lib/sanitize/css.rb in sanitize-3.1.2 vs lib/sanitize/css.rb in sanitize-4.0.0
- old
+ new
@@ -4,16 +4,10 @@
require 'set'
class Sanitize; class CSS
attr_reader :config
- # Names of CSS at-rules whose blocks may contain properties.
- AT_RULES_WITH_PROPERTIES = Set.new(%w[font-face page])
-
- # Names of CSS at-rules whose blocks may contain style rules.
- AT_RULES_WITH_STYLES = Set.new(%w[document media supports])
-
# -- Class Methods -----------------------------------------------------------
# Sanitizes inline CSS style properties.
#
# This is most useful for sanitizing non-stylesheet fragments of CSS like you
@@ -26,24 +20,68 @@
# @return [String] Sanitized CSS properties.
def self.properties(css, config = {})
self.new(config).properties(css)
end
+ # Sanitizes a full CSS stylesheet.
+ #
+ # A stylesheet may include selectors, at-rules, and comments. To sanitize only
+ # inline style properties such as the contents of an HTML `style` attribute,
+ # use {.properties}.
+ #
+ # @example
+ # css = %[
+ # .foo {
+ # background: url(foo.png);
+ # color: #fff;
+ # }
+ #
+ # #bar {
+ # font: 42pt 'Comic Sans MS';
+ # }
+ # ]
+ #
+ # Sanitize::CSS.stylesheet(css, Sanitize::Config::RELAXED)
+ #
+ # @return [String] Sanitized CSS stylesheet.
def self.stylesheet(css, config = {})
self.new(config).stylesheet(css)
end
+ # Sanitizes the given Crass CSS parse tree and all its children, modifying it
+ # in place.
+ #
+ # @example
+ # css = %[
+ # .foo {
+ # background: url(foo.png);
+ # color: #fff;
+ # }
+ #
+ # #bar {
+ # font: 42pt 'Comic Sans MS';
+ # }
+ # ]
+ #
+ # tree = Crass.parse(css)
+ # Sanitize::CSS.tree!(tree, Sanitize::Config::RELAXED)
+ #
+ # @return [Array] Sanitized Crass CSS parse tree.
def self.tree!(tree, config = {})
self.new(config).tree!(tree)
end
# -- Instance Methods --------------------------------------------------------
# Returns a new Sanitize::CSS object initialized with the settings in
# _config_.
def initialize(config = {})
@config = Config.merge(Config::DEFAULT[:css], config[:css] || config)
+
+ @at_rules = Set.new(@config[:at_rules])
+ @at_rules_with_properties = Set.new(@config[:at_rules_with_properties])
+ @at_rules_with_styles = Set.new(@config[:at_rules_with_styles])
end
# Sanitizes inline CSS style properties.
#
# This is most useful for sanitizing non-stylesheet fragments of CSS like you
@@ -64,11 +102,11 @@
Crass::Parser.stringify(tree)
end
# Sanitizes a full CSS stylesheet.
#
- # A stylesheet may include selectors, @ rules, and comments. To sanitize only
+ # A stylesheet may include selectors, at-rules, and comments. To sanitize only
# inline style properties such as the contents of an HTML `style` attribute,
# use {#properties}.
#
# @example
# css = %[
@@ -97,10 +135,21 @@
# Sanitizes the given Crass CSS parse tree and all its children, modifying it
# in place.
#
# @example
+ # css = %[
+ # .foo {
+ # background: url(foo.png);
+ # color: #fff;
+ # }
+ #
+ # #bar {
+ # font: 42pt 'Comic Sans MS';
+ # }
+ # ]
+ #
# scss = Sanitize::CSS.new(Sanitize::Config::RELAXED)
# tree = Crass.parse(css)
#
# scss.tree!(tree)
#
@@ -152,27 +201,28 @@
# Sanitizes a CSS at-rule node. Returns the sanitized node, or `nil` if the
# current config doesn't allow this at-rule.
def at_rule!(rule)
name = rule[:name].downcase
- return nil unless @config[:at_rules].include?(name)
- if AT_RULES_WITH_STYLES.include?(name)
+ if @at_rules_with_styles.include?(name)
styles = Crass::Parser.parse_rules(rule[:block],
:preserve_comments => @config[:allow_comments],
:preserve_hacks => @config[:allow_hacks])
rule[:block] = tree!(styles)
- elsif AT_RULES_WITH_PROPERTIES.include?(name)
+ elsif @at_rules_with_properties.include?(name)
props = Crass::Parser.parse_properties(rule[:block],
:preserve_comments => @config[:allow_comments],
:preserve_hacks => @config[:allow_hacks])
rule[:block] = tree!(props)
+ elsif @at_rules.include?(name)
+ return nil if rule.has_key?(:block)
else
- rule.delete(:block)
+ return nil
end
rule
end