CSS is not stripping out bad css attributes anymore

Bug #1384467 reported by Robert Lyon on 2014-10-22
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Mahara
High
Son Nguyen
1.10
High
Son Nguyen
15.04
High
Son Nguyen

Bug Description

If I add some custom CSS to a skin that has badly formed css it doesn't strip out the bad lines.

eg:

#footer {
 color: #deface;
 top:cat;
 width: 300px;
 odd:fellow;
}

It used to strip it down to leave the valid lines.

eg:

#footer {
 color: #deface;
 width: 300px;
}

This looks to have been broken with this patch https://reviews.mahara.org/#/c/3846/

Well not broken as such but the $preserve_css should be able to be set via either the site config or directly in the config.php file so that only sites that want to allow things like comments in the css can turn it on rather than it be on by default for the skins.

It still strips out html tags - so that is good

Son Nguyen (ngson2000) wrote :

Hi Robert,

It'd be better to fix this issue as these bad CSS settings should be stripped out

Reviewed: https://reviews.mahara.org/4033
Committed: http://gitorious.org/mahara/mahara/commit/226dac413b43726b1eea18bce0d52bf1b93d474a
Submitter: Robert Lyon (<email address hidden>)
Branch: master

commit 226dac413b43726b1eea18bce0d52bf1b93d474a
Author: Son Nguyen <email address hidden>
Date: Tue Nov 25 12:26:13 2014 +1300

Allow comments for selectors and properties in CSS. Bug 1384467

This allows all comments of top of CSS selectors
and all inline comments attached to CSS properties

Change-Id: I6d3cd5113ab097caa1736f7dfbdf39566cfb58d6
Signed-off-by: Son Nguyen <email address hidden>

Reviewed: https://reviews.mahara.org/4136
Committed: http://gitorious.org/mahara/mahara/commit/1749c22376e3c8eee56904f4f96e1d287a868a13
Submitter: Robert Lyon (<email address hidden>)
Branch: 1.10_STABLE

commit 1749c22376e3c8eee56904f4f96e1d287a868a13
Author: Son Nguyen <email address hidden>
Date: Tue Nov 25 12:26:13 2014 +1300

Allow comments for selectors and properties in CSS. Bug 1384467

This allows all comments of top of CSS selectors
and all inline comments attached to CSS properties

Change-Id: I6d3cd5113ab097caa1736f7dfbdf39566cfb58d6
Signed-off-by: Son Nguyen <email address hidden>

Robert Lyon (robertl-9) on 2015-04-17
Changed in mahara:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers