![[site community profile]](https://www.dreamwidth.org/img/comm_staff.png){kind=small}
[dw-free] Class names with "eval" unusable in CSS
[commit: http://hg.dwscoalition.org/dw-free/rev/fc856c03f49d]
http://bugs.dwscoalition.org/show_bug.cgi?id=2133
Add another class for posters / journals with "eval" in their username.
Example: class="poster-medieval" becomes class="poster-medievalb poster-
mediev-l", so that the element can still be targetted without causing the
CSS cleaner to choke on suspect CSS (that looks like Javascript)
Patch by![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png)
rb.
Files modified:
http://bugs.dwscoalition.org/show_bug.cgi?id=2133
Add another class for posters / journals with "eval" in their username.
Example: class="poster-medieval" becomes class="poster-medievalb poster-
mediev-l", so that the element can still be targetted without causing the
CSS cleaner to choke on suspect CSS (that looks like Javascript)
Patch by
rb.Files modified:
- bin/upgrading/s2layers/core2.s2
- cgi-bin/LJ/S2.pm
--------------------------------------------------------------------------------
diff -r 8de9897c370d -r fc856c03f49d bin/upgrading/s2layers/core2.s2
--- a/bin/upgrading/s2layers/core2.s2 Mon Aug 22 16:16:02 2011 +0800
+++ b/bin/upgrading/s2layers/core2.s2 Mon Aug 22 16:26:01 2011 +0800
@@ -928,6 +928,9 @@
function builtin pageview_unique_string () : string
"Returns a unique string for the remote user.";
+function builtin clean_css_classname (string classname) : string
+"Provide a version of a string that's always suitable for classnames, with potentially suspicious words present in original and modified forms.";
+
function builtin alternate (string a, string b) : string
"With each call, this function will alternate between the two values and return one of them.
Useful for making tables whose rows alternate in background color.";
@@ -4787,8 +4790,8 @@
var string poster;
var string journal;
if ($this.journal.journal_type != "I") {
- $poster = "poster-$this.poster.username";
- $journal = "journal-$this.journal.username";
+ $poster = clean_css_classname( "poster-$this.poster.username" );
+ $journal = clean_css_classname( "journal-$this.journal.username" );
}
var string userpic = $this.userpic ? "has-userpic" : "no-userpic";
diff -r 8de9897c370d -r fc856c03f49d cgi-bin/LJ/S2.pm
--- a/cgi-bin/LJ/S2.pm Mon Aug 22 16:16:02 2011 +0800
+++ b/cgi-bin/LJ/S2.pm Mon Aug 22 16:26:01 2011 +0800
@@ -2579,6 +2579,21 @@
return $scratch->{alternate}{"$one\0$two"} ? $one : $two;
}
+sub clean_css_classname
+{
+ my ($ctx, $classname) = @_;
+ my $clean_classname;
+
+ if ($classname =~ /eval/) {
+ $clean_classname = $classname . " ";
+ $classname =~ s/eval/ev-l/g;
+ $clean_classname .= $classname;
+ } else {
+ $clean_classname = $classname;
+ }
+ return $clean_classname;
+}
+
sub set_content_type
{
my ($ctx, $type) = @_;
--------------------------------------------------------------------------------
no subject
no subject
no subject
*\o/*
(that's a cheerleader with pompoms you know)
no subject
I keep thinking "YAY!" and then self-censoring and Voice Of Authority says "but it wasn't anything significant, it's only small, your programming still sucks" and then I am practicing sitting on the Voice Of Authority and saying YAY some more :)
no subject
And besides, at least half of DW's awesomeness is in all the many, many, many small improvements we've made. We have a reptuation for being a site that cares about getting all the little details right, and that's a reputation I am very, very proud of. And bugs like this are a part of that! So pat yourself on the back, 'cause YOU MADE A THING and it's a thing people WANT and it will make people HAPPY.
(Also, nobody's programming skill sucks worse than mine. *G* I like to lead by example...)
no subject
It helps a lot that there's so many newbie coders actually, because I know I'd cheer for *you* or anybody else new who did a short patch like this - I'm fairly sure I have in the past - so it's easier to remember that I can deserve it too, y'know? The whole culture of support helps!! yay DW!
no subject
In short, YOU ARE AWESOME. DW IS AWESOME. THE DW COMMUNITY IS AWESOME. THAT IS ALL.
no subject
:)
Congrats!
1) There are significant because the portion of users who waited for this to be fixed and thought it would fall into bug limbo because it's just a small, insignificant, low-priority bug will be ecstatic.
2) I always tell myself fixing the small stuff is important because it lets other devs concentrate on other bugs. Like we're all ants and everybody does its part and it makes us work better as a team. It doesn't mean we can't go from small to bigger and vice-versa but I think it's important there are always people working on all different kinds of bugs.
3) Bug fixed! That's significant in itself. *cheers*
Re: Congrats!
DW is totally the supportive-est place ever!
no subject
mericauthority.no subject
no subject
:)
no subject
A quick google brought up this snippet which also checks for (among others), "behavior", "behaviour", and "expression", which also vaguely ring a bell for "active code in CSS" for me. (See lines 33-34 for more ideas - check against CSS cleaner.)
If those are also stripped, then poor users like "expression" or "badbehavior" will also have problems with CSS classes and will require a similar workaround/fix.
no subject
no subject