CSS is not stripping out bad css attributes anymore

Bug #1384467 reported by Robert Lyon
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Mahara
Fix Released
High
Son Nguyen
1.10
Fix Released
High
Son Nguyen
15.04
Fix Released
High
Son Nguyen

Bug Description

If I add some custom CSS to a skin that has badly formed css it doesn't strip out the bad lines.

eg:

#footer {
 color: #deface;
 top:cat;
 width: 300px;
 odd:fellow;
}

It used to strip it down to leave the valid lines.

eg:

#footer {
 color: #deface;
 width: 300px;
}

This looks to have been broken with this patch https://reviews.mahara.org/#/c/3846/

Well not broken as such but the $preserve_css should be able to be set via either the site config or directly in the config.php file so that only sites that want to allow things like comments in the css can turn it on rather than it be on by default for the skins.

It still strips out html tags - so that is good

Tags: regression
Revision history for this message
Son Nguyen (ngson2000) wrote :

Hi Robert,

It'd be better to fix this issue as these bad CSS settings should be stripped out

Revision history for this message
Mahara Bot (dev-mahara) wrote : A patch has been submitted for review

Patch for "master" branch: https://reviews.mahara.org/4033

Revision history for this message
Mahara Bot (dev-mahara) wrote : A change has been merged

Reviewed: https://reviews.mahara.org/4033
Committed: http://gitorious.org/mahara/mahara/commit/226dac413b43726b1eea18bce0d52bf1b93d474a
Submitter: Robert Lyon (<email address hidden>)
Branch: master

commit 226dac413b43726b1eea18bce0d52bf1b93d474a
Author: Son Nguyen <email address hidden>
Date: Tue Nov 25 12:26:13 2014 +1300

Allow comments for selectors and properties in CSS. Bug 1384467

This allows all comments of top of CSS selectors
and all inline comments attached to CSS properties

Change-Id: I6d3cd5113ab097caa1736f7dfbdf39566cfb58d6
Signed-off-by: Son Nguyen <email address hidden>

Revision history for this message
Mahara Bot (dev-mahara) wrote : A patch has been submitted for review

Patch for "1.10_STABLE" branch: https://reviews.mahara.org/4136

Revision history for this message
Mahara Bot (dev-mahara) wrote : A change has been merged

Reviewed: https://reviews.mahara.org/4136
Committed: http://gitorious.org/mahara/mahara/commit/1749c22376e3c8eee56904f4f96e1d287a868a13
Submitter: Robert Lyon (<email address hidden>)
Branch: 1.10_STABLE

commit 1749c22376e3c8eee56904f4f96e1d287a868a13
Author: Son Nguyen <email address hidden>
Date: Tue Nov 25 12:26:13 2014 +1300

Allow comments for selectors and properties in CSS. Bug 1384467

This allows all comments of top of CSS selectors
and all inline comments attached to CSS properties

Change-Id: I6d3cd5113ab097caa1736f7dfbdf39566cfb58d6
Signed-off-by: Son Nguyen <email address hidden>

Robert Lyon (robertl-9)
Changed in mahara:
status: Fix Committed → Fix Released
Revision history for this message
Mahara Bot (dev-mahara) wrote : A patch has been submitted for review

Patch for "master" branch: https://reviews.mahara.org/11559

Revision history for this message
Mahara Bot (dev-mahara) wrote :

Patch for "master" branch: https://reviews.mahara.org/11632

Revision history for this message
Mahara Bot (dev-mahara) wrote :

Patch for "master" branch: https://reviews.mahara.org/11633

Revision history for this message
Mahara Bot (dev-mahara) wrote :

Patch for "master" branch: https://reviews.mahara.org/11634

Revision history for this message
Mahara Bot (dev-mahara) wrote : A change has been merged

Reviewed: https://reviews.mahara.org/11634
Committed: https://git.mahara.org/mahara/mahara/commit/3e0fbe5b42069cc6b8498ead84aa3489a88660ea
Submitter: Lisa Seeto (<email address hidden>)
Branch: master

commit 3e0fbe5b42069cc6b8498ead84aa3489a88660ea
Author: Son Nguyen <email address hidden>
Date: Tue Nov 25 12:26:13 2014 +1300

Allow comments for selectors and properties in CSS. Bug 1384467

This allows all comments of top of CSS selectors
and all inline comments attached to CSS properties

Change-Id: I032edf8bbd89a73bdb63bb390aea445f7a33470a

Revision history for this message
Mahara Bot (dev-mahara) wrote : A patch has been submitted for review

Patch for "master" branch: https://reviews.mahara.org/11744

Revision history for this message
Mahara Bot (dev-mahara) wrote :

Patch for "master" branch: https://reviews.mahara.org/11948

Revision history for this message
Mahara Bot (dev-mahara) wrote : A change has been merged

Reviewed: https://reviews.mahara.org/11948
Committed: https://git.mahara.org/mahara/mahara/commit/c317793cec495c9b435d769d22fec6c943c1ff94
Submitter: Robert Lyon (<email address hidden>)
Branch: master

commit c317793cec495c9b435d769d22fec6c943c1ff94
Author: Doris Tam <email address hidden>
Date: Tue Aug 24 15:07:42 2021 +1200

Bug 1940881 - CSSTidy customisation: Allow comments for selectors and properties in CSS.

Bug 1384467 - This allows all comments of top of CSS selectors
and all inline comments attached to CSS properties

Change-Id: I131f9b14f092f02d78a06a7cd99b1a25577c9c12

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.