Allow bdi and main elements and auto value of dir attribute #990
Conversation
…date attributes unicode-bidi,caret-color
…oji,math,fangsong
| @@ -206,8 +215,8 @@ public class ElementInfo { | |||
| "nth-last-child", | |||
| "nth-of-type", | |||
| "nth-last-of-type", | |||
| "link", | |||
| "visited", | |||
| "link", // inverse of visited, probably should be blocked? | |||
There was a problem hiding this comment.
EDIT: you’re right. This needs to be added into the BANNED_PSEUDOCLASS. It’s less effective than visited, because it can only check for not existing pages, but still too much access to history. Good catch!
There was a problem hiding this comment.
A future improvement to keep pages working could be to transparently rewrite "link" to "any-link". But that may be beyond the scope of this PR (no need to fix everything in one step).
| "empty", | ||
| "enabled", | ||
| "focus-visible", | ||
| "dir", |
There was a problem hiding this comment.
is dir necessary here? We already have a dedicated parsing rule for it. If it is: please add a test that fails without your change.
| "target", | ||
| "any-link", | ||
| "default", | ||
| "defined", |
There was a problem hiding this comment.
we do not have custom element support (it requires javascript), so defined does not make sense. Please remove it.
There was a problem hiding this comment.
Remove it or add it into the BANNED_PSEUDOCLASS?
There was a problem hiding this comment.
BANNED_PSEUDOCLASS is better: CSSTokenizerFilter::HTMLElementVerifier defines that as banned (but otherwise valid) selector.
| "enabled", | ||
| "focus-visible", | ||
| "dir", | ||
| "indeterminate", |
There was a problem hiding this comment.
also only used for forms. Maybe split up the rules to have a dedicated set of rules for forms (for easier understanding of the meaning of these rules)?
| public static boolean isColor(String value) | ||
| { | ||
| value=value.trim(); | ||
| value=value.trim().toLowerCase(); |
There was a problem hiding this comment.
good catch! (feel free to mark this resolved once you read it ☺)
| public void testInvalidColors() { | ||
| assertFalse(FilterUtils.isColor("rgb(0.1 0.2 0.3)")); | ||
| assertFalse(FilterUtils.isColor("rgb(/)")); | ||
| assertFalse(FilterUtils.isColor("#ABCDEFGH")); |
There was a problem hiding this comment.
can you add more color-tests? switching to regexes usually needs tests for edge-cases.
|
This is a neat addition, but the added elements still need tests. I know that these can be annoying to write, since they feel obvious, but the last two times I omitted them and Bombe reminded me with an ENOTEST, one of those would have actually shown a bug (that luckily got found before merging when I added the test Bombe had requested). ⇒ please do test. These filters are critical for safe operation in browsers that may query into the clearnet on errors here. |
https://developer.mozilla.org/en-US/docs/Web/HTML/Element/bdi
https://developer.mozilla.org/en-US/docs/Web/HTML/Element/main
https://developer.mozilla.org/en-US/docs/Web/HTML/Global_attributes/dir