Problem with filtering some css-style data

18 views
Skip to first unread message

ente...@googlemail.com

unread,
Jul 31, 2008, 5:27:07 AM7/31/08
to cssutils
Dear Mailinglist :-)

I just written for one of my applications a small css-style filter
that filters things like `background-image` from html-tags `style`
attribute to avoid some xss security holes.

The code is pasted here: http://paste.pocoo.org/show/80793/

My problem now is that the output I get is somewhat confusing:
(e.g)
<span style=";&#10;width: 50%;&#10;color: #412313">text2</span>

Any idea where the `&#10` comes from and how can I get a more good
looking output, such as:

<span style="width: 50%;color: #412313">text2</span>


Hope you can help me :)

Regards,
Christopher Grebs

see

unread,
Jul 31, 2008, 3:38:22 PM7/31/08
to cssutils
hi,
you use quite a few private methods so your code might easily break in
the future ;)

A more stable and also simpler function would be (http://
paste.pocoo.org/show/80858/):

def filter_style(css):
if css is None:
return None

# renamed from "sheet" as only a style declaration
style = CSSStyleDeclaration(css)
for property in style:
name = property.name
if not _allowed_properties_re.match(name):
print u"removing %r" % name
del style[name]

# normally style.cssText but there is another method:
return style.getCssText(separator='')

You don't need the special _parse method nor the special serializer
(the only thing you need to keep is the list of allowed properties).

hope this helps

Christof


On Jul 31, 11:27 am, "enteq...@googlemail.com"
Reply all
Reply to author
Forward
0 new messages