From 38e0f814c3c9b672d7d5757d721c6a9786deed91 Mon Sep 17 00:00:00 2001 From: Ivo Julca Date: Wed, 2 Aug 2017 09:18:44 -0500 Subject: [PATCH] Implement MEDIA_QUERY sanitization for HTML attributes and whitelist --- .../caja/lang/html/html5-attributes-whitelist.json | 11 ++++------- src/com/google/caja/plugin/html-sanitizer.js | 6 ++++++ 2 files changed, 10 insertions(+), 7 deletions(-) diff --git a/src/com/google/caja/lang/html/html5-attributes-whitelist.json b/src/com/google/caja/lang/html/html5-attributes-whitelist.json index 4fe3bee9..69ecea8f 100644 --- a/src/com/google/caja/lang/html/html5-attributes-whitelist.json +++ b/src/com/google/caja/lang/html/html5-attributes-whitelist.json @@ -93,7 +93,10 @@ "PROGRESS::VALUE", "CANVAS::WIDTH", "VIDEO::WIDTH", - "TEXTAREA::WRAP" + "TEXTAREA::WRAP", + "A::MEDIA", + "AREA::MEDIA", + "SOURCE::MEDIA" ], "denied": [ @@ -226,12 +229,6 @@ "comment": "TODO(kpreid): need to be non-rewritten URIs" }, { "key": "HTML::MANIFEST", "comment": "TODO(kpreid): further review" }, - { "key": "A::MEDIA", - "comment": - "TODO(kpreid): Implement MEDIA_QUERY atype sanitization FOR THESE 3" - }, - "AREA::MEDIA", - "SOURCE::MEDIA", { "key": "FIELDSET::NAME", "comment": "TODO(kpreid): further review" }, { "key": "DIALOG::OPEN", diff --git a/src/com/google/caja/plugin/html-sanitizer.js b/src/com/google/caja/plugin/html-sanitizer.js index ee82ec91..243b98f4 100644 --- a/src/com/google/caja/plugin/html-sanitizer.js +++ b/src/com/google/caja/plugin/html-sanitizer.js @@ -963,6 +963,12 @@ var html = (function(html4) { log(opt_logger, tagName, attribName, oldValue, value); } break; + case html4.atype['MEDIA_QUERY']: + value = 'undefined' === typeof lexCss ? null : sanitizeMediaQuery(lexCss(value)); + if (opt_logger) { + log(opt_logger, tagName, attribName, oldValue, value); + } + break; case html4.atype['URI']: value = safeUri(value, getUriEffect(tagName, attribName),