![[site community profile]](https://www.dreamwidth.org/img/comm_staff.png){kind=small}
[dw-free] Class names with "eval" unusable in CSS
[commit: http://hg.dwscoalition.org/dw-free/rev/fc856c03f49d]
http://bugs.dwscoalition.org/show_bug.cgi?id=2133
Add another class for posters / journals with "eval" in their username.
Example: class="poster-medieval" becomes class="poster-medievalb poster-
mediev-l", so that the element can still be targetted without causing the
CSS cleaner to choke on suspect CSS (that looks like Javascript)
Patch by![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png)
rb.
Files modified:
http://bugs.dwscoalition.org/show_bug.cgi?id=2133
Add another class for posters / journals with "eval" in their username.
Example: class="poster-medieval" becomes class="poster-medievalb poster-
mediev-l", so that the element can still be targetted without causing the
CSS cleaner to choke on suspect CSS (that looks like Javascript)
Patch by
rb.Files modified:
- bin/upgrading/s2layers/core2.s2
- cgi-bin/LJ/S2.pm
--------------------------------------------------------------------------------
diff -r 8de9897c370d -r fc856c03f49d bin/upgrading/s2layers/core2.s2
--- a/bin/upgrading/s2layers/core2.s2 Mon Aug 22 16:16:02 2011 +0800
+++ b/bin/upgrading/s2layers/core2.s2 Mon Aug 22 16:26:01 2011 +0800
@@ -928,6 +928,9 @@
function builtin pageview_unique_string () : string
"Returns a unique string for the remote user.";
+function builtin clean_css_classname (string classname) : string
+"Provide a version of a string that's always suitable for classnames, with potentially suspicious words present in original and modified forms.";
+
function builtin alternate (string a, string b) : string
"With each call, this function will alternate between the two values and return one of them.
Useful for making tables whose rows alternate in background color.";
@@ -4787,8 +4790,8 @@
var string poster;
var string journal;
if ($this.journal.journal_type != "I") {
- $poster = "poster-$this.poster.username";
- $journal = "journal-$this.journal.username";
+ $poster = clean_css_classname( "poster-$this.poster.username" );
+ $journal = clean_css_classname( "journal-$this.journal.username" );
}
var string userpic = $this.userpic ? "has-userpic" : "no-userpic";
diff -r 8de9897c370d -r fc856c03f49d cgi-bin/LJ/S2.pm
--- a/cgi-bin/LJ/S2.pm Mon Aug 22 16:16:02 2011 +0800
+++ b/cgi-bin/LJ/S2.pm Mon Aug 22 16:26:01 2011 +0800
@@ -2579,6 +2579,21 @@
return $scratch->{alternate}{"$one\0$two"} ? $one : $two;
}
+sub clean_css_classname
+{
+ my ($ctx, $classname) = @_;
+ my $clean_classname;
+
+ if ($classname =~ /eval/) {
+ $clean_classname = $classname . " ";
+ $classname =~ s/eval/ev-l/g;
+ $clean_classname .= $classname;
+ } else {
+ $clean_classname = $classname;
+ }
+ return $clean_classname;
+}
+
sub set_content_type
{
my ($ctx, $type) = @_;
--------------------------------------------------------------------------------
no subject
And besides, at least half of DW's awesomeness is in all the many, many, many small improvements we've made. We have a reptuation for being a site that cares about getting all the little details right, and that's a reputation I am very, very proud of. And bugs like this are a part of that! So pat yourself on the back, 'cause YOU MADE A THING and it's a thing people WANT and it will make people HAPPY.
(Also, nobody's programming skill sucks worse than mine. *G* I like to lead by example...)
no subject
It helps a lot that there's so many newbie coders actually, because I know I'd cheer for *you* or anybody else new who did a short patch like this - I'm fairly sure I have in the past - so it's easier to remember that I can deserve it too, y'know? The whole culture of support helps!! yay DW!
no subject
In short, YOU ARE AWESOME. DW IS AWESOME. THE DW COMMUNITY IS AWESOME. THAT IS ALL.
no subject
:)