Issue 13146044: accept "inherit" for all css properties (Closed)
DescriptionThe css standards are generally written to omit "inherit" from
property specifications, but the standards also have a paragraph
near the beginning that says "inherit" is valid for all properties
despite being omitted from the property specifications.
Our css whitelisting inconsistently allows "inherit" for some
properties, not all.
This change makes "inherit" always an acceptable value.
There are a few quirks:
- The client-side css sanitizer is looser than the server-side one,
because the client-side sanitizer only checks tokens, not full
expressions. This applies to all types of css values, but for
"inherit" in particular, the client-side sanitizer accepts
p { color: inherit inherit; }
which the server-side sanitizer rejects.
- The server-side sanitizer had some tests that accepted things like
p { font: inherit "foo"; }
which is not actually legal; browsers reject that rule. I deleted
the tests.
- The rule for "content" explicitly disallowed "inherit", from a
concern that it could bring in values defined in a parent element.
This is unlikely to be a problem, because "content" is almost
always set on ::before and ::after pseudo-elements, which
cannot have children.
Patch Set 1 #
MessagesTotal messages: 3
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
