Skip to content
GitLab
Menu
Projects
Groups
Snippets
/
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
Menu
Open sidebar
mahara
mahara
Commits
37c061d1
Commit
37c061d1
authored
Aug 08, 2016
by
Robert Lyon
Committed by
Gerrit Code Review
Aug 08, 2016
Browse files
Merge "Bug 1602447: Allow ">" in CSS stylesheets"
parents
9a297249
08facc98
Changes
1
Hide whitespace changes
Inline
Side-by-side
htdocs/lib/web.php
View file @
37c061d1
...
...
@@ -3728,7 +3728,8 @@ function clean_html($text, $xhtml=false) {
}
/**
* Like clean_html(), but for CSS!
* Like clean_html(), but for CSS stylesheets! (May not be secure for CSS directly
* in an HTML document a la <style>.)
*
* Much of the code in this function was taken from the sample code in this post:
* http://stackoverflow.com/questions/3241616/sanitize-user-defined-css-in-php#5209050
...
...
@@ -3760,15 +3761,15 @@ function clean_css($input_css, $preserve_css=false) {
$config
->
set
(
'Filter.ExtractStyleBlocks'
,
true
);
$config
->
set
(
'Filter.ExtractStyleBlocks.PreserveCSS'
,
$preserve_css
);
// Prevents "&<>" from being escaped. Escaping those is helpful
// if you're dealing with CSS declarations within an HTML document, but is
// not necessary for CSS in isolation.
$config
->
set
(
'Filter.ExtractStyleBlocks.Escaping'
,
false
);
if
(
get_config
(
'disableexternalresources'
))
{
$config
->
set
(
'URI.DisableExternalResources'
,
true
);
}
$customfilters
=
get_htmlpurifier_custom_filters
();
if
(
!
empty
(
$customfilters
))
{
$config
->
set
(
'Filter.Custom'
,
$customfilters
);
}
// Create a new purifier instance
$purifier
=
new
HTMLPurifier
(
$config
);
...
...
Write
Preview
Supports
Markdown
0%
Try again
or
attach a new file
.
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment