Reviewers: kpreid2,
Description:
css added a lot of harmless pseudo-classes that we don't currently
whitelist. This CL adds most of them.
Please review this at https://codereview.appspot.com/13683045/
Affected files (+67, -7 lines):
M src/com/google/caja/plugin/CssRewriter.java
M src/com/google/caja/plugin/sanitizecss.js
Index: src/com/google/caja/plugin/CssRewriter.java
===================================================================
--- src/com/google/caja/plugin/CssRewriter.java (revision 5597)
+++ src/com/google/caja/plugin/CssRewriter.java (working copy)
@@ -599,10 +599,61 @@
});
}
- private static final TypesafeSet<Name> ALLOWED_PSEUDO_CLASSES
=TypesafeSet.of(
- Name.css("active"), Name.css("after"), Name.css("before"),
- Name.css("first-child"), Name.css("first-letter"), Name.css("focus"),
- Name.css("link"), Name.css("hover"));
+ // Note, duplicated in sanitizecss.js
+ private static final TypesafeSet<Name> ALLOWED_PSEUDO_CLASSES =
+ TypesafeSet.of(
+ Name.css("active"),
+ Name.css("after"),
+ Name.css("before"),
+ Name.css("blank"),
+ Name.css("checked"),
+ Name.css("default"),
+ // Name.css("dir()"), // TODO(felix8a)
+ Name.css("disabled"),
+ Name.css("drop"),
+ // Name.css("drop()"), // TODO(felix8a)
+ Name.css("empty"),
+ Name.css("enabled"),
+ Name.css("first"),
+ Name.css("first-child"),
+ Name.css("first-letter"),
+ Name.css("first-line"),
+ Name.css("first-of-type"),
+ Name.css("fullscreen"),
+ Name.css("focus"),
+ Name.css("hover"),
+ Name.css("in-range"),
+ Name.css("indeterminate"),
+ Name.css("invalid"),
+ Name.css("last-child"),
+ Name.css("last-of-type"),
+ Name.css("left"),
+ // Name.css("lang()"), // TODO(felix8a)
+ Name.css("link"),
+ // Name.css("nth-child()"), // TODO(felix8a)
+ // Name.css("nth-column()"), // TODO(felix8a)
+ // Name.css("nth-last-child()"), // TODO(felix8a)
+ // Name.css("nth-last-column()"), // TODO(felix8a)
+ // Name.css("nth-last-match()"), // TODO(felix8a)
+ // Name.css("nth-last-of-type()"), // TODO(felix8a)
+ // Name.css("nth-match()"), // TODO(felix8a)
+ // Name.css("nth-of-type()"), // TODO(felix8a)
+ Name.css("only-child"),
+ Name.css("only-of-type"),
+ Name.css("optional"),
+ Name.css("out-of-range"),
+ Name.css("placeholder-shown"),
+ Name.css("read-only"),
+ Name.css("read-write"),
+ Name.css("required"),
+ Name.css("right"),
+ Name.css("root"),
+ Name.css("scope"),
+ // Name.css("target"), // disallowed
+ Name.css("user-error"),
+ Name.css("valid")
+ // Name.css("visited"), // disallowed
+ );
private void removeUnsafeConstructs(AncestorChain<? extends CssTree> t) {
// 1) Check that all classes, ids, property names, etc. are valid
Index: src/com/google/caja/plugin/sanitizecss.js
===================================================================
--- src/com/google/caja/plugin/sanitizecss.js (revision 5597)
+++ src/com/google/caja/plugin/sanitizecss.js (working copy)
@@ -363,11 +363,20 @@
};
})();
+ // See also ALLOWED_PSEUDO_CLASSES in CssRewriter.java
var HISTORY_NON_SENSITIVE_PSEUDO_SELECTOR_WHITELIST =
- /^(active|after|before|first-child|first-letter|focus|hover)$/;
+ new RegExp(
+ '^(active|after|before|blank|checked|default|disabled'
+ + '|drop|empty|enabled|first|first-child|first-letter'
+ + '|first-line|first-of-type|fullscreen|focus|hover'
+ + '|in-range|indeterminate|invalid|last-child|last-of-type'
+ + '|left|link|only-child|only-of-type|optional|out-of-range'
+ + '|placeholder-shown|read-only|read-write|required|right'
+ + '|root|scope|user-error|valid'
+ + ')$');
- // TODO: This should be removed now as modern browsers no longer require
- // this special handling
+ // TODO(felix8a): This might be removable since modern browsers
+ // already prevent history sniffing
var HISTORY_SENSITIVE_PSEUDO_SELECTOR_WHITELIST = /^(link|visited)$/;
// Set of punctuation tokens that are child/sibling selectors.
--
---
You received this message because you are subscribed to the Google Groups "Google Caja Discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/groups/opt_out.
