Sanitize url refs in SVG attributes

Add some tests. Sync with latest HTML5lib (includes above sanitization improvements).
2007-10-27 17:34:29 -05:00 · 2007-10-27 17:34:29 -05:00 · 5208bbf0af
commit 5208bbf0af
parent ae82f1be49
28 changed files with 1277 additions and 735 deletions
--- a/vendor/plugins/HTML5lib/lib/html5/sanitizer.rb
+++ b/vendor/plugins/HTML5lib/lib/html5/sanitizer.rb
@ -78,6 +78,9 @@ module HTML5

    ATTR_VAL_IS_URI = %w[href src cite action longdesc xlink:href xml:base]

+    SVG_ATTR_VAL_ALLOWS_REF = %w[clip-path fill filter marker marker-start
+      marker-mid marker-end mask stroke textpath]
+
    ACCEPTABLE_CSS_PROPERTIES = %w[azimuth background-color
      border-bottom-color border-collapse border-color border-left-color
      border-right-color border-top-color clear color cursor direction
@ -120,6 +123,9 @@ module HTML5
                if val_unescaped =~ /^[a-z0-9][-+.a-z0-9]*:/ and !self.class.const_get("ALLOWED_PROTOCOLS").include?(val_unescaped.split(':')[0])
                  attrs.delete attr
                end
+                SVG_ATTR_VAL_ALLOWS_REF.each do |attr|
+                  attrs.delete attr if attrs[attr].to_s.downcase =~ /url\(\s*[^#]/m
+                end
              end
              if attrs['style']
                attrs['style'] = sanitize_css(attrs['style'])