizer.js
  M     src/com/google/caja/plugin/sanitizecss.js


Index: src/com/google/caja/plugin/domado.js
===================================================================
--- src/com/google/caja/plugin/domado.js        (revision 5510)
+++ src/com/google/caja/plugin/domado.js        (working copy)
@@ -2011,7 +2011,8 @@
             cssPropertyName,
             tokens,
             uriRewriterForCss,
-            domicile.pseudoLocation.href);
+            domicile.pseudoLocation.href,
+            idSuffix);
         return tokens.length !== 0;
       }

Index: src/com/google/caja/plugin/html-emitter.js
===================================================================
--- src/com/google/caja/plugin/html-emitter.js  (revision 5510)
+++ src/com/google/caja/plugin/html-emitter.js  (working copy)
@@ -484,9 +484,11 @@

     function makeCssUriHandler(baseUri, method, mime) {
       return function(uri, prop) {
-          return (domicile && domicile[method])
- ? domicile[method](URI.utils.resolve(baseUri, uri), mime, prop) 
-              : void 0;
+ // TODO: sanitizeCss* functions resolve URIs, so can we avoid closing 
+        // over baseUri here?
+        return (domicile && domicile[method])
+            ? domicile[method](URI.utils.resolve(baseUri, uri), mime, prop)
+            : void 0;
       };
     }

Index: src/com/google/caja/plugin/html-sanitizer.js
===================================================================
--- src/com/google/caja/plugin/html-sanitizer.js        (revision 5510)
+++ src/com/google/caja/plugin/html-sanitizer.js        (working copy)
@@ -917,7 +917,7 @@
                         : null);
                     if (tokens.length) {
                       sanitizedDeclarations.push(
-                          property + ': ' + tokens.join(' '));
+                          normProp + ': ' + tokens.join(' '));
                     }
                   }
                 });
Index: src/com/google/caja/plugin/sanitizecss.js
===================================================================
--- src/com/google/caja/plugin/sanitizecss.js   (revision 5510)
+++ src/com/google/caja/plugin/sanitizecss.js   (working copy)
@@ -116,8 +116,9 @@
    * @param tokens as parsed by lexCss.  Modified in place.
    * @param opt_naiveUriRewriter a URI rewriter; an object with a "rewrite"
    *     function that takes a URL and returns a safe URL.
- * @param opt_baseURI baseUri; uri against which all relative urls in this 
-   *     style will be resolved
+ * @param opt_baseURI a URI against which all relative URLs in tokens will 
+   *     be resolved.
+   * @param opt_idSuffix {string} appended to all IDs to scope them.
    */
   sanitizeCssProperty = (function () {

@@ -135,8 +136,8 @@
     // Used as map value to avoid hasOwnProperty checks.
     var ALLOWED_LITERAL = {};

-    return function sanitize(property, tokens,
-                             opt_naiveUriRewriter, opt_baseUri) {
+    return function sanitize(
+ property, tokens, opt_naiveUriRewriter, opt_baseUri, opt_idSuffix) { 

       var propertySchema = cssSchema[property];

@@ -149,8 +150,16 @@
       var propBits = propertySchema.cssPropBits;

       /**
-       * Recurse to
-       * @return the exclusive end in tokens of the function call.
+ * Recurse to apply the appropriate function schema to the function call 
+       * that starts at {@code tokens[start]}.
+ * @param {Array.<string>} tokens an array of CSS token that is modified 
+       *   in place so that all tokens involved in the function call
+ * (from {@code tokens[start]} to a close parenthesis) are folded to 
+       *   one token.
+ * @param {number} start an index into tokens of a function token like 
+       *   {@code 'name('}.
+ * @return the replacement function or the empty string if the function 
+       *   call is not both well-formed and allowed.
        */
       function sanitizeFunctionCall(tokens, start) {
         var parenDepth = 1, end = start + 1, n = tokens.length;
@@ -230,10 +239,6 @@
             : ''
           )

-          // Preserve hash color literals if allowed.
- : (cc === '#'.charCodeAt(0) && /^#(?:[0-9a-f]{3}){1,2}$/.test(token)) 
-          ? (propBits & CSS_PROP_BIT_HASH_VALUE ? token : '')
-
           : (
             litGroup = propertySchema.cssLitGroup,
             litMap = (litGroup
@@ -245,6 +250,10 @@
           // Token is in the literal map or matches extra.
           ? token

+          // Preserve hash color literals if allowed.
+ : (cc === '#'.charCodeAt(0) && /^#(?:[0-9a-f]{3}){1,2}$/.test(token)) 
+          ? (propBits & CSS_PROP_BIT_HASH_VALUE ? token : '')
+
           : ('0'.charCodeAt(0) <= cc && cc <= '9'.charCodeAt(0))
           // A number starting with a digit.
           ? ((propBits & CSS_PROP_BIT_QUANTITY) ? token : '')
@@ -276,7 +285,7 @@
           ? ((propBits & CSS_PROP_BIT_QUANTITY) ? '0' + token : '')

           // Handle url("...") by rewriting the body.
-          : ('url(' === token.substring(0, 4))
+          : ('url("' === token.substring(0, 5))
           ? ((opt_naiveUriRewriter && (propBits & CSS_PROP_BIT_URL))
              ? normalizeUrl(safeUri(resolveUri(opt_baseUri,
                   tokens[i].substring(5, token.length - 2)),
@@ -292,7 +301,7 @@

           : ((propBits & CSS_PROP_BIT_GLOBAL_NAME)
              && /^-?[a-z_][\w\-]*$/.test(token) && !/__$/.test(token))
-          ? token + '-suffix'
+          ? (opt_idSuffix ? token + opt_idSuffix : '')

           : (/^\w+$/.test(token)
              && stringDisposition === CSS_PROP_BIT_UNRESERVED_WORD
@@ -344,7 +353,7 @@
    *   }} virtualization An object like <pre<{
* containerClass: class name prepended to all selectors to scope them (if 
    *       not null)
-   *   idSuffix: appended to all ids to scope them
+   *   idSuffix: appended to all IDs to scope them
    *   tagPolicy: As in html-sanitizer, used for rewriting element names.
    * }</pre>
* If containerClass is {@code "sfx"} and idSuffix is {@code "-sfx"}, the 
@@ -952,11 +961,12 @@
                   valueArray.length -= 2;
                 }
                 sanitizeCssProperty(
-                    property, valueArray, naiveUriRewriter, baseUri);
+                    property, valueArray, naiveUriRewriter, baseUri,
+                    virtualization.idSuffix);
                 if (valueArray.length) {
                   safeCss.push(
-                    property, ':', valueArray.join(' '),
-                    isImportant ? ' !important;' : ';');
+                      property, ':', valueArray.join(' '),
+                      isImportant ? ' !important;' : ';');
                 }
               }
             }


--
--- You received this message because you are subscribed to the Google Groups "Google Caja Discuss" group. 
To unsubscribe from this group and stop receiving emails from it, send an email 
to [email protected].
For more options, visit https://groups.google.com/groups/opt_out.

Reply via email to