![[site community profile]](https://www.dreamwidth.org/img/comm_staff.png){kind=small}
[dw-free] Class names with "eval" unusable in CSS
[commit: http://hg.dwscoalition.org/dw-free/rev/fc856c03f49d]
http://bugs.dwscoalition.org/show_bug.cgi?id=2133
Add another class for posters / journals with "eval" in their username.
Example: class="poster-medieval" becomes class="poster-medievalb poster-
mediev-l", so that the element can still be targetted without causing the
CSS cleaner to choke on suspect CSS (that looks like Javascript)
Patch by![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png)
rb.
Files modified:
http://bugs.dwscoalition.org/show_bug.cgi?id=2133
Add another class for posters / journals with "eval" in their username.
Example: class="poster-medieval" becomes class="poster-medievalb poster-
mediev-l", so that the element can still be targetted without causing the
CSS cleaner to choke on suspect CSS (that looks like Javascript)
Patch by
rb.Files modified:
- bin/upgrading/s2layers/core2.s2
- cgi-bin/LJ/S2.pm
--------------------------------------------------------------------------------
diff -r 8de9897c370d -r fc856c03f49d bin/upgrading/s2layers/core2.s2
--- a/bin/upgrading/s2layers/core2.s2 Mon Aug 22 16:16:02 2011 +0800
+++ b/bin/upgrading/s2layers/core2.s2 Mon Aug 22 16:26:01 2011 +0800
@@ -928,6 +928,9 @@
function builtin pageview_unique_string () : string
"Returns a unique string for the remote user.";
+function builtin clean_css_classname (string classname) : string
+"Provide a version of a string that's always suitable for classnames, with potentially suspicious words present in original and modified forms.";
+
function builtin alternate (string a, string b) : string
"With each call, this function will alternate between the two values and return one of them.
Useful for making tables whose rows alternate in background color.";
@@ -4787,8 +4790,8 @@
var string poster;
var string journal;
if ($this.journal.journal_type != "I") {
- $poster = "poster-$this.poster.username";
- $journal = "journal-$this.journal.username";
+ $poster = clean_css_classname( "poster-$this.poster.username" );
+ $journal = clean_css_classname( "journal-$this.journal.username" );
}
var string userpic = $this.userpic ? "has-userpic" : "no-userpic";
diff -r 8de9897c370d -r fc856c03f49d cgi-bin/LJ/S2.pm
--- a/cgi-bin/LJ/S2.pm Mon Aug 22 16:16:02 2011 +0800
+++ b/cgi-bin/LJ/S2.pm Mon Aug 22 16:26:01 2011 +0800
@@ -2579,6 +2579,21 @@
return $scratch->{alternate}{"$one\0$two"} ? $one : $two;
}
+sub clean_css_classname
+{
+ my ($ctx, $classname) = @_;
+ my $clean_classname;
+
+ if ($classname =~ /eval/) {
+ $clean_classname = $classname . " ";
+ $classname =~ s/eval/ev-l/g;
+ $clean_classname .= $classname;
+ } else {
+ $clean_classname = $classname;
+ }
+ return $clean_classname;
+}
+
sub set_content_type
{
my ($ctx, $type) = @_;
--------------------------------------------------------------------------------