![[site community profile]](https://www.dreamwidth.org/img/comm_staff.png){kind=small}
[dw-free] Class names with "eval" unusable in CSS
[commit: http://hg.dwscoalition.org/dw-free/rev/fc856c03f49d]
http://bugs.dwscoalition.org/show_bug.cgi?id=2133
Add another class for posters / journals with "eval" in their username.
Example: class="poster-medieval" becomes class="poster-medievalb poster-
mediev-l", so that the element can still be targetted without causing the
CSS cleaner to choke on suspect CSS (that looks like Javascript)
Patch by![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png)
rb.
Files modified:
http://bugs.dwscoalition.org/show_bug.cgi?id=2133
Add another class for posters / journals with "eval" in their username.
Example: class="poster-medieval" becomes class="poster-medievalb poster-
mediev-l", so that the element can still be targetted without causing the
CSS cleaner to choke on suspect CSS (that looks like Javascript)
Patch by
rb.Files modified:
- bin/upgrading/s2layers/core2.s2
- cgi-bin/LJ/S2.pm
--------------------------------------------------------------------------------
diff -r 8de9897c370d -r fc856c03f49d bin/upgrading/s2layers/core2.s2
--- a/bin/upgrading/s2layers/core2.s2 Mon Aug 22 16:16:02 2011 +0800
+++ b/bin/upgrading/s2layers/core2.s2 Mon Aug 22 16:26:01 2011 +0800
@@ -928,6 +928,9 @@
function builtin pageview_unique_string () : string
"Returns a unique string for the remote user.";
+function builtin clean_css_classname (string classname) : string
+"Provide a version of a string that's always suitable for classnames, with potentially suspicious words present in original and modified forms.";
+
function builtin alternate (string a, string b) : string
"With each call, this function will alternate between the two values and return one of them.
Useful for making tables whose rows alternate in background color.";
@@ -4787,8 +4790,8 @@
var string poster;
var string journal;
if ($this.journal.journal_type != "I") {
- $poster = "poster-$this.poster.username";
- $journal = "journal-$this.journal.username";
+ $poster = clean_css_classname( "poster-$this.poster.username" );
+ $journal = clean_css_classname( "journal-$this.journal.username" );
}
var string userpic = $this.userpic ? "has-userpic" : "no-userpic";
diff -r 8de9897c370d -r fc856c03f49d cgi-bin/LJ/S2.pm
--- a/cgi-bin/LJ/S2.pm Mon Aug 22 16:16:02 2011 +0800
+++ b/cgi-bin/LJ/S2.pm Mon Aug 22 16:26:01 2011 +0800
@@ -2579,6 +2579,21 @@
return $scratch->{alternate}{"$one\0$two"} ? $one : $two;
}
+sub clean_css_classname
+{
+ my ($ctx, $classname) = @_;
+ my $clean_classname;
+
+ if ($classname =~ /eval/) {
+ $clean_classname = $classname . " ";
+ $classname =~ s/eval/ev-l/g;
+ $clean_classname .= $classname;
+ } else {
+ $clean_classname = $classname;
+ }
+ return $clean_classname;
+}
+
sub set_content_type
{
my ($ctx, $type) = @_;
--------------------------------------------------------------------------------
Congrats!
1) There are significant because the portion of users who waited for this to be fixed and thought it would fall into bug limbo because it's just a small, insignificant, low-priority bug will be ecstatic.
2) I always tell myself fixing the small stuff is important because it lets other devs concentrate on other bugs. Like we're all ants and everybody does its part and it makes us work better as a team. It doesn't mean we can't go from small to bigger and vice-versa but I think it's important there are always people working on all different kinds of bugs.
3) Bug fixed! That's significant in itself. *cheers*
Re: Congrats!
DW is totally the supportive-est place ever!