Rietveld Code Review Tool
Help | Bug tracker | Discussion group | Source code | Sign in
(227)
Issues Repositories Search
Open Issues | Closed Issues | All Issues | Sign in with your Google Account to create issues and add comments

Issue 7393064: Allow colons in CSS class names in selectors and allow some attribute tests (Closed)

Can't Edit
Can't Publish+Mail
Start Review
Created:
13 years, 1 month ago by MikeSamuel
Modified:
13 years, 1 month ago
Reviewers:
kpreid2, metaweta
CC:
google-caja-discuss_googlegroups.com
Base URL:
http://google-caja.googlecode.com/svn/trunk/
Visibility:
Public.

Description

This addresses issue 1617, where we don't properly sanitize attribute selectors and don't allow colons in classes and IDs. Submitted as r5306

Patch Set 1 #

Total comments: 15

Patch Set 2 : Allow colons in CSS class names in selectors and allow some attribute tests #

Unified diffs Side-by-side diffs Delta from patch set Stats (+90 lines, -16 lines) Patch
M src/com/google/caja/plugin/sanitizecss.js View 1 8 chunks +57 lines, -16 lines 0 comments Download
M tests/com/google/caja/plugin/cssparser_test.js View 1 1 chunk +19 lines, -0 lines 0 comments Download
M tests/com/google/caja/plugin/sanitizecss_test.html View 1 chunk +1 line, -0 lines 0 comments Download
M tests/com/google/caja/plugin/sanitizecss_test.js View 1 1 chunk +13 lines, -0 lines 0 comments Download

Messages

Total messages: 11
MikeSamuel
13 years, 1 month ago (2013-02-26 13:01:33 UTC) #1
metaweta
lgtm https://codereview.appspot.com/7393064/diff/1/src/com/google/caja/plugin/sanitizecss.js File src/com/google/caja/plugin/sanitizecss.js (right): https://codereview.appspot.com/7393064/diff/1/src/com/google/caja/plugin/sanitizecss.js#newcode356 src/com/google/caja/plugin/sanitizecss.js:356: // Split the element selector into three parts. ...
13 years, 1 month ago (2013-02-26 15:24:21 UTC) #2
kpreid2
https://codereview.appspot.com/7393064/diff/1/src/com/google/caja/plugin/sanitizecss.js File src/com/google/caja/plugin/sanitizecss.js (right): https://codereview.appspot.com/7393064/diff/1/src/com/google/caja/plugin/sanitizecss.js#newcode317 src/com/google/caja/plugin/sanitizecss.js:317: if (selectors[i] == ',') { // TODO: ignore ',' ...
13 years, 1 month ago (2013-02-26 17:45:48 UTC) #3
MikeSamuel
This addresses issue 1617, where we don't properly sanitize attribute selectors and don't allow colons ...
13 years, 1 month ago (2013-02-26 21:45:43 UTC) #4
MikeSamuel
https://codereview.appspot.com/7393064/diff/1/src/com/google/caja/plugin/sanitizecss.js File src/com/google/caja/plugin/sanitizecss.js (right): https://codereview.appspot.com/7393064/diff/1/src/com/google/caja/plugin/sanitizecss.js#newcode317 src/com/google/caja/plugin/sanitizecss.js:317: if (selectors[i] == ',') { // TODO: ignore ',' ...
13 years, 1 month ago (2013-02-26 21:48:14 UTC) #5
kpreid2
LGTM
13 years, 1 month ago (2013-02-26 21:53:31 UTC) #6
metaweta
lgtm Thanks, Mike!
13 years, 1 month ago (2013-02-26 21:56:52 UTC) #7
metaweta
The committed CL doesn't fix issue 1617; for some reason, sanitizeCssSelectors is still stripping out ...
13 years, 1 month ago (2013-02-26 23:05:57 UTC) #8
MikeSamuel
On 2013/02/26 23:05:57, metaweta wrote: > The committed CL doesn't fix issue 1617; for some ...
13 years, 1 month ago (2013-02-27 19:40:05 UTC) #9
kpreid2
On 2013/02/27 19:40:05, MikeSamuel wrote: > On 2013/02/26 23:05:57, metaweta wrote: > > The committed ...
13 years, 1 month ago (2013-03-07 17:59:28 UTC) #10
MikeSamuel
13 years, 1 month ago (2013-03-08 02:03:34 UTC) #11 
done

2013/3/7  <kpreid.switchb.org@gmail.com>:
> On 2013/02/27 19:40:05, MikeSamuel wrote:
>>
>> On 2013/02/26 23:05:57, metaweta wrote:
>> > The committed CL doesn't fix issue 1617; for some reason,
>
> sanitizeCssSelectors
>>
>> > is still stripping out selectors with colons.
>
>
>> Ack.  Will fix in a follow up CL.
>
>
> Please close this review since it is committed (r5306, for the record).
>
> https://codereview.appspot.com/7393064/
Sign in to reply to this message.

Powered by Google App Engine
RSS Feeds Recent Issues | This issue
This is Rietveld f62528b