Commit 37c061d1 authored by Robert Lyon's avatar Robert Lyon Committed by Gerrit Code Review
Browse files

Merge "Bug 1602447: Allow ">" in CSS stylesheets"

parents 9a297249 08facc98
......@@ -3728,7 +3728,8 @@ function clean_html($text, $xhtml=false) {
* Like clean_html(), but for CSS!
* Like clean_html(), but for CSS stylesheets! (May not be secure for CSS directly
* in an HTML document a la <style>.)
* Much of the code in this function was taken from the sample code in this post:
......@@ -3760,15 +3761,15 @@ function clean_css($input_css, $preserve_css=false) {
$config->set('Filter.ExtractStyleBlocks', true);
$config->set('Filter.ExtractStyleBlocks.PreserveCSS', $preserve_css);
// Prevents "&<>" from being escaped. Escaping those is helpful
// if you're dealing with CSS declarations within an HTML document, but is
// not necessary for CSS in isolation.
$config->set('Filter.ExtractStyleBlocks.Escaping', false);
if (get_config('disableexternalresources')) {
$config->set('URI.DisableExternalResources', true);
$customfilters = get_htmlpurifier_custom_filters();
if (!empty($customfilters)) {
$config->set('Filter.Custom', $customfilters);
// Create a new purifier instance
$purifier = new HTMLPurifier($config);
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment