Problem with filtering some css-style data

Skip to first unread message

Jul 31, 2008, 5:27:07 AM7/31/08
to cssutils
Dear Mailinglist :-)

I just written for one of my applications a small css-style filter
that filters things like `background-image` from html-tags `style`
attribute to avoid some xss security holes.

The code is pasted here:

My problem now is that the output I get is somewhat confusing:
<span style=";&#10;width: 50%;&#10;color: #412313">text2</span>

Any idea where the `&#10` comes from and how can I get a more good
looking output, such as:

<span style="width: 50%;color: #412313">text2</span>

Hope you can help me :)

Christopher Grebs


Jul 31, 2008, 3:38:22 PM7/31/08
to cssutils
you use quite a few private methods so your code might easily break in
the future ;)

A more stable and also simpler function would be (http://

def filter_style(css):
if css is None:
return None

# renamed from "sheet" as only a style declaration
style = CSSStyleDeclaration(css)
for property in style:
name =
if not _allowed_properties_re.match(name):
print u"removing %r" % name
del style[name]

# normally style.cssText but there is another method:
return style.getCssText(separator='')

You don't need the special _parse method nor the special serializer
(the only thing you need to keep is the list of allowed properties).

hope this helps


On Jul 31, 11:27 am, ""
Reply all
Reply to author
0 new messages