-
Notifications
You must be signed in to change notification settings - Fork 208
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Allow bdi and main elements and auto value of dir attribute #990
base: next
Are you sure you want to change the base?
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This looks reasonable but please do add a test for this. The bare minimum would be something like / an extension to what is introduced in
8d12ea0
…date attributes unicode-bidi,caret-color
…oji,math,fangsong
@@ -206,8 +215,8 @@ public class ElementInfo { | |||
"nth-last-child", | |||
"nth-of-type", | |||
"nth-last-of-type", | |||
"link", | |||
"visited", | |||
"link", // inverse of visited, probably should be blocked? |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
EDIT: you’re right. This needs to be added into the BANNED_PSEUDOCLASS. It’s less effective than visited, because it can only check for not existing pages, but still too much access to history. Good catch!
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
A future improvement to keep pages working could be to transparently rewrite "link" to "any-link". But that may be beyond the scope of this PR (no need to fix everything in one step).
"empty", | ||
"enabled", | ||
"focus-visible", | ||
"dir", |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
is dir necessary here? We already have a dedicated parsing rule for it. If it is: please add a test that fails without your change.
"target", | ||
"any-link", | ||
"default", | ||
"defined", |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
we do not have custom element support (it requires javascript), so defined does not make sense. Please remove it.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Remove it or add it into the BANNED_PSEUDOCLASS?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
BANNED_PSEUDOCLASS is better: CSSTokenizerFilter::HTMLElementVerifier defines that as banned (but otherwise valid) selector
.
"enabled", | ||
"focus-visible", | ||
"dir", | ||
"indeterminate", |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
also only used for forms. Maybe split up the rules to have a dedicated set of rules for forms (for easier understanding of the meaning of these rules)?
public static boolean isColor(String value) | ||
{ | ||
value=value.trim(); | ||
value=value.trim().toLowerCase(); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
good catch! (feel free to mark this resolved once you read it ☺)
public void testInvalidColors() { | ||
assertFalse(FilterUtils.isColor("rgb(0.1 0.2 0.3)")); | ||
assertFalse(FilterUtils.isColor("rgb(/)")); | ||
assertFalse(FilterUtils.isColor("#ABCDEFGH")); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
can you add more color-tests? switching to regexes usually needs tests for edge-cases.
This is a neat addition, but the added elements still need tests. I know that these can be annoying to write, since they feel obvious, but the last two times I omitted them and Bombe reminded me with an ENOTEST, one of those would have actually shown a bug (that luckily got found before merging when I added the test Bombe had requested). ⇒ please do test. These filters are critical for safe operation in browsers that may query into the clearnet on errors here. |
https://developer.mozilla.org/en-US/docs/Web/HTML/Element/bdi
https://developer.mozilla.org/en-US/docs/Web/HTML/Element/main
https://developer.mozilla.org/en-US/docs/Web/HTML/Global_attributes/dir