Rietveld Code Review Tool
Help | Bug tracker | Discussion group | Source code | Sign in
(68)
Issues Repositories Search
Open Issues | Closed Issues | All Issues | Sign in with your Google Account to create issues and add comments

Issue 32780043: add 'appearance' to the css whitelist (Closed)

Can't Edit
Can't Publish+Mail
Start Review
Created:
12 years, 3 months ago by felix8a
Modified:
12 years, 3 months ago
Reviewers:
kpreid2
CC:
google-caja-discuss_googlegroups.com
Base URL:
http://google-caja.googlecode.com/svn/trunk/
Visibility:
Public.

Description

People mostly want to say -moz-appearance: none; -webkit-appearance: none; which prevents a form element from being rendered as a native control, letting you restyle it the way you want. I don't see any problem with allowing that. I don't see any benefit to allowing other values for appearance. Supporting them would be about 1.5k of text added to the js sanitizer. I'd like to be able to say "accept any [-\w]+" but we don't have code to support that yet.

Patch Set 1 #

Total comments: 1
Unified diffs Side-by-side diffs Delta from patch set Stats (+18 lines, -0 lines) Patch
M src/com/google/caja/lang/css/css3-defs.json View 1 chunk +17 lines, -0 lines 1 comment Download
M src/com/google/caja/lang/css/css3-whitelist.json View 1 chunk +1 line, -0 lines 0 comments Download

Messages

Total messages: 2
felix8a
12 years, 3 months ago (2013-11-26 12:15:24 UTC) #1
kpreid2
12 years, 3 months ago (2013-11-26 17:58:23 UTC) #2 
LGTM

https://codereview.appspot.com/32780043/diff/1/src/com/google/caja/lang/css/c...
File src/com/google/caja/lang/css/css3-defs.json (right):

https://codereview.appspot.com/32780043/diff/1/src/com/google/caja/lang/css/c...
src/com/google/caja/lang/css/css3-defs.json:102: "But use in the wild is mostly
just apperance:none.",
typo "apperance"
Sign in to reply to this message.

Powered by Google App Engine
RSS Feeds Recent Issues | This issue
This is Rietveld f62528b