fu: Close-up of Fu, bringing a scoop of water to her mouth (Default)
fu ([personal profile] fu) wrote in [site community profile] changelog2010-11-15 05:01 am
  • Add Memory
  • Share This Entry

[dw-free] http://bugs.dwscoalition.org/show_bug.cgi?id=3195

[commit: http://hg.dwscoalition.org/dw-free/rev/67727c33900b]

http://bugs.dwscoalition.org/show_bug.cgi?id=3195

Handle a few other CSS tricks.

Patch by [personal profile] fu.

Files modified:
  • cgi-bin/LJ/CleanHTML.pm
  • t/clean-comment.t
--------------------------------------------------------------------------------
diff -r aa701ad5eac3 -r 67727c33900b cgi-bin/LJ/CleanHTML.pm
--- a/cgi-bin/LJ/CleanHTML.pm	Mon Nov 15 12:59:06 2010 +0800
+++ b/cgi-bin/LJ/CleanHTML.pm	Mon Nov 15 13:00:49 2010 +0800
@@ -686,6 +686,26 @@ sub clean
                             if ($remove_positioning) {
                                 $hash->{style} =~ s/margin.*?(?:;|$)//gi;
                                 $hash->{style} =~ s/height\s*?:.*?(?:;|$)//gi;
+                                $hash->{style} =~ s/display\s*?:\s*?none\s*?(?:;|$)//gi;
+
+                                my $too_large = 0;
+                                PADDING: while ( $hash->{style} =~ /padding.*?:\s*?(.*?)(?:;|$)/gi ) {
+                                    my $padding_value = $1;
+
+                                    foreach ( split /\s+/, $padding_value ) {
+                                        next unless $_;
+                                        if ( ( int( $_ )  || 0 ) > 500 ) {
+                                            $too_large = 1;
+                                            last PADDING;
+                                        }
+                                    }
+                                }
+
+                                $hash->{style} =~ s/padding.*?(?:;|$)//gi
+                                    if $too_large;
+                            }
+                            if ($extractlinks) {
+                                $hash->{style} =~ s/url\(.*?\)//gi;
                             }
                         }
 
diff -r aa701ad5eac3 -r 67727c33900b t/clean-comment.t
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/t/clean-comment.t	Mon Nov 15 13:00:49 2010 +0800
@@ -0,0 +1,74 @@
+# -*-perl-*-
+
+use strict;
+use Test::More;
+plan tests => 10;
+
+use lib "$ENV{LJHOME}/cgi-bin";
+require 'ljlib.pl';
+use LJ::CleanHTML;
+
+my $orig_comment;
+my $clean_comment;
+
+my $clean = sub {
+    my $opts = shift;
+
+    LJ::CleanHTML::clean_comment(\$orig_comment, $opts);
+};
+
+# remove various positioning and display rules
+$orig_comment = qq{<span style="display: none; display:none; display : none; display: inline">};
+$clean_comment = qq{<span style="\\s*display: inline\\s*"><\\/span>};
+$clean->({ remove_positioning => 1 });
+ok($orig_comment =~ /^$clean_comment$/, "Removed display:none ($orig_comment)");
+
+$orig_comment = qq{<span style="margin-top: 10px;">};
+$clean_comment = qq{<span style="\\s*"><\\/span>};
+$clean->({ remove_positioning => 1 });
+ok($orig_comment =~ /^$clean_comment$/, "Removed margin ($orig_comment)");
+
+$orig_comment = qq{<span style="height: 150px;">};
+$clean_comment = qq{<span style="\\s*"><\\/span>};
+$clean->({ remove_positioning => 1 });
+ok($orig_comment =~ /^$clean_comment$/, "Removed height");
+
+# handle unreasonably large padding values
+$orig_comment = qq{<span style="padding-top: 9999999px; padding-left: 9999999px; padding-top: 9999999px; padding-bottom: 9999999px"></span>};
+$clean_comment = qq{<span style="\\s*"><\\/span>};
+$clean->({ remove_positioning => 1 });
+ok($orig_comment =~/^$clean_comment$/, "All padding removed. (Multiple rules, all too large)");
+
+$orig_comment = qq{<span style="padding: 999px 999px 999px 999px"></span>};
+$clean_comment = qq{<span style="\\s*"><\\/span>};
+$clean->({ remove_positioning => 1 });
+ok($orig_comment =~/^$clean_comment$/, "All padding removed. (Combined into one rule, all too large)");
+
+$orig_comment = qq{<span style="padding-left: 999px; padding-right: 200px;"></span>};
+$clean_comment = qq{<span style="\\s*"><\\/span>};
+$clean->({ remove_positioning => 1 });
+ok($orig_comment =~/^$clean_comment$/, "All padding removed. (Multiple rules, mixed too large and small enough)");
+
+$orig_comment = qq{<span style="padding: 999px 200px;"></span>};
+$clean_comment = qq{<span style="\\s*"><\\/span>};
+$clean->({ remove_positioning => 1 });
+ok($orig_comment =~/^$clean_comment$/, "All padding removed. (One dimension in a combined rule, mixed too large and small enough)");
+
+$orig_comment = qq{<span style="padding-top: 200px; padding-left: 200px; padding-right: 150px; padding-bottom: 150px;"></span>};
+$clean_comment = qq{<span style="\\s*padding-top: 200px;\\s*padding-left: 200px;\\s*padding-right: 150px;\\s*padding-bottom: 150px;\\s*"><\\/span>};
+$clean->({ remove_positioning => 1 });
+ok($orig_comment =~ /^$clean_comment$/, "Padding not removed; of reasonable size.");
+
+
+# remove background urls from logged out users
+$orig_comment = qq{<span style="background: url('http://www.example.com/example.gif');"></span>};
+$clean_comment = qq{<span style="\\s*background: url\\(&\\#39;http://www.example.com/example.gif&\\#39;\\);\\s*"><\\/span>};
+$clean->();
+ok($orig_comment =~ /^$clean_comment$/, "Background URL not cleaned: logged-in user");
+
+$orig_comment = qq{<span style="background: url('http://www.example.com/example.gif');"></span>};
+$clean_comment = qq{<span style="background:\\s*;\\s*"><\\/span>};
+$clean->({ anon_comment => 1 });
+ok($orig_comment =~ /^$clean_comment$/, "Background URL removed: anonymous comment");
+
+1;
--------------------------------------------------------------------------------